World Backup Day: Data backup insufficient to protect against cyber attacks

Backups are undoubtedly an essential part of any IT security strategy – at the same time, they often provide a deceptive sense of security

[datensicherheit.de, 03/25/2025] In his latest expert commentary, Volker Eschenbächer, „VP Sales International (EMEA & APAC)“ at Onapsis, addresses the upcoming „World Backup Day 2025“: „On 31 March, ‚World Backup Day’ reminds companies worldwide to back up their data regularly. Backups are undoubtedly an essential part of any IT security strategy – at the same time, they often provide a deceptive sense of security.“ He even warns: „Anyone who believes that a solid backup alone is enough to protect ERP systems from cyber attacks is making a dangerous misjudgement!“ In his statement, he discusses the current threat situation and highlights the measures that companies should take to protect themselves in addition to traditional backups.

Foto: Onapsis

Volker Eschenbächer: „A backup is good, security measures that prevent an emergency from occurring in the first place are better!“

Solid backups fuel ransomware 2.0 – blackmail through data publication

„For a long time, the biggest risk of ransomware attacks was that organisations would lose access to their data. But now that many organisations have robust backup strategies in place, more and more cyber criminals are turning to a new tactic with a double and even triple blackmail method: encryption, data exfiltration and blackmail through publication threats.“

Instead of „just“ encrypting the data, attackers steal sensitive information, for example from ERP systems – such as customer details, supplier conditions or strategic financial data or technical documents such as construction plans, production processes and software codes – and threaten to disclose or sell them.

This approach is not only potentially threatening the pure existence and reputationally damaging, but also particularly dangerous for companies with strict data protection and compliance requirements, as disclosure can have significant regulatory consequences. „In many cases, companies are then forced to pay the high sums demanded, even if backups would enable the systems to be restored.“

Backups are necessary – but by no means sufficient on their own

A backup therefore protects against data loss, but not against unwanted changes or targeted attacks on critical business processes. „ERP systems contain highly sensitive information that not only needs to be backed up, but also actively protected and monitored.“ Without a holistic security strategy, attackers could gain undetected access to ERP data, make malicious changes or blackmail with the publication of stolen data.

In addition to regular backups, which are a proven method of minimising damage in the event of system failures or classic ransomware attacks with encryption, Eschenbächer says that a „multi-layered security concept“ is required that detects potential attack surfaces at an early stage, automatically closes vulnerabilities, prevents manipulation and ensures system integrity. This includes

• Automated log monitoring and “24/7“ monitoring for anomalies and suspicious activities in ERP systems.
• Zero-trust security models with strict access controls to prevent unauthorised access, changes and exfiltration.
• Automated patching of vulnerabilities to prevent attackers from gaining access to networks and systems in the first place.
• Transaction and code checks to detect hidden manipulation.

„World Backup Day 2025“ should encourage a holistic approach to security

The annual „World Backup Day“ is a valuable reminder for companies to realise the essential role of data backup. „However, in view of the latest attack tactics, a pure recovery concept cannot prevent business data and processes from being compromised or regulatory requirements from being violated.“

A holistic approach to security must therefore go beyond this. Companies should rely on preventative measures such as continuous log monitoring, vulnerability scanning and zero-trust concepts in order to recognise and ward off threats at an early stage.

In addition, automated IT security solutions are essential for identifying misconfigurations in real time and consistently meeting compliance requirements. „Ultimately, a backup is good, but security measures that prevent an emergency from occurring in the first place are better,“ Eschenbächers concludes.

Further information on this topic:

www.kuriose-feiertage. 03/06/2025
World Backup Day – Internationaler Tag der Datensicherung 2025

WORLD BACKUP DAY
Schützen Sie Ihre Daten / Seien Sie vorbereitet gegen Datenverlust und Datendiebstahl. Sichern Sie Ihre Daten am 31. März.

datensicherheit.de, 03/28/2024
Status Quo zusätzlicher Datensicherung: ExpressVPN-Umfrage zum World Backup Day 2024 / Jährlicher World Backup Day gemahnt daran, sensible Daten entsprechend sorgfältig zu sichern

datensicherheit.de, 03/27/2024
Bernard Montel kommentiert World Backup Day 2024: Montel betont: Backup ist nicht gleich Backup – und es geht nicht nur darum, eine Checkliste abzuhaken

datensicherheit.de, 03/26/2024
World Backup Day 2024: Backup für Cyber-Sicherheit notwendig, aber noch nicht hinreichend / Cyber-Kriminelle haben es oft direkt auf gesicherte Daten abgesehen