Should You be Using Continuous Data Protection in Your Cybersecurity Defenses?

Data is the lifeblood of every modern business. Yet this means that when things go wrong with your digital assets, the damage done can be immense. Whether it’s downtime as the result of problems like hardware failures, or something more malicious, any time spent offline – because employees and customers are unable to access key data – can cost firms thousands of dollars every minute.

Cyberattacks should be a particular concern when it comes to protecting your data. Criminal groups fully understand how vital this is to the smooth running of a business, which is why they increasingly use disruptive attacks such as encryption ransomware and double extortion to pressure firms into handing over money in exchange for restored access to data.

In 2023, some of the  high-profile brands to be targeted by this form of cyberattack included the Guardian newspaper and Royal Mail. In the case of the latter, the breach prevented the delivery group from shipping overseas and processing many packages, highlighting just how much damage can be done to an organization’s core business when critical data and applications are compromised. 

Ultimately, it took weeks for normal operations to be resumed, affecting not only the company itself, but thousands of other businesses that relied on its services. This illustrates the huge knock-on effects that can occur when ransomware groups target highly interconnected firms and those involved with key infrastructure. 

Traditionally, one key line of defense against such attacks has been comprehensive, regularly scheduled backups that firms can turn to if their primary data is encrypted or destroyed. But even if this is successful, relying on periodic backups means organizations may still lose valuable information, and with cybercriminals constantly refining their tactics to counter this, new solutions are required. For many firms, this is where continuous data protection software comes in.

Continuous data protection, or CDP, refers to a practice whereby new backups of your critical and most sensitive data are created every time a user makes a change. This contrasts with traditional backup solutions that are conducted on a regularly scheduled basis, which may fail to restore any changes made prior to the planned data replication and backup processes.

Data protection is an essential part of any cybersecurity and disaster recovery strategy, as the consequences of failures can be huge. According to IBM, for example, the average cost of a data breach in 2023 is $4.45 million – but this rises to $5.13 million for ransomware attacks that specifically target valuable data.

What’s more, one in four incidents (25 percent) render systems inoperable, illustrating the importance of having an effective backup software solution that can offer rapid recovery of file systems or other data that is critical to the operation of a business.

As such, a good data security strategy must be multifaceted. Broadly speaking, these efforts fall into a few key categories. These are:

• Encryption: Ensures lost or stolen data cannot be read by unauthorized parties
• Data recovery: Allows firms to restore damaged, encrypted or deleted files from the previous backup window
• Access management: Ensures only approved individuals can access and edit data, both physically and digitally
• Anti Data Exfiltration (ADX): Prevents data being removed from a business

A continuous data protection solution works as part of a backup and data recovery strategy, and so the term is sometimes used interchangeably with continuous backup software.

CDP backup services tend to fall into two categories. The first is True CDP, which writes to a backup every time a user makes a data change. This allows organizations to achieve a Recovery Point Objective (RPO) of zero – in other words, no data will be lost when restoring from backup. A true continuous data protection system should also provide a complete record of changes, enabling you to restore to any point before a data loss or ransomware incident.

The second is Near CDP. Technically, this still uses scheduled backups in the same way as legacy systems, but it will typically have a much higher frequency rate. This offers businesses a wider variety of recovery points, enabling them to revert to a more recent position than traditional backup methods would allow, should they experience a hacking attack or data corruption incident. However, they will usually only keep a certain number of backups to save on storage space, with the oldest ones being overwritten regularly.

Regardless of which option your service provides, the next factor to consider is where the CDP solution backs up. Typically, firms that need fast response times will opt to write to an on-site backup, usually a dedicated server, that allows for almost instant data recovery. The alternative – off-site backup, typically using technology such as tape backup – offers better security as it is isolated from the primary network although it is slower. Cloud storage provides a number of advantages for this, allowing firms to automate many of their key processes and make a more rapid recovery, but it does mean businesses may have less control over their data.

A continuous data protection system aims to solve the issues caused by having a scheduled backup solution. In these situations, any changes made to systems between backups can be lost if there is an outage or cybersecurity incident that requires data recovery, while reliance on legacy technology such as tape backups can often slow down the process of data recovery.

One continuous data protection feature that will be especially important to many businesses is its ability to improve a firm’s recovery time objective (RTO) and get operations back on track again quickly. The longer firms are offline, the more it will cost, and the more backlogs will build up. This means even when you are up and running, it will cost additional time and resources to recover to a fully functional state.

Continuous backup software therefore enables you to reduce the amount of lost data and lets you pick up exactly where you left off. Other advantages include:

• Improved scalability
• Backup to a data snapshot of any point in time
• Full record of changes for audit/compliance

There are, however, a few issues that will need to be considered before firms move from a traditional incremental backup approach to a continuous data protection solution. For starters, this solution has high resource demands. It effectively doubles your data throughput as every action requires replication to the backup servers. They also require disk-based storage and high performance.

While managed services technologies such as cloud computing can help with this exponential increase in data volumes, continuous data backup can be a much more costly solution, especially if capital investment in new physical disk storage hardware is required. It also needs to be managed carefully to avoid the risk of it becoming a single point of failure for an organization.

Failing to protect your business’ digital assets – whether this is intellectual property, future research and development plans or your customers’ personal data – can be very costly, not only in financial terms, but also how your business is viewed by customers. Brands with a reputation for being careless with confidential data will struggle to regain trust and, in the long term, may ever run the risk of failing completely.

The number of deliberate ransomware attacks that seek to encrypt files, steal personal data and extort payments from businesses is on the rise. Any downtime caused as a result of this means direct lost business and additional costs to restore systems and protect against future incidents.

However, the long-term reputational and financial effects go far beyond this. Data privacy matters to both customers and regulators and both will severely punish negligence. For example, the EU’s General Data Protection Regulation, or GDPR, can fine firms up to $20 million or four percent of global turnover – whichever is higher – for failing to protect personal data. Collectively, GDPR fines have now totaled over €4 billion, showing that regulators are not afraid to use these expanded powers. Meanwhile, the California Consumer Privacy Act (CCPA) also threatens fines of up to $7,500 per violation for breaches of data privacy – which can quickly add up to millions of dollars for large firms with many customers.

Many traditional data backup systems now struggle to provide the comprehensive protection levels that businesses require. While they are still an essential part of the data protection landscape, protecting against issues such as hardware failure, their limitations have become apparent in a new era of always-on business and more sophisticated attacks.

As well as the risks you run when losing even a few hours’ worth of data, encrypting files is now only a small part of how ransomware groups operate. The real gold mine for cybercriminals lies in the data itself, which they can exfiltrate from a business and then use to extort firms, or sell on directly for profit.

Therefore, it’s important to note that even a true continuous data protection  solution can’t protect you from these threats if cybercriminals are able to exfiltrate sensitive information before encrypting it. As such, while the ability to instantly restore data quickly plays a major role in getting up and running again in the event of a ransomware attack, it only addresses half the problem.

If you’re unable to prevent data from leaving your network, cybercriminals will still have a hold over you. That’s why solutions like a CDP system must be used in partnership with other data security tools such as ADX to ensure your business is fully protected.