Backup also serves to protect against internal threats

There is no doubt that cyber threats have become one of the biggest risks for companies. But what about internal threats and home-grown risks to data and systems, which companies are facing no less today than in the past?

Important, business-critical data can very easily be compromised or destroyed, either intentionally or accidentally. (Image: www.depositphotos.com)

The fact is that internal threats from employees, espionage or simple misconduct still exist and that companies should not ignore these alongside cyber risks. The "Verizon Data Breach Investigations Report (DBIR) 2023", for example, found that as many as 19 percent of security breaches can be attributed to internal actors. The BSI also considers internal risks to be an important source of danger and advises careful analysis in order to prevent business processes from failing as far as possible.

Danger from within our own ranks

Important, business-critical data can very easily be intentionally or accidentally compromised or destroyed, as one of the most recent examples at a company that provides information and communication technology shows. In June 2024, a case came to light in which a disappointed employee wanted to take revenge on his former employer after being made redundant. Out of frustration, the employee had deleted 180 virtual servers in his ex-employer's test system, causing damage of over 620,000 euros; the former employee still had admin access to the systems, even after he had been dismissed. This example shows how fragile and vulnerable IT systems are if companies do not take the necessary protective measures and strictly adhere to the principle of least privilege.

However, damage caused by internal actors does not necessarily have to be due to malicious motivation. Errors by administrators or users are also conceivable. Too many rights, one wrong click and it can happen that business-critical data and systems are irrevocably deleted.

After the disaster comes the recovery

Depending on the size of the company, the cost of such incidents may not be the biggest problem. It is much more important to restore data and systems quickly, preferably in the state they were in shortly before they were compromised or deleted. This is where a good and, above all, tried-and-tested backup and disaster recovery strategy can help. And data backup sets that cannot be manipulated or deleted help. For the example mentioned above, this would mean that the backups of the test systems are made as close as possible to the time of deletion and that they are stored on non-erasable and unalterable storage. Only then is it guaranteed that the data and test systems can be restored in their entirety and that the company loses little productive time or even months or years of test results.

In these cases, backup solutions are required that use orchestrated recovery to reduce recovery times and points (RTOs/RPOs) to minutes and validate the desired service level agreements (SLAs) with assured recovery. To achieve this, a unified platform for data protection, such as Arcserve UDP, is ideal. An integrated platform provides companies with a comprehensive solution that combines backup, disaster recovery and data management across the board. Such solutions are also able to efficiently prevent the effects of data compromise or even destruction - regardless of whether this is caused by an external cyberattack, internal actors or an operating error. The implementation and regular testing of the 3-2-1-1 rule for backups is crucial. This assumes a total of three copies of the backup data, whereby two backups should be stored on two different media carriers and one externally. The last 1 stands for the storage of a copy on an unalterable storage medium. Unchangeable backups are saved in a write-once, read-many format that cannot be changed or deleted - not even by hackers, internal actors or administrators. Companies that combine this rule with a suitable backup and disaster recovery solution can rely on a secure recovery of all data and systems in the event of an emergency.

Source: www.arcserve.com

(Visited 83 times, 1 visits today)

More articles on the topic