Fast recovery is now a critical component of modern data security

By Darren Thomson, Field CTO EMEAI, Commvault.

  • 1 week ago Posted in

Too many businesses today have a false sense of security when it comes to their data, and sadly, cyber criminals are only too happy to take advantage of it.

These businesses have often spent significant amounts of time and money building up solid frontline cyber defences, and a lot of them have done a good job of it too. However, in the modern cybersecurity landscape, it’s increasingly a case of when, not if, cybercriminals successfully breach these defences, and this is where businesses are coming unstuck. Despite creating impressive perimeter defences, they’ve invested far less in preparing for what to do when an attack eventually does get through.

Criminals aren’t waiting around for potential victims to realise this either. Perpetrators of cyber-crime are infamous for their relentless nature, as well as their willingness to embrace new technology and attack vectors, so it’s no surprise to see the use of tools like ChatGPT becoming more and more prevalent in modern cyberattacks.

The impact of a successful breach is only getting worse as well. Not only can it cripple business operations for days, weeks, or even months, but it can cause irreparable reputational damage and incur costly regulatory fines if deemed preventable.

With all this in mind, it’s crucial that businesses shift their thinking away from solely trying to keep criminals out and spend more time formulating a strategy that will enable them to quickly and securely recover from a cyber incident.

Perimeter defences aren’t enough in isolation

For many years, businesses running on-premises infrastructure were able to keep their data safe by simply restricting the number of access points and making sure those that did exist were effectively protected. This, coupled with a robust backup system to prevent disruption in the event of power cuts etc, was often enough to keep them up and running without major incident.

However, the business and IT landscape has changed significantly in recent years, posing much greater data challenges as a result. Chief amongst these is the rise of cloud technology, which has rendered perimeter security all but obsolete when used in isolation. As the number of digital applications continues to explode, IT environments are becoming more complex and far-reaching than ever before.

According to a recent study, employees today will regularly use more than 35 different software tools over the course of a day, making it extremely difficult to track and protect sensitive data and IP as it passes in and out of the cloud, via dozens of different apps.

To combat these security challenges, companies must run more resilient IT operations, but also make sure they are fully prepared for a breach, instead of just hoping one doesn’t happen. Central to this is ensuring backup data is effectively protected. Then, when the inevitable attack happens, they will have the ability to respond and recover quickly, saving themselves and their customers from costly disruption and reputational damage.

Data backup no longer offers the peace of mind it once did

The cybersecurity market has exploded in the last few years, with Gartner projecting total spending to reach over $212 billion in 2025, an increase of 15.1% from 2024. Despite this huge growth, only a small fraction of the market is focused on cyber recovery at present.

In the past, data recovery was a relatively straightforward affair. In the event of an outage or disruption, businesses could just locate their latest backup and be back up and running in a matter of minutes. But what happens when hackers infiltrate that backup data — as is increasingly the case? And how do companies know whether or not infected data is being replicated in their backups? These factors make cyber recovery much more difficult.

Despite most cyberattacks seeming like spontaneous acts, the truth is that many of them are planned for months and carefully executed for maximum damage. According to a recent IBM data security report, it takes an average of 277 days for businesses to find and report a data breach, meaning bad actors can remain undetected in systems for months, planting ransomware and infiltrating backup systems. In fact, 93% of ransomware attacks are now targeted at backup repositories, to prevent companies using them in the future.

Integrating cyber recovery into a robust security strategy is critical

With all this in mind, what can businesses do to regain the upper hand in the battle against cybercriminals?

Historically, businesses wanting a secure place to restore to after an attack would have to build their own dark site, which is not only expensive but also an extremely complex undertaking. Alternatively, they would store backups at various locations in the cloud and hope that at least one would escape the attention of bad actors in the event of an attack (which obviously isn’t an ideal approach).

Fortunately, there are far better options available. For example, companies can invest in underlying platforms that make it easier and cheaper to build secure backup environments and test them. Then, in the event of an incident, businesses can get back online much faster.

Meanwhile, companies serious about protecting their backup data should adopt what’s called the “3, 2, 1” strategy. Under that plan, companies store three copies of their data. At least two of those repositories should be kept in separate locations. Of those two, one of those should be “air gapped” —

separate and secure in the cloud, in an offline centre that only a handful of credentialed employees can access.

That way, when the CISO determines that a cyber event is underway and sounds the alarm, the teams in charge of recovery have a secure environment to back up to. This clean repository is also valuable for validation purposes, particularly when the team conducts an audit — typically a twice-a-year review of all the IT systems to detect any abnormalities and ensure the company is complying with any cybersecurity regulations.

The cyber threat landscape has evolved significantly over the last few years, meaning any organisation still relying on decade-old philosophies like perimeter defence and monthly backups is in for a major shock in the event of a breach. Modern defence requires a much bigger focus on recovery, not just prevention, with robust process and technology put in place that enable security teams to get the business back online as quickly as possible should the worst happen. While it may be impossible to prevent breaches from happening today, with the right protection in place, they don’t have to spell disaster for you and your business.

By Oliver Feiler, Head of Global Alliances and Strategic Partnerships EMEA, Nozomi Networks and...
By David Higgins, EMEA Technical Director at CyberArk.
By Manuel Sanchez, Information Security and Compliance Specialist, iManage.
Anita Mavridis, VP of Product at Zivver, and Sue Musumeci, Director of Quality & Clinical...
By Danny Lopez, CEO of Glasswall.
Nadir Izrael, Co-Founder and CTO at Armis discusses the importance of critical infrastructure...
By Darren Thomson, Field CTO EMEAI at Commvault.