5min

Cybersecurity and resilience: the data backup

Data breaches pose a risk to users, customers, and the very functioning of a company or institution.
Cybersecurity Information System Mapping

IBM’s 2025 “Cost of a Data Breach” report indicates that the average cost per data breach is $4.4 million. Whether sensitive or not, if data is compromised, stolen, or deleted, business operations may be interrupted, resulting in operating and financial losses. And that’s not counting the risk of penalties that may be added to the bill as a result of legal proceedings, loss of customer and user confidence, or even loss of market share.

In 2024, stolen credentials were the most common attack vector, and was also the case that took the longest to identify and contain the breach (approximately 10 months).

Whether it’s stolen or compromised data in a silent cyberattack or via a ransomware, whether it’s confidential internal company data or user or customer data, it’s imperative to protect them, particularly through backups to foster resilience in the event of an attack.

Here is a practical guide that summarizes the main causes of data loss and provides basic, actionable tips for an effective backup system.

Possible causes of data theft or compromise

Cyberattacks  

An organization’s data can be stolen through industrial or state espionage, or as part of a ransom demand. 

The number of active ransomware groups increased by 38% between 2023 and 2024, as did the number of victims (+12%). Ransomware is a serious threat to organizations, with a growing impact as attackers are no longer content with demanding a single ransom, but now demand several (to return the data, to not leak it, to not disclose the compromise, etc.). The risk is not only that data will be stolen, but also that it will be destroyed or exposed – with all the cascading risks that this entails if the exposed data includes identifiers.

The human factor  

The human factor is often at the heart of security incidents: accidental data deletion or formatting of IT equipment, misconfiguration of data management tools or devices, incorrect rights assignment, or even deliberate malicious acts by information system users. Human intervention, whether intentional or unintentional, can be the cause of security incidents that lead to data compromise.

Technical failures 

A study conducted by Splunk mentions that 56% of technical failures have an impact on cybersecurity. Server, hard drive or software failure, compatibility issues between solutions, failure to update, or lack of patches… Each of these failures can be exploited by attackers to compromise data security and, more broadly, the information system. Poorly managed rights can lead to sensitive data being accessed and exposed by users of the information system, or a vulnerable application can be an entry point for attackers.  
 

Physical disasters 

The risks to data are not only related to IT incidents. Physical disasters can also cause damage that leads to data loss if they affect the equipment used to store or process data: fire, flood, natural disaster, intrusion, theft, etc. For that reason, data security obligations do not only cover IT but also means of protection in general.

Despite extreme vigilance, it is impossible to predict all situations that could lead to data loss. IT attacks are inevitable, and security teams must therefore be prepared to deal with them and recover as quickly as possible. Data backup is one of the essential prerequisites for restoring an information system. Let’s take a look at some essential best practices.


Data protection and backup: best practices

Compliance  

Regulatory and legislative frameworks such as NIS 2, DORA, and GDPR provide a foundation for complying with data backup best practices. More than just constraints, they provide good support for data protection and backup, for example by requiring data to be retained or devices and protection levels to be checked regularly.

Identify the most critical assets 

Mapping the information system is crucial to identifying the assets that need to be protected as a priority as not all data requires the same level of protection – for example, users’ IDs to access sensitive systems are more critical to the security of the information system. We will return to protection measures later.

In the event of a data incident, restoration actions must be prioritized according to their impact on the business. For example, data used to access business applications needs to be restored more quickly than data from a media library.  

Note: data identification and mapping must cover assets hosted internally as well as in the cloud or via SaaS applications.

Encrypt and secure backups 

Data encryption aims to prevent data from being exploited in the event of an intrusion or theft from the information system. It involves transforming the data into a secret code that requires a digital key to read. Encryption ensures the confidentiality, integrity, and authentication of data. It also protects against interception attacks.

Backups themselves must be secure. The 3-2-1 system is one of the best practices and is based on creating 3 copies of the data on 2 different media, including 1 copy stored off-site and offline.
 

Plan and test backups 

Backups must be updated and tested regularly to ensure that they are still working and accessible in the event of a cybersecurity incident. The frequency should be determined according to the organization’s activity, based on the pace at which data changes in the field.

Data backup: efficiency rhymes with simplicity 

An effective backup strategy relies heavily on its simplicity. The more accessible and readable the backup plan is, the easier it will be to put into practice and therefore useful in the heat of the moment. Also, the fewer steps and manipulations it requires, the easier it is to activate and maintain.

Keep in mind that data backup is a crucial best practice that is part of a broader cyber strategy. In other words, it is one of the building blocks for protecting an information system, but not the only one in terms of IT hygiene! Detection and protection tools (EDREPP, etc.) and attack surface management tools are essential to the arsenal of IT security managers.

Find out how to ensure detection and protection
that are both proactive and reactive for your workspace:


All about HarfangLab's plans

More articles

Cybersecurity Platform MITRE Evaluations

Unify your Security Operations Center and Vulnerability Operations Center

Vulnerability management is growing increasingly complex as the number of CVEs and the attack surface expand and evolve. Including vulnerability…

Read more
4min
Methodology
Phishing

Phishing: sharing best practices to protect Information Systems

From small businesses to large corporations, from town halls to state institutions, no organization is immune to cyberattacks. Let’s take…

Read more
3min
Methodology
Cybersecurity - Offensive vs. Defensive AI

Cybersecurity: Offensive vs. Defensive AI

Artificial Intelligence can be used by organizations to guard against and react to threats, but also by attackers to commit…

Read more
2min
Methodology
Cybersecurity - Security Platform

Email account compromise: assessing and containing an incident

How should you respond if your information system is affected by a security incident involving the compromise of one or…

Read more
8min
Methodology