Backups and Cybersecurity


How Backups are Related to Cybersecurity

What are Backups?

Backups are an exact copy of our organization's most important data. Such backups should be kept off the affected system - so that a potential failure or attack does not deprive us of access to all our data.
In the safest case, the data should be kept on external drives disconnected from the Internet and power grid. Backups can be compressed, to reduce their consumption of disk space.

It is also good practice to copy encryption backup to make it difficult for unauthorized use.

What is the effect of not having backups?

Failure to have an up-to-date backup of vital data can have lamentable consequences. Losing access to our important data means losing years of our work and having to spend additional time reconfiguring the affected systems.

Examples of threats to our data include:

  • ransomware attacks - an attacker who exploits some security vulnerability in the system will get into the system and be able to encrypt data and demand a ransom in exchange for the decryption key
  • equipment failure - electronic equipment has an interesting property - it likes to break down unexpectedly; if the drive on which important data is kept is damaged, in all probability at least some of it (if not all) will be lost irretrievably
  • Human error - even the most experienced administrators can sometimes make mistakes, if such a mistake would involve, for example, mistakenly deleting data, it is worth having the ability to recover it.

When Should you Make Backups?

Data backups should be done as often as possible, In an ideal scenario, you’d do it with every change. While it’s theoretically possible to achieve this perfect situation, the costs and resources needed would be ridiculously high. So, it’s essential to find a balance between using as few resources as possible for maintaining current backups and minimizing the potential loss of data that hasn't been backed up. You shouldn’t stick to just one backup copy; for better security, it’s wise to keep multiple backups. It’s best to schedule backups outside of working hours, so the resources consumed by this process don’t disrupt the organization’s operations.

Summary: let's rush to back up data, in the face of attacks and failures, data is gone so fast....

Tomasz Jurgielewicz

Head of Security Department at Lukardi. For the past 10 years, he has led a team of SAP Security specialists, providing comprehensive services and tools to secure SAP systems and optimize licenses. Experience in the areas of: - identification of authorization conflicts and authorization reorganization, - identification of SAP vulnerabilities, - integration of SIEM solutions with SAP, - optimization of SAP licenses.