When World Backup Day was first introduced in 2011, backups were often an afterthought – something businesses knew they needed but didn’t prioritise. It served primarily as an insurance policy against natural disasters and hardware failures rather than cybercrime, and businesses rarely considered testing recovery or protecting their backups.
As businesses face more sophisticated attacks, such as ransomware that targets backups directly through backup deletion and corruption, organisations must go beyond merely backing up data to implementing a data resilience strategy. This not only means protecting backups by ensuring they remain reliable and recoverable in the face of an attack, but also incorporating other aspects of resilience that backups rely on and interoperate with.
Today, World Backup Day is more than just a reminder to backup data; it underscores the need for individuals and businesses to make comprehensive data protection, security and cyber resilience a top priority. Recent incidents, such as the cyberattack on Korean manufacturer Hite Jinro, demonstrate how downtime can cripple operations and cause significant financial losses.
From backup to data resilience
Backup has evolved from keeping a copy of data stored away – once considered purely in the infrastructure and operations IT domain. Instead, it has become part of many businesses’ holistic cybersecurity strategy and is employed alongside endpoint security and exfiltration prevention.
Ultimately, data backup forms a single arm of an overall data resilience strategy that needs to consider recovery, security, portability, and with AI, even intelligence.
See also: Noel Gifts announces breach on online ordering platform
In the data resilience context, the approach to data backup, in particular, has changed to include data security considerations. This includes:
- Immutable backups
In today’s threat landscape, cyberattacks commonly target both data availability and confidentiality - two critical pillars of the CIA triad (Confidentiality, Integrity and Availability), With 87% of ransomware attacks in Q4 2024 already involving data exfiltration, organisations must be prepared for criminals to target data integrity. Ensuring backups are immutable – meaning they cannot be modified or deleted – helps businesses protect their data in the face of these evolving cyberattacks.
- Automated threat detection
Since backups are a prime target of ransomware attacks, early warning systems are crucial for a timely and effective response. Continuous monitoring of backup environments for suspicious activity allows businesses to identify and mitigate threats before they escalate. These systems also provide cybersecurity teams with valuable threat intelligence and early indicators of compromise, a further enabling the timely and informed response to incidents.
- Rapid recovery capabilities
Having backups is essential, but it’s only the first step. Organisations must regularly test recovery processes and implement orchestration processes to streamline business restoration should the unthinkable happen. The human element is equally as important as the technology – key stakeholders must understand their roles and responsibilities in the recovery process to ensure efficient restoration of critical systems.
Security teams should also consider leveraging backup environments for proactive threat hunting and security testing. By using backup snapshots as a forensic tool, organisations can analyse historical activity, detect persistent threats and improve their security posture without impacting production environments.
See also: Vallianz Holdings and PSC Corp hit by cyber attacks, minimal impact seen
Organisations can also incorporate AI and automation in their data resilience strategy. For example, Veeam Intelligence leverages AI-powered insights to significantly reduce recovery time and improve threat visibility.
As the volume of data grows and cyber threats evolve, backup is no longer solely about recovery, it’s a frontline defence against cybercrime. Organisations that treat backup as a strategic cybersecurity asset rather than just a simple recovery tool will be better equipped to withstand modern threats and maintain operational resilience.
Growing regulatory pressures make evolution from backup to data resilience necessary
As backup has evolved from an afterthought to a necessity, governments have also recognised the importance of data resiliency, implementing regulations that better prepare businesses for cyber threats.
Korea has amended its Personal Information Protection Act (PIPA) with effect from September 2023, for example, requiring businesses meeting certain criteria to have data protection officers if they handle personal data, along with data breach notification requirements. Certain sectors have additional specific legislation they must comply with, such as the Act on the Use and Protection of Credit Information within the financial sector to ensure data is managed and protected.
While regulation has prioritised personal information, there is heightened awareness around the protection of all data. The Personal Information Protection Commission’s recent suspension of Chinese AI app DeepSeek represents increased scrutiny into data protection standards. With the semiconductor industry caught in geopolitical turmoil, the Korean finance minister has indicated that the government will introduce new systems and regulations aimed at combatting the leak of business secrets in the technology sector.
With the evolving cybersecurity landscape and developing legislation, having a backup and recovery strategy in place is no longer a ‘nice to have’, it must evolve into a comprehensive data resilience strategy. Not only will this bring together data backup, recovery, security, portability, and intelligence, it’s essential to ensure compliance and business continuity.
Anthony Spiteri is Veeam's regional CTO for APJ while James Finlay is the lead director of Incident Response for APJ at Coveware by Veeam
