3 Key Steps to Streamline Your Backup Strategy: Expert Insights from HYCU

Small and medium-sized businesses (SMBs) generate and store a significant amount of data, including critical business information, customer records, and financial data. Managing and backing up this data can be a complex task, especially without the right tools and expertise. 

In At-Bay’s Backup Breakdown report, we showed how organizations may struggle with inconsistent backup practices, leading to gaps in data protection and increased vulnerability to data and financial loss. 

No matter how technologically mature an organization may be, developing a backup strategy can be tougher than it seems. At-Bay spoke with Andy Fernandez, Director of Product Management at HYCU, to gather his insights on how organizations can avoid failures with their backup strategy as they learn to maximize their use of modern technologies. 

You Can’t Set it and Forget it

As a company that specializes in data protection, HYCU has helped organizations at every level formulate ways to protect their valuable data. However, Fernandez says that companies of all shapes and sizes — not just SMBs — struggle with the optimal way to back up and successfully restore their data in the event of an attack. 

One of the biggest pain points that Fernandez sees is that organizations fail to properly test their backups once they’ve determined how they plan to store business-critical data.  

“People simply aren’t testing their backups,” Fernandez says. “I’ve spoken to so many folks who didn’t test their ability to recover data from backups until after an incident happened. Upon trying to recover their data, organizations realize that they did not have the ability to back up, that their backups were corrupted, or there was another issue” with the way they structured their backups that led to a failed restoration.  

This fact shows up in the data presented by At-Bay in our new report. While 92% of policyholders tell us they have adequate backups in place, 31% of companies fail to successfully restore data from those backups. 

Fernandez says that companies that have integrated cutting-edge IT into their tech systems and depend on deeply technical processes to power their organizations have continued to have backup problems as they scale. 

“You’d be surprised how many folks ‘check the box,’” he says, meaning that companies are only focused on backing up data to comply with various rules and regulations. Fernandez says that he’s found that mature organizations that leverage the cloud for both storage and applications only “check the backup box” but fail to test if the backups actually work. 

Besides continually testing, Fernandez emphasizes that understanding how your data interacts with your applications — and how that will factor into your backup strategy — is a phenomenal way to avoid a failed restoration. He refers to this strategy as “purpose-filled backups.”

“No matter what you do, you cannot simply rely on bulk exports and making sure that you have ‘checked the box,’” Fernandez advises businesses. “You want to make sure that you are protecting the workload that you have as it’s meant to be protected. An organization should be able to make sure that it has visibility into the way the data and applications work together, and have a way to consolidate and orchestrate the protection of IT without having to allocate a lot of resources toward it.”

Backups Can Prevent Ransomware’s ‘Blood Calculus’

The spike in ransomware attacks over the last five years has made backups more important than ever. Our report shows that organizations are 3X less likely to pay ransom with successful restoration from backups than those that fail. However, nearly one-quarter of At-Bay policyholders still pay a ransom despite being able to successfully restore from a backup. 

At-Bay’s incident response experts say there are multiple reasons organizations will pay the ransom even with a successful backup: gleaning valuable security information on how an attack was launched, data for various regulatory and compliance issues, or efforts to safeguard trade secrets that could leak to the open internet. 

HYCU’s Fernandez says another reason is organizations want to return to normal operations as quickly as possible, and therefore may decide that a successful restoration plus a ransom payment are worth it to keep the business running. If an organization determines that being down could cost them more money than the actual ransom, it pushes leadership to make a really tough decision. 

“Sometimes an organization will have an application that is fully encrypted, and that application generates millions of dollars,” Fernandez says. “What’s the ransom cost? Maybe it’s $100,000, maybe it’s $2 million. But what is the cost of downtime if your recovery takes a week? Now you start to see this blood calculus that has to be performed where the CEO has to say to the IT manager, ‘Look, we can’t afford to be down for more than six hours. We have to pay the ransom.’”

Avoid the ‘Spaghetti Monster’

When it comes to backups, there is no one-size-fits-all option. There are different technological architectures  — cloud, on-premise, offsite, hybrid — that, when coupled with an organization’s unique backup processes and policies, can unintentionally add complexity to its overall security strategy. 

While there is no uniform option that fits every organization, picking one and adopting a strategy around it can be extremely vital. Our report found that organizations’ backup architecture can meaningfully decrease the overall severity of the attack and significantly reduce the likelihood of paying a ransom. We also found that the recovery rate for pure cloud backup solutions is 1.5X better than other backup types.

It is imperative that both the architecture and strategy fit an organization as seamlessly as possible in order to ensure a successful restoration. Fernandez says he has witnessed numerous organizations not fully understand how their backup architecture fits into their strategy, thus making things unnecessarily complicated in the process. 

“I like to call it the ‘Spaghetti Monster,’” he says. “Every single IT manager has to protect several different workloads that come from different places [in the system]. This can easily become this monster of scripts and configurations that are all a Rube Goldberg machine. The more complexity that you have, the more difficult you’ll find not only backing up, but actually restoring.”

At-Bay’s own incident response experts echo Fernandez’s sentiment. Brian Walsh, who works on At-Bay’s DFIR team, says mapping out the process can save time, money, and manpower when it comes time to restore.

“Are the right people involved in planning for disaster recovery and response?” Walsh inquires, listing off questions organizations should be asking themselves. “Is IT even aware that this is what we’re doing? Are we collecting the right data? If you’re not doing those things, you can back up the data, but not actually do it in a way that the system administrators can use it and then repurpose it to the actual applications that are using it.” 

A Holistic Plan for Protection 

Procuring technology or obtaining coverage can be exceptional assets, but if an organization doesn’t know how to use them in conjunction with one another, the business may find itself struggling to survive in the wake of an attack. 

Partnering with an InsurSec provider can be the catalyst SMBs need to craft a security strategy  — which should consist of not only buying the right backup solution, but also implementing the proper controls and developing a restoration plan if a security breach occurs. 

This holistic effort is an extremely important part of any organization’s security plan. Fernandez likens the process to using a parking garage: “The garage is responsible for allowing you to have access to your spot. But if anybody touches your car or steals it, it’s on you, right? Data is the same thing. If something happens to it, you are still responsible for protecting it.”

To learn more about how At-Bay and HYCU can strengthen your security posture, visit our Security Partner Network.