Part 8 of our comprehensive Essential Eight cybersecurity series for Australian businesses.
The Final Safety Net
We've covered seven Essential Eight strategies that help prevent and limit cyber attacks. But what happens when prevention fails? What if ransomware encrypts your systems despite your best defenses?
Regular Backups are your answer—the strategy that ensures you can recover even from the worst-case scenario.
Why Backups Matter More Than Ever
The Ransomware Epidemic
Ransomware attacks against Australian organizations have exploded:
- ▸Average ransom demand: $1.4 million AUD
- ▸Average downtime: 21 days
- ▸Recovery cost: Often 5-10x the ransom amount
- ▸Data recovery rate (after paying): Only ~65%
With proper backups, you can refuse to pay and still recover.
Beyond Ransomware
Backups protect against many threats:
- ▸Hardware failure: Disks fail, servers die
- ▸Human error: Accidental deletion or overwriting
- ▸Natural disasters: Fire, flood, power events
- ▸Malicious insiders: Deliberate data destruction
- ▸Application bugs: Corrupted databases or files
The 3-2-1 Backup Rule
The classic backup strategy remains valid:
- ▸3 copies of your data
- ▸2 different media types (disk + tape, or disk + cloud)
- ▸1 copy offsite (or in the cloud)
Modern Enhancement: 3-2-1-1-0
An updated rule for the ransomware era:
- ▸3 copies, 2 media types, 1 offsite
- ▸1 immutable copy (cannot be modified or deleted)
- ▸0 errors (regular testing and verification)
Maturity Levels for Backups
Maturity Level One
- ▸Daily backups of important data
- ▸Backups stored disconnected from network when not in use
- ▸Test restores performed periodically
- ▸Retention aligned with business requirements
Maturity Level Two
- ▸Automated backup processes
- ▸Backups stored in a separate network segment or offline
- ▸Encryption of backup data
- ▸Regular restoration testing with documented procedures
Maturity Level Three
- ▸Continuous or near-real-time backups for critical systems
- ▸Immutable backup storage (WORM or equivalent)
- ▸Geographically separated backup locations
- ▸Comprehensive disaster recovery planning and regular exercises
What to Back Up
Critical Data
- ▸Business documents and files
- ▸Databases and application data
- ▸Email and collaboration data
- ▸Configuration files and system state
Systems and Applications
- ▸Server images and virtual machines
- ▸Application installers and configurations
- ▸Active Directory and identity systems
- ▸Network device configurations
Recovery Information
- ▸Encryption keys and certificates
- ▸Password vault backups
- ▸Documentation for recovery procedures
- ▸Contact information for key personnel
Backup Technologies
Local Backups
- ▸Disk-based backup appliances: Fast backup and recovery
- ▸NAS devices: Network-attached storage for backup targets
- ▸Tape libraries: Cost-effective for large volumes and long retention
Cloud Backups
- ▸Native cloud backup (Azure Backup, AWS Backup)
- ▸Backup-as-a-Service (Veeam Cloud Connect, Datto, Acronis)
- ▸Object storage with versioning (S3, Azure Blob, GCS)
Immutable and Air-Gapped
- ▸Immutable storage: Write-once, cannot be modified
- ▸Air-gapped backups: Physically disconnected from network
- ▸Tape vaulting: Offsite tape storage with courier services
Protecting Backups from Ransomware
Modern ransomware specifically targets backup systems. Protect them:
Network Segmentation
- ▸Isolate backup infrastructure
- ▸Restrict access to backup systems
- ▸Use dedicated admin accounts for backup management
Immutability
- ▸Enable immutable retention on backup storage
- ▸Use object lock features in cloud storage
- ▸Consider tape or offline media for critical data
Access Control
- ▸Limit who can access backup systems
- ▸Require MFA for backup administration
- ▸Monitor backup system access and changes
Testing
- ▸Regularly test restore procedures
- ▸Verify backup integrity
- ▸Practice full disaster recovery scenarios
Restoration Priorities
Not all systems are equally critical. Define Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO):
| Priority | Systems | RTO | RPO |
|---|---|---|---|
| Critical | Core business apps, AD, email | 4 hours | 1 hour |
| Important | Secondary apps, file servers | 24 hours | 24 hours |
| Standard | Development, test systems | 72 hours | Weekly |
| Low | Archive, non-essential | 1 week | Monthly |
Common Backup Failures
Not Testing Restores
Backups that can't be restored are worthless. Test regularly.
Backing Up to the Same Network
If ransomware can reach your backups, they'll be encrypted too.
Insufficient Retention
Some attacks go undetected for weeks. Ensure you have clean restore points.
Missing Critical Data
Shadow IT and user devices often escape backup programs.
No Documented Procedures
In a crisis, clear documentation is essential for rapid recovery.
Disaster Recovery Planning
Backups are only part of the picture. Develop comprehensive DR plans:
- 1.Risk assessment: Identify threats and impacts
- 2.Business impact analysis: Prioritize systems and data
- 3.Recovery strategies: Define how you'll recover
- 4.Documented procedures: Step-by-step runbooks
- 5.Regular testing: Tabletop and full exercises
- 6.Continuous improvement: Learn from tests and incidents
Series Conclusion
Congratulations—you've completed our Essential Eight cybersecurity series! Together, these eight strategies form a comprehensive foundation for protecting Australian businesses:
- 1.Application Control: Only run approved software
- 2.Patch Applications: Keep software updated
- 3.Configure Microsoft Office: Block macro-based attacks
- 4.User Application Hardening: Reduce attack surface
- 5.Restrict Administrative Privileges: Limit blast radius
- 6.Patch Operating Systems: Secure the foundation
- 7.Multi-Factor Authentication: Protect identities
- 8.Regular Backups: Enable recovery
No single control is sufficient alone, but together they address the most common attack vectors and significantly reduce your cyber risk.
Ready to implement the Essential Eight? Cloudscape IT provides comprehensive cybersecurity services for Australian businesses, from assessment to implementation to ongoing management. Contact us for an Essential Eight readiness assessment.
---
This completes our Essential Eight cybersecurity series. For more cybersecurity insights, follow Cloudscape IT on LinkedIn or subscribe to our newsletter.
