News

WORLD BACKUP DAY

The importance of protecting backups and ensuring the ability to restore data securely

By Andrea Guerra, Technical Expert VEM sistemi

In recent years, the message surrounding World Backup Day has profoundly changed. In the past, the focus was mainly on creating backup copies of data. Today, however, that approach is entirely insufficient. The problem companies now face is no longer just the product used or how frequently backups are made, but rather the challenges tied to cybersecurity, ransomware attacks, and the protection of data integrity. As a result, the focus has shifted toward backup protection and the speed and reliability of recovery.

A backup is only useful if it remains intact and available when needed. This is why it’s essential to store backups on a platform or system capable of ensuring immutability. In this way, in the event of a ransomware attack—for example, targeting a company’s production data—there is certainty that the immutable backup system retains an unaltered, tamper-proof copy of the information. Furthermore, since these data are never exposed, neither internal nor external attackers can access them, thereby ensuring maximum protection and data integrity. Traditional backup solutions, on the other hand, in the case of a cyberattack, not only suffer from the alteration and encryption of production data, but are themselves among the first targets of cybercriminals. Attackers typically compromise or destroy backups first, then strike production data, forcing companies to pay a ransom in hopes of recovery. This strategy places them in a dangerous position: dealing with criminals without any guarantee of retrieving original data or knowing whether it has been exfiltrated and leaked on the dark web.

Even with immutable backups, the challenge doesn’t end—it shifts to the realm of cyber recovery, or the ability to define effective timeframes for system restoration, ensuring that the data is recovered in a version that is intact and malware-free, thereby avoiding reinfection of the infrastructure. One of the main risks, in fact, is that during the backup of all production data, malware may be backed up too. As a result, when restoring, there’s a danger of reintroducing malware and re-infecting all production data. Therefore, today, the core objective of cybersecurity is no longer limited to creating backups, but to implementing systems capable of verifying data integrity and preventing reinfection during restoration.

Who has access to the systems managing backup copies? This is where the Zero Trust principle comes into play, which not only involves controlled, role-based access with multi-factor authentication but also introduces a quorum mechanism among administrators. This means no single administrator can independently modify or delete components of the backup infrastructure, as every critical intervention requires authorization from a group of administrators. This approach provides greater security, protecting against compromise due to the identity theft of an individual.

Another key aspect concerns data classification. Thanks to innovative data protection systems, it’s possible to precisely identify the type of protected data, allowing for a more informed assessment of the severity of an attack. For example, if sensitive data such as patents, bank drafts, or other critical information are altered or encrypted, it becomes immediately clear how serious the breach is.

Adopting such a system not only allows for targeted and proportional measures in the event of critical data compromise, but also enables a deeper analysis of the attacker’s intent, thereby improving the response and mitigation strategy.

Today, therefore, simple data backup is no longer enough. It is crucial not only to have a backup copy, but also to ensure its protection within an immutable, inaccessible system, shielded from both external and internal attackers. Additionally, it is essential to classify information and verify data integrity to prevent the reinfection of systems and files after a cyberattack.

The VBACKUP service offered by VEM sistemi, for example, enables constant monitoring of the entire backup infrastructure and allows for proactive intervention as soon as a critical issue is detected. Relying on a specialized partner also allows companies to implement often-overlooked but crucial activities for system security and reliability. Among these are: periodic restore testing, continuous backup infrastructure updates to prevent vulnerabilities, and regular verification in an environment isolated from the production network. This last aspect makes it possible to test a data set without affecting business operations, thus ensuring maximum integrity and continuity of processes.

Working with a partner specialized in backup and recovery processes helps reduce the risk of human error, thanks to more accurate control and constant oversight of the infrastructure. A dedicated team can quickly identify any critical issues and act proactively, preventing problems that, if overlooked, could evolve into more complex and harder-to-manage situations.

In conclusion, investing in certified solutions and relying on an expert partner is the best strategy to ensure business continuity and prevent irreparable losses.