In the organizational IT environment, system and data backup is crucial. Data backup is the last defense against downtime if data is corrupted or lost. It is not a proactive defense like a firewall or endpoint detection response (EDR), but it does help to prevent data from disappearing completely.
Take, for example, the Toyota system outage that occurred for over 36 hours in Aug 20231, or when Google deleted customer’s data in error in May 20242. Last year, In 2023, a news story emerged from Hong Kong about an organization that fell victim to ransomware and saw its system completely paralyzed. The best course of action was to back up and restore instead of succumbing to the hackers' ransom demand. However, even after 3 days, the organization had not fully recovered its entire system, including its email system. This delay indicates that there may have been issues with the backup process, as it took longer than 72 hours to fully restore the email system. This organization’s prolonged recovery time underscores the critical need for a robust and regularly tested backup strategy, ensuring that business continuity is not compromised in the event of system failures. These examples demonstrate that organizations often overlook data backup and neglect the importance of conducting drill tests.
Some organizations may have a false impression that the backup solution is enough and believe the solution will save them in the event of a disaster. They overlook the recovery procedure and may introduce failure in the process. Organizations must establish effective data backup procedures and regularly conduct drill tests to ensure the safety and security of their data.
The Value of 3-2-1
In recent years, backup solutions have significantly matured. While tape backups were popular in the past, many organizations now rely on cloud-based backups. Enterprise characteristics mainly determine backup density, yet 90% of enterprises follow the 3-2-1 backup strategy: 3 backups are kept on 2 different storage media and 1 is stored off-site. This strategy effectively prevents the loss of backups due to fire, simultaneous impact from strong magnetic fields, or other physical attacks. Notably, If one storage medium is damaged, the two backups can still provide effective coverage for each other.
In the organizational IT environment, system and data backup is crucial. Data backup is the last defense against downtime if data is corrupted or lost.
Setting up the 3-2-1 strategy is not overly complicated; most administrators will follow through or seek help from service providers when deploying this strategy. It is worth noting that backing up data is just one step toward ensuring data safety. To ensure complete protection for organizational data, conducting ongoing timed exercises, such as drill testing, alongside regular cloud backups is crucial. As a final safeguard against permanent data loss, ensuring these components function as expected becomes paramount for enterprises. Surprisingly, many enterprises have not yet adopted this essential practice. This could be due to budget concerns from upper management, or management teams unaware of the strategy as the last line of defense and the key to saving valuable organizational data when cyberattacks occur.
In recent years, many enterprises have embraced cloud backup as a viable option. Some have even adopted dual-cloud mutual backup to address any potential issues with one cloud storage provider by having another as a backup. Cloud backup also serves as an offsite solution, eliminating the need for regularly changing discs and tapes and transporting them away from the organization. Moreover, improvements in network broadband and enhanced support for cloud storage solutions have enabled cloud backups to gain significant popularity. Last year, I spoke with a client who conducted a successful drill test using a cloud storage environment, which yielded impressive results. This client’s achievement serves as a compelling testament to the value of integrating modern technologies into cybersecurity strategies, emphasizing the pivotal role that cloud storage plays in safeguarding critical data.
Supplement With Drill Testing
In my many years of auditing and service provision, I have encountered a common issue: although an organization had set a specific number of drill tests to be conducted annually, it was discovered after an incident that these tests had not been conducted as required. Subsequently, during audits, either no relevant drill test records were found in the system, or no drill test reports could be produced. Such gaps in drill test documentation pose significant risk during audits, potentially leading to compliance issues, increased vulnerability, and a lack of confidence in the organization’s data protection measures.
Many cyberprofessionals underestimate the importance of drill testing due to their high confidence in backup reliability. Performing a drill test requires some effort, including selecting and extracting data or systems for the exercise, restoring it, and validating its integrity. However, this is also a requirement for daily backups, which can become counterproductive if they fail to deliver as expected during a crisis. Not only does this hinder proper disaster recovery, but it also diverts valuable time that should be dedicated to executing an effective recovery plan.
To validate a backup plan, conducting a drill test is essential. The drill test plan simulates partial or complete system failure scenarios, allowing the organization to assess whether data recovery alone suffices or if system recovery is necessary. This ensures that the backup design meets requirements and yields the expected results. Tailoring the backup solution to the specific needs of the enterprise is essential, including considerations such as backup frequency, destination, and schedule. If you backup to the cloud or other sites, you also need to consider whether the bandwidth can support the huge volume of data transmission.
Furthermore, cloud backups can also conduct drill tests in additional cloud resources, as a result, no pressure is placed on the limited resources in the IT infrastructure or testing lab. Once the drill testing is finished, the cloud restore can be dismissed completely. Organizations that view drill tests as mere timed exercises might place excessive trust in backup solution vendors, overlooking the value these tests provide when presenting to C-level executives. Therefore, organizations must recognize drill tests not just as routine protocol, but as critical evaluations that can reveal actionable insights, drive strategic decisions, and bolster overall resilience
Conclusion
Organizations must remember that even in a world increasingly reliant on sophisticated technology, the fundamentals of business continuity planning remain indispensable. Regularly testing your disaster recovery plan, particularly your cloud backup and restoration procedures, is not merely a box to be ticked, but a strategic imperative that organizations must prioritize. To this end, Conducting regular drills compels organizations to confront and address potential weaknesses in their business continuity plans before a real crisis hits. This proactive approach demonstrates a strong commitment to accountability, assuring stakeholders such as customers, employees, and investors that their interests are safeguarded.
Just as importantly, consistent testing fosters a culture of preparedness. By simulating a variety of disaster scenarios, organizations can refine their response procedures, ensuring their teams are well trained, their systems are resilient, and their operations can resume swiftly and efficiently when disaster strikes.
In today's interconnected world, the ability to adapt and recover quickly is not merely good business practice—it is essential for an organization's survival.
Endnotes
1 Adshead, A.; “Toyota Car Plant Outage Shows Database Capacity Planning Is Vital,” Computer Weekly, 20 September 2023
2 Abhijeet, K.; “Google Cloud Accidentally Deletes $125 Billion Australian Pension Fund,” Business Standard, 18 May 2024
Yuman Chau
Has an MBA and MSc in Information Security, an MScSoc in Media Management, and an MA in Chinese. Chau is a certified expert in the field, boasting a suite of prestigious certifications including CISSP, CHFI, CISA, CISM, CRISC, and ISO27001 Senior Lead Auditor, complemented by project management and process improvement qualifications such as PMI-PMP, PMI-ACP, PMI-PBA, ITIL, and Prince2. He has extensive knowledge spanning IT infrastructure, cloud computing, cybersecurity, the Internet of Things (IoT), auditing, helpdesk operations, project management, and Agile methodologies. Chau is also a lecturer in Cybersecurity.
