Backups aren’t enough: A Backup & Disaster Recovery Case Study

If you’re a business owner, you’re probably aware of some type of data backup that goes on behind the scenes – but is this backup comprehensive enough to restore all company data if disaster strikes?

A regular backup simply replicates your company data to a singular location. Depending on how the backup is formatted, it might not be backed up frequently enough or tested regularly, making it inadequate should the worst happen.

Here at BCS, we practice Advanced Backup & Disaster Recovery (ADR) provided by Acronis, the leader in cyber protection. Backups with ADR are stored in a variety of locations; both physical & cloud-based. ADR is centered around Business Continuity, meaning it’s a robust solution for businesses that want to be up and running in minutes following a hardware failure, human error, cyberattacks, or natural disasters.

What’s the difference between regular backups and ADR?

As mentioned previously, regular backups are just about data retention and will not provide you with a complete safety net should your systems go down. Having a basic backup in place will likely lead to costly delays in production, lost productivity, and disruption of customer service.

ADR is considered a complete solution as it covers the following areas:

• Regular backups performed every 20 minutes
• Backups stored in multiple locations, following the 3-2-1 rule (having at least three copies of your data, two local but on different media and at least one copy off-site)
• Backup testing performed at regular intervals
• Implementation of a Disaster Recovery Plan
• Defining a Recovery Time Objective and Recovery Point Objective (RTO & RPO)

The Case Study

An SME based in Kent was struck by a large ransomware attack in 2021, carried out by a well-known cyber gang. At the time, they had around 200 employees and a similar amount of customers – that’s a lot of data!

This business was creating backups, and storing them offsite however there was no cloud replication, meaning they only had physical backups available that were not separate from the main network. Furthermore, they had no Disaster Recovery Plan in place for a situation like this, meaning they were at risk of being down for longer.

This was the mistake that cost the business data, time, money and reputation.

The cybercriminals had been sitting on the network for weeks gathering information on how to impact the business effectively. On the day of the attack, the cyber gang caused all systems to go down immediately – kicking out all employees from the network. The criminals located all of the physical backups (even the offsite ones) and locked them away, meaning the business had now lost critical data and couldn’t restore their systems to a time prior to the cyber attack.

After freezing all company actions, the cyber-gang asked for £1.6 million in return for a decryption key – the only antidote to restore their systems.

The company experienced heavy disruption for a number of weeks before eventually ejecting the cyber gang and assessing the damage.

In the end, the entire network and server infrastructure had to be rebuilt, inflicting large costs, and a complete halt in production until the systems were finished. Additionally, unhappy customers were piling up and the company was potentially exposed to fines, legal action, and even data breach notifications.

The Lesson Learnt

Imagine if the company mentioned in our case study had Advanced Disaster Recovery? If this organisation had backups that were located offsite and isolated from the main network They would have been able to restore their company data within a matter of minutes. ADR also meant that only a maximum of 20 minutes’ worth of data would have been lost due to the high frequency of backups.

Ultimately, having a comprehensive ADR system in place is essential for any organisation that wants to protect company data and remain compliant with industry regulations.