With cyber attacks increasingly taking a toll on South African organisations, local companies are being told to back up their data as a matter of urgency.
Cyber security experts are urging companies to be extra-vigilant with their data, in commemoration of World Backup Day today.
World Backup Day aims to create awareness around the increasing role of data in our lives and the importance of regular backups.
This year, the day comes as a number of South African organisations have fallen victim to damaging cyber attacks.
This month, credit bureau TransUnion became the latest victim, when a cyber attack exposed 54 million personal records of South Africans.
In December last year, big-four bank Standard Bank and property firm Lightstone suffered a data breach that exposed the personal information of property owners.
In late July, SA’s ports and railways were brought to a standstill as a cyber attack hit Transnet, the country’s rail, port and pipeline company.
The Department of Justice and Constitutional Development was also hit by a ransomware attack, which resulted in all electronic services provided by the department being affected, including the issuing of letters of authority, bail services, e-mail and the departmental website.
Also last year, the South African National Space Agency – a government agency responsible for the promotion and development of aeronautics and aerospace space research in SA – notified the public of a breach to its IT systems.
Accidental loss
According to Metrofile, a document storage firm, people now create and generate over 1.8 zettabytes of data per year, and nearly 21% of people have never backed up their data.
“That’s a concern considering 29% of data loss cases are caused by accident and 30% of all computers are already infected with malware,” it says.
Backing up data is not only about storing much-loved photos in the cloud, it's about all forms of electronic information, across a multitude of devices, and even across an entire workforce, being stored in such a way that it is secure but also recoverable, says Metrofile.
“If all devices, all information, and then cyber security and disaster recovery are not considered, then your backup isn't adequately planned or protected,” explains David Lees, co-founder of IronTree, which was acquired recently by Metrofile.
John Ward, principal for cloud technologies for Africa at Fortinet, says data protection is certainly more important than ever before, due to proliferating cyber crime and an expanded attack surface in which work-from-anywhere employees are accessing – and using – enterprise data anywhere and everywhere.
“The risks to data have grown exponentially. Not only can it be hacked and exposed, it can also be locked down in a ransomware attack, leaked accidentally, corrupted or lost. Whether it is stolen or lost, the impacts can be equally devastating for organisations,” Ward says.
“While encrypting data, incremental backups daily, weekly, monthly and yearly, and regular tests of backups and tape drives remain standard best practices, many organisations also backup to the cloud for peace of mind. The problem here is that whether you’re backing up to tape drives or the cloud, malware can end up in the backup environments too.”
Ward believes that having backups sent offsite to a platform that can disconnect is key. However, he notes the 2021 Global Ransomware Survey by FortiGuard Labs found that only 58% of respondents rely on offline backups to protect data from ransomware.
“This indicates there is room for improvement; but these measures are just a part of the puzzle when it comes to ensuring data is safe.”
3-2-1-1 strategy
Global research commissioned by data protection firm Arcserve reveals that most companies will suffer data loss at some point.
The findings highlight why having a fast and effective data recovery plan plays an equally important role as data backup.
Key findings from the research include: 74% of mid-sized companies have experienced data loss in the last five years; 52% of respondents said they could not recover all their data after a loss; 94% say data loss had a direct impact on the way their IT teams operate; 69% of those say they needed to revise their data recovery plans; and 23% of businesses globally do not test their data recovery plans.
Arcserve recommends businesses adopt the proven 3-2-1-1 data backup strategy.
It explains the 3-2-1-1 strategy requires three backup copies of data on two different media, such as disk and tape, with one of those copies located offsite for disaster recovery.
The final one in the 3-2-1-1 equation is immutable backup – a key element of successful ransomware protection because data is converted to a write-once, read many times format – and cannot be altered, says the company.
Byron Horn-Botha, business unit head for Arcserve Southern Africa, says: “World Backup Day was created to help people be more aware of the significance that data plays in our everyday lives, and the importance of keeping it safe.
“Of course, we fully agree with this, and believe that robust and tested data recovery planning is a critical element of any data backup and protection plan.”
Kate Mollett, regional director at Commvault Africa, points out the increase in cyber attacks is well-documented and is now top of mind for board members, business owners and everyone throughout the corporate structure.
She notes cyber attacks threaten the data being used day in and day out and often even the backups of the data.
“Today’s IT administrators and leaders often must think of the security implications of a change before they even get to consider the technical challenges.
“On World Backup Day 2022, we suggest the first thing you should do is to check those backups and your processes, but the second is to reach out to your information security teams and find out what precautions they are taking with data and share your cyber-specific recovery plans as well,” Mollet concludes.
Share