Why a Reliable Backup Plan is Your Best Defense Against Cybersecurity Threats

…and the Most Boring Way to Protect Your Organization

I’ve written about the importance of backups before. For example, “The Importance of Being Earnest (about Backups)”.  Of course, I’m not Oscar Wilde and I’m not going to be able to spin an interesting yarn about Victorian classes and hypocrisy.  But I would like to take a moment to talk about Backups, Cybersecurity, and SpinOne.  However, prepare to be bored but I promise a few Dad jokes.

If you are a leader at your organization, this blog and the questions can help drive a discussion around making sure your company is protected.

Are Backups Really Part of a Cybersecurity Plan?

Yes, Backups are a critical part of your cybersecurity plan and Spin has some great materials at https://spin.ai/blog/creating-an-incident-response-plan/ to get you started.  Backups are a key control for contingency planning in the industry standard cyber security frameworks from the National Institute of Science and Technology (NIST) and they just plain improve your “sleep well at night” factor.  

A good backup regiment is also a formidable defense against things like ransomware & crypto attacks!

Are Backups Boring?

Yes, backups ARE a very boring topic.  Right up there in entertainment value with watching paint dry.  And the “joke” that backups are important, restores are critical isn’t very funny when the joke’s on you during an incident.  That’s when Backups turn into a horror film instead of a period romance piece.

But accidents happen and hackers are real.  I won’t bore you with backup statistics but I will tell you that being prepared for these realities is a core business requirement.  In fact, they are so important, we treat a problem with backups as a Priority Level 2 ticket because with backups failing, you are just 1 step away from a critical outage!

What Backups Do You Have?

The cloud has made things so much worse for computer inventory.  No more purchase orders or expensive bills means that people spin up machines without any paperwork.

So this is really a few questions: 

• How do you backup your systems?
• Do you have a good inventory of all your systems?
• Have you done assessments about your Data and Systems to know what is critical?

NOTE: This type of critical assessment is a key first step in a Zero Trust Network Architecture too!

Have Your Backups been Tested to Make Sure They Work?

As I mentioned above, Backups are important, Restores are critical.  It’s not really a joke and it’s never funny.

The most important question is, have you tested your backups to make sure they work?

This covers other questions such as: Are your backups encrypted?  Do you need software?  Do you need instructions?  Do you need software license keys?  Do you need Cloud Credentials?  Do you need MFA backup codes or tokens? AND do you have all of these available in a way that you can access in an emergency?

To be prepared, I recommend that you perform a table top exercise to walk through and brainstorm the processes you would follow in certain scenarios that are likely to occur at your organization.  Then I recommend you perform a simulated disaster recovery exercise to prove your backups work.  This should be done no less than annually!

For example, one company I know uses a hotel board room to simulate not being able to access their offices to see how they can keep operations running for a week each year.  This includes access to cloud services, phone systems, on-premise systems, postal mail, and more.  By making the simulation as real-world as possible, they found that they failed horribly the first time but they got a lot better very quickly!

Do You Have a Disaster Recovery Plan? 

Continuing the testing thoughts above, do you have a written disaster recovery plan or an incident response plan?  If you don’t, start drafting them today.  Anything is better than nothing so don’t let perfection get in the way of progress.  

Spin.AI has a great blog on the topic to help as well at: https://spin.ai/blog/disaster-recovery-best-practices/.

What does WYSIWYG Mean?

A: It means you’re old.  But you probably also know emoticons, so teach those to the next generation.  Here is an emoticon of me in a tie: 😎 [>- = / / />.  Who needs emojis, right? 😎

Do Your Backups Protect You Against Ransomware?

Are your backups going to be able to protect you against crypto attacks?  These are attacks where your data is encrypted.

Many bad actors will also attack hot online backups. They might also wait a considerable amount of time for their attack so that if you don’t have older backups, you may still have a persistent threat. Have you thought about this scenario?

Additionally, the restoration of data from backups can take days, weeks or even months to restore whether the cause is API limits, bandwidth limits, or something else you can’t control.

However, one product that we resell at Dito is SpinOne’s Ransomware Detection and Response, https://spin.ai/platform/ransomware-protection/.  A key differentiator of SpinOne is that it combines backups with a product that detects, stops, and recovers from in-progress ransomware attacks quickly using behavior-based detection.  The Ransomware Detection and Response can monitor access, identify bad actors, and revoke access automatically.  By doing this you can limit the impact of the issue dramatically.  Instead of doing a complete restoration, the system will automatically restore the impacted files in less than two hours.

Do Your Backups Protect You Against Non-Technical Issues?

Backups need to protect you against non-technical issues too.  For example, are you storing any backups in an alternate location?  

Do you have offline backups aka Cold Storage?  If not, are you using good access controls to prevent hackers getting into your online backups? As a note Spin.AI’s Backup does have redundancy for their cloud backups and they use cold storage for deleted user data too. They also protect access to your backups using best practices which we’ll cover a little later.

What about Weather events like Floods? Fire? Storms? 

What about physical access issues like insider threats? Theft?

How Quickly Can you Recover from an Outage?

Restoration can be heavily impacted by things such as API limits, bandwidth, and backup types.  A key thing we also see is that customers don’t have an inventory of their systems and files and they don’t have it organized by the business impact.  

Ask yourself, if a backup will take 3 months to restore, will you be out of business by then?  You need to have inventories, plans, and real-world tests so you can recover critical systems quickly.

Food for thought: The average user works with less than 10 files a week.  If you have 100 users and you can identify those 10 files, you can restore just 1000 files to enable your users to work effectively while you continue to restore the rest of the files.  SpinOne can help do this by selecting files that are the most accessed.  You can see more about how SpinOne speeds up backups here: https://spin.ai/blog/best-google-drive-backup-solution/ but make sure you run those real-world tests!

What are the Three Hardest Things to Say?

“I’m sorry”

“I was wrong”

“Worcestershire Sauce”

– Thanks to Adam Rose for the joke.

Are your Backups Another Attack Vector?

Your backups need to be protected as an attack vector.  Major security compromises that have occurred in recent years have actually occurred because of backup systems that were compromised and were not inventoried or monitored.

As I mentioned above, what about physical access issues like insider threats? Theft? Are your backups encrypted?

For SpinOne, they support numerous industry identity providers including Google’s SSO and their own Multi-Factor Authentication.  Additionally, their data is encrypted in transmit and at rest using immutable techniques. 

Don’t know much about Multi-Factor Authentication?  Check out my blog on Multi Factor Authentication for Google Cloud – Mandatory in 2025.

Did you know that Google Vault is NOT a backup?

Google Vault is a fabulous eDiscovery tool but at its core, Vault is a system of pointers to existing data.  Vault is NOT a backup system and Google is not infallible.  So having a backup solution like SpinOne is recommended.  Don’t believe me?  Check out the Google Support Article on “Is Vault a data backup or archive tool?”.

One Feature of SpinOne that is Free & I Really Like 

SpinOne has a product called Risk Assessment.  This is designed to protect against malicious Browser Extensions and OAUTH Applications.  Spin.AI maintains the largest database of extensions and applications, currently at 400K in Oct 2024 and growing!

If you are interested in Spin.AI’s Risk Assessment at https://spin.ai/application-risk-assessment/, there is a free version that gives an extension by extension reports.  The paid version can give a snapshot over time and what users are actively using as well as adding a blocklist / whitelist feature with automated policy workflows.   

More information is available at: https://cloud.google.com/blog/products/chrome-enterprise/secure-enterprise-browsing-more-data-protections-visibility-and-insights

Why Dad Jokes?

Dad Jokes are one of my “2 Secrets to Streamline Cybersecurity Projects” that I use at Dito.  Check out my article at https://inboxexpo.com/2-secrets-from-from-kam/. 

Questions?

Have more Questions? Interested in getting help with your Backups? Disaster Recovery? Policies? Cybersecurity? more?

Dito is a Spin.AI Partner, a Google Premier Partner, and a Google Security Partner of the Year winner.  Reach out to askKAM@DitoWeb.com.