Data breaches, hacks, other forms of cybercrime such as malware and phishing remain hot topics. Last time, we wrote about the impact a hack can have on your organization and how Security-as-a-Service can help. Fortunately, more and more organizations now recognize the urgency and importance of good cybersecurity. But what happens to your data if it does go wrong? How quickly can you restore them and is your backup even secure? Today we take a closer look at this aspect.
Why backups remain important
Backing up cloud solutions: two misconceptions
Let’s start with the two biggest misconceptions about backups, especially of backups of cloud solutions such as Microsoft 365. It is still often thought that with such a SaaS service, the provider, in this case Microsoft, is responsible for backup and that it is included in the subscription.
Backups are a joint responsibility
The first is partially true: It is true that Microsoft makes backups. Of the service, so that if there are problems they can get back on the air quickly and continue to make available to you the services you are paying for. However, for all data within your Microsoft 365 environment, such as SharePoint Online, Teams or OneDrive, you as an organization are responsible for backing up.
The second part, which includes backup in the subscription, is also only partially true. Microsoft’s backups of the service are indeed included. Basic recovery options, such as version control and being able to recover deleted files, are also included.
But this is a bit different from backing up all your data, in case something happens to your environment that makes it inaccessible, and especially when it happens outside Microsoft’s control. Consider a ransomware attack where your data is encrypted until you pay, or a situation where all data is deleted.
Backup of data stored elsewhere
In short, as an organization, you cannot rely solely on what is included in your subscription for Microsoft 365. And this also applies to data from other cloud applications and solutions. In addition, you may have data on your own servers, or in a private cloud. So backing up and keeping track of your data is crucial. Make sure you agree on this jointly with your IT partner in an SLA, so you know your backups are in order.
Losing and restoring data costs a lot of money and time
Accenture research on the cost of cybercrime in 2019 suggests that the cost of lost data is by far the largest. IBM sees the cost of a data breach rising 2.6% in 2022 to an average of more than $4.3 million, and that increase continues year on year. Insurer Aon says only 15% of those costs are covered by insurance, if you have it at all. Ponemon sees that more than half of data breaches are caused by malware and that it takes an average of 280 days to identify and resolve a data breach.
In short, a data breach is often caused by a cyber attack, they take a long time to resolve, they cost a lot of money and you have little or no insurance for them.
SMEs extra vulnerable
According to Microsoft, 1 in 3 of all security attacks in the U.S. target small and medium-sized businesses. Of the 300% increase in ransomware attacks last year, more than 50% targeted small businesses. Small and medium-sized businesses, while facing similar threats as large organizations, often do not have the same protection. This can sometimes have disastrous consequences. For example, 61% of small businesses facing a cyberattack were unable to perform operations. Adding that the average cost of a data breach for U.S. SMBs was about $108,000. That’s why it makes financial sense even for small businesses to invest in security upfront.
How a good backup strategy helps you recover data quickly and relatively inexpensively
A good backup strategy means that you don’t just pick a backup solution and hope that it will help you should you become a victim of an attack. Part of the strategy is not only the solution itself, but also what data you will be backing up. In the process, categorizing data is indispensable. For example, ask yourself questions like:
- What data is indispensable for daily operations? How long can I continue working when this data is not accessible?
- What data contains sensitive information? For example, financial data, customer and employee data, or information that could benefit competitors.
- What are the consequences if this data is lost or inaccessible for an extended period of time?
- Suppose my environment is hacked, is my backup safe?
- When you have this insight, you also know what your backup solution should look like. For an increasing number of organizations, they come to a virtual standstill if the important data is not available. Quick recovery of that data is then crucial to get back on the air as soon as possible.
Know where your backup is
If you write your backup away within your own environment, domain or network, chances are that in the event of an attack, that backup will also be compromised. And so then that backup is worth little more, which explains why the resolution time is often still months rather than days or even hours. One way to counter this is to segment your network.
A now common saying of many backup and data recovery specialists is for good reason: one backup is no backup. Make sure you have multiple backups in multiple places, at least one of which is outside your own environment, so you can fall back on that.
Based on the categorization of data, you can then determine which backup should contain which data. The more data, the longer it takes to back up, but also the longer it takes to restore and the more storage you need in the various locations. Although the solutions are also getting smarter and smarter, and you can only have changes written out, for example.
Have we inspired you to take a hard look at your backup strategy and situation? We have the knowledge and expertise to provide you with sound advice and the best fitting solution, so be sure to contact us!
Waar lopen bedrijven met een magazijn tegenaan op ICT-gebied?
Door processen binnen logistieke organisaties in toenemende mate te digitaliseren, wordt de weg vrijgemaakt voor automatisering...
What can you expect from Windows 11?
After six years of Windows 10, Microsoft has now announced OS Windows 11. The rollout plan for the upgrade is still being finalized and is expected by the end of 2