Security & data protection: when two become one

Security and data protection are no longer separate concerns. Instead, they are two sides of the same coin, one inextricable from the other. If not considered as such, then a revaluation of your cybersecurity strategy is in order.

Backups are widely seen as an “insurance policy”. If an organization is the target of an attack, with data deleted or encrypted for ransom, restored backups can make this far less catastrophic to operations.

As always, threat actors have wised up and shifted their tactics. They now target backups in 93% of cases, and succeed 57% of the time.

This is why security and data protection need to merge, creating a singular idea of “resilience” that unifies robust security measures with comprehensive data protection. Thanks to changing threat tactics, the security of backup infrastructure and the immutability of backup data are not just best practice, but essential requirements.

The need for backup and data protection

Microsoft 365 is one of the most commonly used office suites, but the need for third-party backup is often overlooked. This is partly because it has a built-in backup solution, but also an assumption that as a service it is “safe”. This could be a costly mistake. Critical data is often centralized in OneDrive, SharePoint, Teams, and Outlook—making Microsoft 365 services a tempting target for attackers.

Microsoft does recommend third-party backups in its service agreements, and we are starting to see this advice being followed. A 56% increase in recovery events related to Microsoft 365 domains in the last year shows the necessity of Microsoft 365 backups and that many are heeding this recommendation.

Microsoft 365 isn’t the only service where backups are required, of course, but it’s a good example of where this need can be easily missed, and why thinking about “resilience” is key.

Diversifying for watertight insurance

Ransomware groups are targeting backups, and they’re not subtle about it. Both research and public claims by threat actors make it clear: disabling the ability to recover data is a key objective of modern cyberattacks. To counter this, cyber resilience must go beyond reacting after the damage is done. It must include prevention, early detection, and well-practiced recovery.

The first step is isolating the backup infrastructure, the metadata and storage, keeping it off the primary network. This significantly reduces the attack surface, ensuring backups remain secure and harder to reach.

Second, access to backup systems must be tightly controlled. Enforcing multifactor authentication and following the principle of least privilege is essential. Ideally, unique, dedicated accounts should be used exclusively for backup access, never shared with other systems or users.

Third, organizations should maintain immutable copies of their backup data. These tamper-proof versions cannot be altered or deleted, providing a powerful safeguard against ransomware and other threats that aim to corrupt or destroy recovery points.

Fourth, cyber-ready organizations don’t just trust their backups—they test them. Regular, full-scale recovery drills conducted in a clean, isolated environment are vital for verifying that data can be restored reliably in the event of an incident.

Finally, even with multiple layers of defense in place, true resilience requires ongoing vigilance. Continuous monitoring for anomalous activity—such as deleted backups, altered retention policies, unexpected job selections, or unusual file modification patterns—can help surface early signs of compromise.

Feeding these alerts into a security team’s preferred SIEM tools ensures a swift, coordinated response. Increasingly, AI-powered anomaly detection is enhancing this process by automating threat identification and reducing the need for manual troubleshooting or recovery interventions.

Compliance sets the standard

The merging of security and backup into “resilience” will be driven by compliance. Compliance standards are prioritizing cyber resilience, blending prevention, detection, and recovery into unified frameworks. Examples of frameworks that recognize BDR as best practice include NIS2, Cyber Essentials, CMMC, and Essential Eight, and it is also common regulations targeting specific sectors such as financial services.

These industry-specific and global regulations require organizations to demonstrate both preventative measures to stop an attack and their robust recovery plans should these barriers be breached. For businesses that have not fully implemented their plans, perhaps because of internal resistance to the cost or uncertainty around exactly what action needs to be taken, new regulations will force their hand.

Cyber insurance is yet another driver. A simple backup is often not enough to attain a cyber-insurance policy. The cyber-insurance industry increasingly expects and demands immutable backups as a non-negotiable item. Insurers are also more hands-on and will also play an increasingly central role in incident response, coordinating legal, forensic, and ransomware negotiation efforts.

What to do next?

When thinking about backup and data protection, compliance is a good place to start. Aligning to compliance frameworks means following best practice guidance and the ability to prove due diligence to cyber insurers. But it’s important to think beyond compliance and look at where attackers will take opportunities to attack backup along with other systems—and build in resilience whenever possible.

We've featured the best data loss prevention.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro