How backups increase your organization’s cyber resilience

James Ciesielski | Last updated on January 16, 2023 | 8 minute read

A graphic representation of a dial lock between a cloud data lake and a cyber attacker.

As the world becomes more digitally connected, corporate systems are becoming increasingly vulnerable to evolving cyber security threats. 2021 was yet another year in which high-profile security incidents dominated news headlines. Notably, we saw an alarming spike in incidents of ransomware-related data leaks, which climbed 82% in 2021. Software supply chain attacks increased by 650% during the year as bad actors proactively moved upstream to wreak havoc by infiltrating open-source software.

As business leaders and IT teams move through 2022, they need to approach cyber security with the mindset of ‘it’s not just a matter of if an incident will occur, it’s a matter of when.’ They’ll also need to consider how their systems will respond and recover from an incident to prevent the wheels of their organization from grinding to a halt.

This is where the concept of cyber resilience moves to the fore. In this article, we’ll explore this concept in-depth and consider some of the approaches you can adopt to build your business’s cyber resilience. Specifically, we’ll consider the role of backups in crafting and executing your cyber resilience strategy.

What is cyber resilience?

The National Institute of Standards and Technology (NIST) defines cyber resilience as “The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.”

Think of cyber resilience as being digitally “fit” or “primed.” It’s about being able to keep your company’s data and devices online no matter what security threats come your way.

Achieving true cyber resilience isn’t a one-dimensional or point-in-time effort; it’s an ongoing and iterative journey that requires multiple mechanisms and layers of protection for users, systems, data, networks, and devices. This is often referred to as a “defense-in-depth” strategy.

Why is cyber resilience important?

Becoming cyber resilient is vital in a world where the threat landscape continues to evolve. Cybercrime is an established, highly organized, and well-funded industry. And today, every business is at risk – not just high-profile multinational enterprises or government targets. Even small and mid-size organizations can suffer a data breach. The days when mid-size enterprises could get away with little more than basic anti-virus software are behind us.

As we touched on earlier, one of the reasons for heightened security risks is ubiquitous connectivity and the rise of cloud computing solutions (which exist side-by-side with traditional on-premises infrastructure and workloads in many organizations.) Now, increasing amounts of corporate data are on the move and being exchanged between different clouds.

As a result, the traditional corporate perimeter has become porous. The recent increase in remote working has only disrupted the conventional perimeter model even further. This introduces greater potential for data loss due to human error, system failure, natural disasters, network downtime, or malicious actors.

Strict and continually evolving data security and compliance regulations coupled with a severe shortage of qualified cyber security professionals who can build, coordinate, and manage organizations’ cyber security defenses only adds to the challenge.

Building and maintaining a cyber resilient posture allows organizations to:

  • Minimize the risk of financial loss and reputational damage caused by a cyber security incident
  • Meet legal and regulatory requirements to which they are bound
  • Improve their internal culture and internal processes
  • Ensure business continuity in the event of a cyber attack, data breach, or another catastrophic event

Cyber resilience and cyber security: What’s the difference?

Before we explore the tactics you can adopt to bolster your organization’s level of cyber resilience, let’s take a moment to understand the difference between cyber security and cyber resilience.

Cyber security is focused on implementing mechanisms that protect a business from cyber threats and attacks. It involves deploying security infrastructures such as VPNs and firewalls, anti-malware software, and end-point security solutions. It also includes other hygiene factors such as performing regular software patching and educating employees about secure workplace behaviors.

Cyber resilience centers on implementing proactive, preventative measures to preserve or restore business continuity when a security incident occurs. Such events could take the form of a system breach or failure, a ransomware attack, or other disruptions to business-as-usual, such as power outages caused by extreme weather events.

Data backup and recovery are essential elements of cyber resilience.

7 tips for increasing your organization’s cyber resilience

1. Network segmentation

The damage caused by a cyber attack can be mitigated and contained if the business’s critical and non-critical systems are separated. This will ensure that if a non-critical system is breached, the effects don’t spread to the critical infrastructure and systems.

2. Backups

When critical systems have been hacked and primary data is rendered inaccessible, corrupted, or lost altogether, a good backup system will ensure that the business can continue to function. Backup systems should be configured with their own separate protection.

Downtime Cost Calculator

How much money could you lose if your store goes down?

3. Identity and access management

Another way to limit the chances of security incidents spreading to business-critical systems and data is to manage which employees, partners, and customers are allowed to access which devices and services. You can define and develop trusted identities and assign each the correct access levels. Once your identities are set up, it’s easy to spot any anomalies or patterns quickly.

4. Security operations solutions

Security orchestration, automation, and response (SOAR) systems and security information and event management (SIEM) systems are two important aspects of effective and proactive enterprise security operations. However, each solution addresses threats differently.

SOAR platforms gather data from multiple IT devices and applications (such as endpoint protection tools, firewalls, and instruction detection systems) and take specific actions using predictive analysis to prevent threats before they happen. SOAR tools are designed to reduce the manual effort in identifying and mitigating threats, so SecOps (security operations) teams become more efficient. They typically draw on the power of artificial intelligence to reduce the likelihood of false positives that could distract security teams’ attention from credible cybersecurity threats.

SIEM gathers log and event data from server applications, network devices, and other infrastructure components to assess potential threats. It automatically generates a report for the IT security team if a predetermined threshold is reached. For example, if a certain user attempts to log into a system 5 times in 10 minutes, no alert would be triggered. However, if 100 attempts were made within the same timeframe, it would be deemed suspicious, and an alert would be triggered.

So, SIEM’s role stops once a threat is identified. The SOAR platform takes the next step of helping IT administrators take appropriate action. A comprehensive cyber resilience strategy for most organizations leverages both solutions.

5. Secure access service edge (SASE)

Businesses are moving processes closer to where decisions need to be made – and that place is the edge. Consider this example: building management systems (BMSs) were housed separately from the enterprise network in the past. Today, they typically include IoT devices and smart sensors that are fully integrated into the core network. This means they need the same (or even more) security and access control levels as traditional infrastructure. SASE is an approach that involves creating and enforcing company-wide policies that cover not only users and traditional infrastructure but also devices and endpoints all the way to the edge.

6. Artificial intelligence and machine learning

Artificial intelligence and machine learning are modern tools that can contribute to an effective cyber resilience strategy. They can work in the background, analyzing vast volumes of structured and unstructured data, user behaviors, network traffic patterns, and CPU usage. They’ll trigger automated alerts should any suspicious activity be detected.

7. An incident response plan

An incident response plan will ensure that every employee in the organization understands what to do (and not do) during the early stages of a cyber-event.

All backups aren’t created equal

A reliable backup and recovery strategy is critical to becoming truly cyber resilient. When things go wrong, you need to be able to restore your data as fast as possible. When data recovery is delayed, the cost of revenue loss, productivity loss, and customer frustration can quickly add up. A data loss or breach can also have far-reaching regulatory and reputational consequences that can linger for years after the event.

Consider asking yourself the following questions:

  • Does your backup contain all the data you need? A backup doesn’t necessarily assure recovery of all relevant data; for example, backups might have been incomplete or compromised since their creation.
  • If you’re using a service provider to perform your backups, how frequently do they test and validate your backup data? Only with regular, systematic, and proactive testing can issues be identified and resolved ahead of time.

The last thing you want is to find that your backups are missing or incomplete after a cyber-incident has occurred.

Rewind Backups

As cyber incidents continue to grow in number and sophistication, ensuring secure and reliable systems remains an uphill battle. Organizations must get more proactive and aggressive in combatting such attacks rather than keeping their fingers crossed that it won’t happen to them.

At Rewind, we understand that today, businesses of all sizes have much more to lose from data loss than ever before. And while SaaS solutions are a core element of most enterprise IT strategies, they can also introduce a level of risk. SaaS vendors back up data at the platform level, but you can’t access that information to restore your account. This makes users vulnerable to accidents and malicious actors.

Rewind Backups gives you full control and immediate access to your critical business data. If something happens, you can restore your data in just a few clicks.

Whether you’re a small business or a larger enterprise, we’ve got you covered. If you’d like to speak to one of our experts about how we can help you put your backup and recovery strategy on the front foot, please get in touch.

Profile picture of <a class=James Ciesielski">
James Ciesielski
James is the co-founder and CTO of Rewind, the leading data backup and recovery provider for cloud and SaaS data. After completing a Bachelor of Math, Computer Science/Software Engineering at the University of Waterloo, James has over 20 years of experience building highly scalable software and services in the fields of telecommunications, media, and financial technology in both enterprise and start-up environments. An experienced technical leader, James has successfully overseen the development and launch of a variety of software products, including Rewind’s inaugural backup-as-a-service (BaaS) app, Rewind Backups for Shopify. In 2019, James was honoured as a member of the Ottawa 40 Under 40. When he isn’t in front of his computer, James can typically be found running after his kids, cooking with his wife, and volunteering to be in net for every pick-up hockey game he can find.