World Backup Day is today and backing up your data to make sure it’s secure and can’t be hacked has never been more important.
The unprecedented attack on Nine earlier this week represents a significant turning point, highlighting the major cyber threat organisations across all sectors and sizes face. Ransomware attacks have become rampant and the conversation we need to be having now is around cyber resilience, since we know attacks can come from any direction.
Having a cyber resiliency plan is critical. But becoming cyber resilient is not an overnight endeavour. Businesses now need to prepare enough to the level of cyber risk that they are asking themselves, when will we be attacked? What will we do? What processes do we have in place to protect our data and restore it?
Perhaps the biggest threat to business is ransomware, which is a type of malware that infects computers and backups via phishing emails that are opened by unsuspecting staff.
According to our 2020 Global State of the Channel Ransomware Report, SMBs are the top target for ransomware attacks, with nearly 70 per cent of managed service providers (MSPs) saying their clients had been hit by ransomware attacks.
While phishing remains the largest vector for ransomware attacks, with 54 per cent of MSPs saying infections were down to malicious emails, poor user practices and a lack of cybersecurity education are also contributing factors.
And it’s not just paying the ransom that is expensive. While the average global ransom has increased from $US4,300 in 2018 to $US5,600 in 2020, it’s the downtime caused by ransomware that is hitting business hard.
According to our report, the average downtime costs associated with ransomware has grown significantly. In 2018, a business hit by an attack could expect their downtime to cost approximately US$46,800, a figure that has skyrocketed to approximately US$272,200 in 2020.
And it’s not just current business data that’s being targeted by cybercriminals. Bad actors are also going for the very backups business uses to get back on its feet after a cyberattack. If your backups are compromised, the path of return to business continuity is going to be a hard one.
So how can you protect yourself?
Software as a Service is great – but you still need to backup
Microsoft 365 and Google Workspace are being adopted by business at an enormous rate. There’s a lot to like about these services – your software is consistently up-to-date, your data is stored in the cloud and there are no maintenance or upgrades that need to be done.
The only problem is in assuming that just because your data lives in the cloud, you no longer need to back up. Although Microsoft and Google say they won’t lose your data, they do not make guarantees about restoring your data if you are the one that loses it.
Data in the cloud is just as vulnerable as any other data stored in other locations to ransomware, accidental deletion or user error.
That’s why it’s vitally important to have a software solution that backs up your cloud data somewhere that is safe and secure and where you can access it if you’re hit by ransomware or even human error.
It’s also critical to have a software solution that takes snapshots – ranging from a matter of minutes to up to 24 hours – so you can roll back to the most recent “clean” image if you’re hit by an attack.
The best software solution you can invest in is a business continuity and disaster recovery (BCDR) platform that provides all these services to your business. It backs up your cloud data and ensures that your business can get up and running in the shortest period possible.
In fact, according to our research, 91 per cent of managed service providers (MSPs) say that clients with BCDR software a less likely to experience significant downtime than those without it. Additionally, four out of five small businesses with BCDR software recover from ransomware attacks within 24 hours. This minimises the downtime cost to the business and safeguards the business’s valuable public reputation from harm.
Further steps to safeguard your data
Backup, as we have seen, is of vital importance to business continuity, along with a safe, strong and reputable BCDR software platform. But there are other steps you can also take to safeguard your data.
These include conducting a risk assessment to understand what impact a threat, including ransomware, will have on your company. You should also train your employees to spot phishing emails and other threats like social engineering.
Training curricula need regular updating and staff need to have constant refreshers on the emerging threats and how to stop them.
You also need to know where your data is – the more places you have data stored, the harder it is to back up and the easier it is for a hacker to compromise. Finally, control access, so that staff only have the data they need for their jobs, and administration privileges are only given to the core group of people who need them – no more.
Backup is of critical importance, and on World Backup Day the biggest take-home is that you need to back up your cloud data. Ransomware remains the largest threat to business and software as a service solutions like Microsoft 365 and Google Workplace aren’t as safe as they seem.