Evolving the Golden Rule of Backup – How to Implement a Modern 3-2-1 Program

The pandemic changed everything about business operations. Suddenly, there was an immediate need for organizations to adapt: production slowed, employees scattered to remote work environments, and cybercriminals jumped at the opportunity to exploit IT systems, many of which were already stretched thin.

The Acronis Cyberthreats Report 2020 revealed that nearly one-third of companies were attacked by cybercriminals every day during the last year. Ransomware threats loomed as organizations raced to adjust to new remote work requirements, and more than 1,000 organizations around the world had their data leaked following a ransomware attack.

This explosion in complexity, security, and privacy challenges isn’t going to subside when the pandemic comes to an end. Instead, organizations should expect attacks to continue to grow – particularly targeting remote workers whose home networks and systems are inherently less secure than corporate networks. That’s why it’s more important than ever to establish an integrated cyber protection process to keep their entire distributed infrastructure safe – from data to applications to systems.

To do that, organizations need to take a fresh look at the golden rule of backup and implement a modern 3-2-1 backup program that better meets the shifting cybersecurity landscape.

The 3-2-1 Rule of Backup

For years, the 3-2-1 rule of backup has been touted by Leaseweb, Acronis, and others across the industry as a best practice for companies pursuing data protection. The concept is simple: to protect data across physical, virtual, and cloud environments, IT professionals should make three copies of data, store it in two different formats, and make sure at least one copy is kept offsite.

In the past, this process effectively prevented data loss by diversifying storage and ensuring that no single data loss event could affect all versions. Unfortunately, advances in cyberthreat sophistication such as the ones we’ve seen in the past year mean the original 3-2-1 rule needs to be refined to remain effective.

Flaws in the Original 3-2-1 Rule

Modern cyberthreats, including ransomware strains that first made headlines over a year ago, have evolved to detect and disable many traditional backup solutions, eliminating the chance that victims will be able to restore their systems without paying for decryption. Since legacy backup solutions lack the cybersecurity features needed to protect their own operations and detect and repel attacks targeting them, this infiltration destroys any chance of recovery, regardless of how recently they were performed or how they were stored.

Even worse, a ransomware trend that’s arisen within the last year makes complete data backups worthless without needing to disable backup systems. The threat of data leaks as a consequence for victims arose many times in 2020 cybercrime news, with Brown-Forman, Canon, and CWT all having private corporate data exposed online.

Today about 20 different ransomware groups have dedicated pages for data leaks and more than 700 companies have had their data published. Even with a reliable backup to revert to, these data breaches can cause significant damage for organizations including reputation loss, follow-up attacks, and various fines. If the data leaked includes private customer data it may even be punishable under privacy regulations such as GDPR or CCPA.

Updating the 3-2-1 Rule of Backup

For modern organizations to achieve the same level of protection the 3-2-1 plan originally delivered, it’s important to incorporate cybersecurity capabilities with data protection best practices. Acronis Cyber Protect Cloud, available as a recommended backup solution for all Leaseweb customers, does just that.

In addition to enabling flexible backup and recovery storage options that adhere to the 3-2-1 rule of backup, Acronis Cyber Protect Cloud offers built-in AI-based anti-ransomware technologies designed to detect and prevent ransomware attacks from costing your organization time and money. The solution enables easy vulnerability assessments to identify vulnerabilities and prevent cybercriminals from trying to exploit OS or application security gaps.

Learn how Acronis Cyber Protect Cloud can modernize your backup and security capabilities here.

This article was written in collaboration with David Kostos, Content Marketing Specialist at Acronis.