Back to Basics: Why 2021 Needs to Be All About Backup

Back to Basics: Why 2021 Needs to Be All About Backup

By JG Heithcock, General Manager of Retrospect, a StorCentric Company, contributing to the #BUDRInsightJam. 

This year, organizations have been busy responding to the rapid shift to remote work and the cyber risks from bad actors using the pandemic as a catalyst to continue carrying out their crimes. Across private and public sectors, there was an onslaught of phishing, malware distribution, false domain names, and other attacks on teleworking infrastructure as teams quickly pivoted to remote working. 

This attack strategy poses a huge risk to businesses everywhere. Indeed, data from Verizon shows that 80% of security incidents are caused by phishing attacks and that email is the top way it is delivered. Not only do businesses need to optimize their remote working solutions, but they also need to ensure their employees are aware of the threats coming into their inboxes every day. This will remain a key consideration for any organization that maintains the option of home working into 2021 and beyond. 

Research from Global Workplace Analytics underlines the developing trends — they estimate that by the end of 2021, 25-30% of the workforce will be working at home multiple days per week. Corporations around the world have announced both short- and long-term changes in working practices to safeguard their teams, and many businesses are now permanent converts to the benefits of remote and hybrid working. 

Cyber-criminals have been quick to spot the opportunity to target a distributed workforce. Organizations of all sizes and across industries have relied on email to maintain business continuity, especially in a world that was already trending towards greater adoption of flexible remote working opportunities. Unfortunately, email attacks have risen and will likely continue to increase, making them prime targets for cyber-crime, especially if providing information about COVID-19 testing, resources, and research.  

Remote employees pose a significant challenge to legacy backup systems. Their endpoint needs data protection, but with ubiquitous cloud services like Office 365 and Dropbox, those employees don’t need to log into the VPN on their laptop to get work done. But without a VPN, legacy backup systems cannot back up these desktops and laptops because the agents are behind firewalls and routers with network address translators (NATs). That presents a serious blind spot for data protection strategies that need to work with today’s cloud service providers and meet the needs of employees who now rely on their products. 

As a result, effective backup remains a key defense against the activities of cyber-criminals. While many organizations understand the risks and will increase their focus on data protection in 2021, others still need to take the minimum steps required to defeat attacks that will inevitably come throughout the year. A ‘back to basics’ approach offers an effective jumping-off point for businesses to increase their protection against risk, with backup as a foundation. 

While we continue to navigate the uncertainties of the pandemic in 2021, it is important to reiterate simple steps to avoid or minimize attacks on businesses: Identify suspicious senders, exercise caution before clicking on links or opening attachments, and instill a backup strategy that utilizes the 3-2-1 rule. A strong 3-2-1 backup plan includes having at least three copies of data across multiple locations: the original, a first backup stored onsite, and a second backup located offsite. 

In the current environment, where ransomware attacks are commonplace, if all organizational backups are on a single disk that is connected to a main computer, those backups can be encrypted at the same time as source data, rendering them useless. With three copies of data – on the computer, on local storage, and on offsite storage – rapid recovery from threats such as ransomware becomes much more practical. 

When implementing a 3-2-1- strategy, there are a variety of infrastructure options available: 

• Disk and Cloud: Combining local disks and cloud storage locations is a common approach, particularly among small businesses. An available backup on a local disk translates into very fast recovery time, as the local network allows for much higher bandwidth. A remote backup on a cloud storage location further insulates business data from disaster, malware, and other problems that arise. 
• NAS and Cloud: NAS devices are an affordable onsite storage location for backups. Leveraging an onsite NAS ensures a large dedicated storage pool and high bandwidth for organizational data. Transferring those backups to the cloud as an offline process avoids accessing the original source multiple times. 
• Disk and Tape: Remains the most common storage media, and despite its long history, tape continues to make strides in speed and storage capacity. With a local disk, users can quickly back up their environment and have the backups available for fast restore. Using a tape library for offsite storage enables backups to be stored in a safe location (akin to a security deposit box). 

Although the new year will certainly bring new and familiar risks, tools are readily available to build a foundation that actively protects data. Organizations everywhere have faced huge challenges this year, but with the hope of a post-pandemic recovery for 2021 now growing, it is imperative that progress isn’t hampered by a growth in serious cybersecurity breaches. 

About the author 

JG Heithcock is the general manager of Retrospect, a StorCentric Company. He has 18 years of experience in the storage and backup industry. JG was the User Experience Architect at WildPackets (now Savvius) before coming back to recruit and manage the Engineering team for Retrospect at EMC. JG was one of the founding members of Retrospect, Inc, and is now General Manager at Retrospect under the StorCentric family. JG can be reached online at https://twitter.com/jgheithcock and at the company website https://www.retrospect.com/.

Thanks to JG Heithcock for contributing to the #BUDRInsightJam. Learn more in our Backup and Disaster Recovery Buyer’s Guide and keep an eye out for Heithcock during the Jam.