On World Backup Day, March 31, experts warn: backups are necessary but effective only when tested, protected, and embedded in a comprehensive resilience strategy.
On World Backup Day, March 31, IT security experts highlight a growing gap: although backups are a standard element of IT security, many organizations leave them inadequately protected, rarely tested, and largely disconnected from an overarching resilience strategy.
Beyond Ransomware Protection
In a world of AI-powered attacks, zero-day exploits, and nation-state threats, data backup may seem like a basic hygiene task. Yet some of the most severe incidents organizations face result not from sophisticated attacks but from a lack of preparation for the inevitable: data loss.
Ransomware remains one of the most financially damaging threats, but the causes of data loss are broader: accidental deletion, hardware failures, software errors, misconfigurations, insider threats, and natural disasters all play a significant role.
„Regular data backup is a security basic, but it is no longer sufficient to protect against ransomware attacks. Organizations need backups that cybercriminals cannot compromise, stored in tamper-proof immutable storage or securely isolated in data vaults.”
— Christian Scharrer, Enterprise Architect and CTO Ambassador, Dell Technologies
Backups Under Attack
Attackers increasingly target backups because they know how much leverage they gain by controlling the only usable copy of an organization’s data. Research by the Enterprise Strategy Group found that at nearly all organizations (96%) affected by ransomware in the past two years, backups were attacked at least once. In more than half of cases (52%), virtually every attack also targeted the backup systems.
Despite this awareness, a Dell Technologies survey found that 46% of respondents admitted their backup data was not as well protected as it should be, even though 83% were aware of the threat.
„Backups protect data availability but do not guarantee confidentiality. Encryption is the first critical line of defense against unauthorized access and data leaks — and that applies to backup data as well.”
— Corey Nachreiner, Chief Security Officer, WatchGuard Technologies
The 3-2-1 Rule and Immutable Storage
The established 3-2-1 rule remains a solid foundation: three copies of data, on two different storage media, with one copy kept offsite or offline. Modern threat environments, however, demand additional measures.
Immutable storage prevents backed-up data from being altered after the fact through a retention lock or object lock mechanism. This protects backups not only from ransomware tampering but also from accidental deletion by users.
The most critical data should also be stored in cyber vaults — isolated data repositories separated from the rest of the infrastructure by an operational air gap, making them unreachable to attackers. These vaults accept verified data only during defined time windows, via encrypted connections and strict authentication.
From RPO/RTO to Mean Time to Clean Recovery
A key vulnerability lies in misaligned expectations. According to a GigaOM-Commvault survey, business leadership assumes systems will be restored within five days of an incident. In reality, the average recovery takes 24 days.
Commvault Field CTO Marc Molyneux calls for a shift in thinking: rather than debating generic RTO and RPO targets, organizations need a new benchmark — the Mean Time to Clean Recovery (MTCR). This metric measures the actual time required to fully restore critical business applications, systems, and clean, validated data after an attack.
„Current threat intelligence indicates that attackers remain in victim networks for an average of over 200 days, manipulating dozens of systems including backup datasets. Restoring backups mechanically means restoring backdoors, malware, and attacker accounts along with them.”
— Marc Molyneux, Field CTO, Commvault
A sustainable recovery approach requires SecOps and IT Ops teams to work closely together: data must first be examined for attack artifacts in an isolated digital cleanroom before being restored to production environments.
Identity and Access Management as Part of Backup Security
Shane Barney, CISO at Keeper Security, points to a frequently overlooked dimension: securing the backup environments themselves. Applying least-privilege access controls and zero-trust principles ensures that only authorized users can interact with critical systems and stored data.
Structured governance mechanisms such as access governance and audit trails significantly strengthen these protections, especially in scenarios where attackers attempt to encrypt or manipulate backup repositories directly.
Automation and Testing as Core Requirements
Erich Kron, CISO Advisor at KnowBe4, identifies two fundamental weaknesses in backup practice: backups that depend on someone remembering to run them will not be executed consistently, and backup systems that are never tested provide no reliable assurance.
Organizations that have not rehearsed recovery neither know whether their backups work nor how long restoration will take. Automation removes the dependency on human discipline; recovery testing surfaces weaknesses before they become critical.
„World Backup Day is a reminder: backups are not a checkbox on a to-do list but a critical factor in operational resilience. What matters is not just whether data is backed up, but how quickly and reliably it can be restored when it counts.”
— Andre Schindler, General Manager EMEA, NinjaOne
Conclusion: Resilience Over Routine
World Backup Day makes one thing clear: data backup remains indispensable but has outgrown its role as a standalone measure. Effective protection requires tamper-proof storage, regular testing, a well-designed recovery framework, and robust identity management. Organizations that bring these dimensions together are not only protected against data loss — they are positioned to withstand attacks without lasting damage to operations.
Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM.
Contact via Mail: jakob.jung@security-storage-und-channel-germany.de