When approximately 22 terabytes (TB) of Dallas Police Department (DPD) (Texas, USA) data were accidentally deleted during a cloud migration in March 2021, ultimately only 14 TB could be recovered, affecting myriad case files and prosecutorial actions.1 The City of Dallas later released a 131-page report which uncovered that DPD protocols for data management had been "inadequate."2 The DPD is not alone. Even highly experienced data managers and organizations can be at risk when it comes to data backup and recovery procedures.
Reduce Risk With the 3-2-1 Rule
Disruption to data is more a matter of when it will occur than if it will occur. A 2021 data center fire at a French cloud service provider (CSP) disrupted millions of websites, including government portals, banks and retailers.3 The CSP faced a difficult recovery because both copies of customer data had been backed up at a single location. The data center fire is a prime example of the need for resilience in digital disruption, especially in an environment of increasing cyberrisk, including hostile state-sponsored threats to critical infrastructures.4
To reduce the risk of data disruption, organizations should maintain at least 3 copies or versions of data stored on 2 different pieces of media, 1 of which is offsite. This is referred to as the 3-2-1 rule.5 With at least 3 different copies of important files and information, an organization can recover even from accidents that affect multiple versions. But, of course, one should not keep both copies of the data on the same media.
At least 1 offline copy should be created and maintained in addition to on-premises and cloud storage versions of data. Local backups should be securely stored on portable hardware-encrypted storage devices. For example, portable and removable storage devices with built-in hardware encryption used across the workforce can ensure the existence of backups that maximize control for organizations, regardless of the breach, attack, damage, disaster or other disruption.
Removable storage devices complement the cloud, enabling the retention of some element of control over the data rather than abdicating all responsibility to a CSP. Employees at all levels should be knowledgeable of procedures and incorporate backups into their everyday work.
Develop a Procedure and Adhere to It
Most people understand that all organizations should consistently secure and back up their data, yet often this is not the case. Too often an enterprise becomes distracted and shifts its attention to other challenges. Today, those challenges may take the form of hybrid working and remote workforce management. Organizations may rely too much on faith when it comes to the security of data at rest or stored in the cloud. Often there is not even a written backup and recovery plan or policy in place and, if there is a strategy, it is not adhered to, or its status is unknown.
Organizations may rely too much on faith when it comes to the security of data at rest or stored in the cloud.
The Apricorn 2021 Global IT Security Survey reported that 49% of IT professionals say individual employees in their organization do not consider themselves potential attack targets for access to enterprise data.6 More than 50% of respondents to a recent Apricorn poll note that they, or their employees, have experienced a loss of data as a result of not creating backups or a backup failure.7 Despite this, more than 60% of respondents state that they are not required to play a role in backing up enterprise data. Worryingly, one-third of respondents admit to not backing up data to a second offsite location.8 Of those who do, approximately 30% back up to the cloud and slightly more than 20% rely on storage devices for secondary backup.
Meanwhile, the COVID-19 pandemic has also created ongoing vulnerabilities. Even beyond the pandemic, remote work will likely continue to play a larger role for many organizations. Enterprises therefore must remain aware of the many new attack vectors represented by remote connections and hybrid working environments. In addition, large volumes of data now move beyond the boundaries of the enterprise network.
Consider the Increasing Consequences
Compounding these issues, threats to organizational and personal data and to the network itself continue to evolve and become more sophisticated. Today's cyberthreat landscape typically demands a multifaceted approach to best-practice cybersecurity. Addressing data protection, backup and recovery plays a central role in mitigating risk from any cyberattack to critical infrastructure and organizational information.
Secure data backup processes can maximize data control, eliminate unauthorized data access and facilitate fast restoration of operations in the event of a breach or attack. The consequences of not addressing the situation can be catastrophic. Poor management and a lack of preparation constantly threaten the security of data and information. Data sprawl can increase the risk of data losses, whether from a common cyberthreat such as a ransomware attack or a force majeure event that results in downtime, financial loss and/or reputational damage.
Organizations are at high risk of external investigations and penalties, including heavy fines. In addition, financial damage can result in costs related to restitution and repair, and an increased price to pay for future protection. Further costs are accrued by negative media coverage of the organization, which damages brands and can cause customer exits or deter new customers, impeding growth.
Use Your Backup for a Fast, Efficient Recovery
Making solid investments in data backup and recovery planning can save organizations considerable amounts of time and money in the future. The best pathways to achieve this have been made clear, including many different options for data backup for organizations with different requirements and challenges.
Above all, centering an effective backup-and-recovery strategy around multiple copies of data provides both insurance against future cyberattacks and flexibility, defending against data loss due to weather, human error, hardware failure and more. As part of an up-to-date, regularly reviewed, multilayered cybersecurity approach, it is key to frequently back up data, including offline backups, and regularly practice procedures for data recovery from those backups. Stakeholders should ensure that all enterprise data are encrypted and offline backups remain inaccessible to unauthorized users.9, 10 Lastly, it is important to create a plan for quick data restoration in the event of disruption.
Data resilience can be straightforward if organizations begin with first principles, create a plan and adhere to it. Using the 3-2-1 method can ensure that organizational data assets are properly secured in the event of a data loss incident.
Endnotes
1 Osborne, R.; “City of Dallas Calls IT Protocols ‘Inadequate’ in 131-page Report on Police Data Loss,” WFAA, USA, 1 October 2021
2 Ibid.
3 Rosemain, M.; R. Satter; “Millions of Websites Offline After Fire at French Cloud Services Firm,” Reuters, 10 March 2021
4 Scimeca, D.; “Maintain Readiness Against Russian State-sponsored Cyberattacks,” IndustryWeek, 12 January 2022
5 Elliot, J.; “What Is the 3-2-1 Backup Rule?,” CO, USA, 6 October 2021
6 Apricorn, Apricorn 2021 Global IT Security Survey, 2021
7 Continuitycentral.com, “High Levels of Data Loss Due to Inadequate Backup Procedures Identified: Survey,” 14 October 2021
8 Help Net Security, “Most Employees Believe Backing Up Data Is Not Their Problem,” 18 October 2021
9 Fielding, J.; “Backing Up Data – Whose Job Is It Anyway?,” TechRadar, 14 November 2021
10 Donovan-Stevens, A.; “Encryption Is the Surest Way to Protect Data, So Why Isn’t Everyone Doing It?,” tbtech, 20 July 2021
Kurt Markley
Is the US managing director at Apricorn and has more than 20 years of experience in encryption and cybersecurity. He has worked with many organizations in the manufacturing, government, finance and health care industries to help strengthen their data protection.