Rethinking data resilience on World Backup Day 2024

World Backup Day, celebrated annually on 31 March, serves as a critical reminder for businesses and individuals to ensure their data is securely backed up. However, experts argue that mere backups are no longer sufficient in today's increasingly volatile cyber landscape. Anthony Spiteri, Regional CTO for APJ at Veeam, and James Finlay, Lead Director of Incident Response at Coveware by Veeam, emphasise the importance of developing comprehensive data resilience strategies to safeguard against cyber threats.

Anthony Spiteri explains that when World Backup Day was established in 2011, backups were predominantly viewed as a passive security measure, akin to an insurance policy for data protection. However, over the past decade, cybercriminals have evolved their strategies, increasingly targeting backups in ransomware attacks. This necessitates a shift from traditional backup frameworks to more robust data resilience strategies.

Spiteri highlights the critical components necessary for effective data resilience today, which include implementing immutable backups, automated threat detection, and rapid recovery capabilities. He notes that 87% of ransomware attacks in the last quarter of 2024 involved data exfiltration, underscoring the importance of protecting backups from alteration or deletion. Cyber resilience is now essential for any business seeking to avoid operational downtime, reputational damage, and financial loss.

From a compliance perspective, James Finlay discusses how new laws, such as the Australian Cyber Security Act, are intensifying the necessity for robust backup strategies. This legislation mandates businesses with over AUD $3 million turnover to report ransomware payments, aiming to increase transparency and discourage payouts. Doing so can subject businesses to further regulatory scrutiny, making the need to avoid ransom situations paramount.

Finlay advocates for comprehensive backup strategies that go beyond mere compliance, integrating routine testing and advanced security measures such as data encryption and endpoint security. The evolving legal landscape, coupled with growing cyber threats, means that backup and recovery solutions must adapt to ensure long-term business continuity.

Other industry experts are echoing these sentiments. Pawel Staniec, CTO at Catalogic, notes that advancements in AI and virtualisation within Kubernetes environments are reshaping backup approaches, necessitating a blend of traditional and modern strategies. He argues that cloud-native data protection solutions have become essential components in securing the long-term viability of containerised environments.

Gal Naor, CEO of StorONE, and Aron Brand, CTO of CTERA, both call for a reevaluation of backup storage solutions. Naor suggests hybrid storage solutions, which bring a cost-effective balance between performance and long-term data retention, favouring tiered storage systems over all-flash infrastructure to prevent excessive spending. Meanwhile, Brand champions cyberstorage—storage systems that are inherently protected against cyber threats—as a modern necessity, arguing for continuous data protection and instant recovery capabilities.

Lastly, Mitch Seigle, CMO at Spectra Logic, highlights the role of tape technology in enhancing data protection strategies. Despite advancements in cyber security tools, he asserts that tape offers an additional security layer due to its ability to create air gaps, thereby physically isolating data from online threats. This strategic combination of security measures provides organisations with their best defence against evolving cyber threats.

As World Backup Day approaches, it presents a crucial opportunity for organisations to reassess their data protection strategies and ensure they are prepared to thwart future cyber threats. A comprehensive approach to cyber resilience, combining traditional backup methods with modern, proactive security measures, is essential for safeguarding data integrity and ensuring business continuity.