Innovation in Compliance - The Role of Backup Systems in Cybersecurity Defense with Curtis Preston

Thomas Fox - Compliance Evangelist
Contact
LinkedIn
Facebook
X
Send
Embed
According to Curtis Preston, Chief Technical Evangelist at Druva, cyberattacks are not a matter of “if” but “when.” In this episode, Curtis and I dive into the importance of backup systems and cyber resilience to protect against ransomware and other types of cyberattacks. Curtis shares his insights on how to limit the blast radius of an attack, why you should assume a breach, and the need to have a playbook and a cyber response team in place. We also discuss the role of state-sponsored attacks in non-kinetic warfare and the need for See more +
According to Curtis Preston, Chief Technical Evangelist at Druva, cyberattacks are not a matter of “if” but “when.” In this episode, Curtis and I dive into the importance of backup systems and cyber resilience to protect against ransomware and other types of cyberattacks. Curtis shares his insights on how to limit the blast radius of an attack, why you should assume a breach, and the need to have a playbook and a cyber response team in place. We also discuss the role of state-sponsored attacks in non-kinetic warfare and the need for increased cyber resilience as we approach 2030.

W. Curtis Preston has 30 years of experience in the backup and data protection industry. He started his career at MBNA, the second-largest credit card company, in 1993 and has been specializing in backup servers ever since. He is currently the Chief Technical Evangelist at Druva, where he talks, writes, and hosts podcasts about data protection systems. Curtis is also known as ‘Mr. Backup’, a moniker that he adopted while writing his first book on backups.

You’ll hear us discuss the following:

1. SaaS-based data protection systems are becoming increasingly important as more companies rely on SaaS infrastructures like Microsoft 365 and Google Workspace. Companies should not count on these providers to protect their data; they should consider using SaaS-based backup systems instead.

2. Curtis tells me, “There should be security interest, technical, storage, and network interest. All of those interests should be reflected in the implementation of such an important system as a data protection system.”

3. Ransomware attackers are now targeting backup systems directly, making it crucial for companies to modernize the security infrastructure of their backup systems. They can do this using SaaS-based systems with modern security features such as multi-factor authentication, triggers and alerts, and the concept of least privilege.

4. The inefficiencies and difficulties of a typical on-premises backup infrastructure, such as overbuilding and overengineering, can be solved using a SaaS-based system where companies only pay for what they use.

5. Fire or ransomware drills can help companies develop “muscle memory” and test their incident response playbook before an actual attack occurs.

6. Role-based administration is important to limit the blast radius if an administrator’s account is compromised. Each person involved in the backup process should have specific roles and responsibilities.

7. State-sponsored attacks on American businesses, especially from Russia, are increasing. It’s important to beef up defenses, assume breaches, and have a playbook ready to respond to ransomware attacks.

8. By 2030, cyber resilience and protection topics will increase as people become more aware of cyberattacks. Passwords will be a thing of the past, and people will have to live in a world of constant cyberattacks.

9. A robust backup plan with sufficient security protocols is essential to recover from a cyberattack. It’s important to have the backup system completely air-gapped from the primary network.

10. Druva is a SaaS provider offering a backup system stored behind a different authentication and authorization system. The data and metadata are separated for security reasons and constantly monitored for security purposes.

KEY QUOTES:

“Today, I think the average user is so used to equipment that just works, they don’t think as much about backup and recovery, I think, as we did back in the day.” – Curtis Preston

“By the way, I do think by 2030, passwords will be a thing of the past.” – Curtis Preston

“It also has a robust backup plan in place with sufficient security protocols and that when you are attacked, not if when you are attacked, they can’t take your star player out, and if it all does go down, you have a way to at least build back.” – Curtis Preston See less -

Embed
Copy
Send Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomas Fox - Compliance Evangelist | Attorney Advertising

Written by:

Thomas Fox - Compliance Evangelist
Thomas Fox - Compliance Evangelist
Contact
more
less

Thomas Fox - Compliance Evangelist on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide