Cybercrime is becoming a larger and more prevalent problem in the world, and no one understands that better than those tasked with ensuring an organization’s ongoing data protection. There was once a simpler time when a data security staffer would mostly wrestle with lost data issues resulting from on-premises issues, such as power-supply outages, disaster recovery and human error (accidental deletion).

Now data recovery is significantly more problematic because it must be able to withstand the efforts of some of the most technically sophisticated criminals to ever operate. The most recent findings show that 2023 ransomware attacks rose to USD 1.1 billion—a new record high. ¹ Further, these same figures indicate that despite law enforcement’s best efforts, criminal innovation is proving more robust and resilient.

A quick look at these same figures shows how they can shift dramatically from year to year. For example, it’s been calculated that ransomware attacks generated USD 983 million for the year 2021, but the next year saw a substantial drop in those illicit revenues, with 2022 only generating USD 567 million. ² Then, in 2023, cybercriminals bounced back strongly by posting their largest ransoms ever.

Beyond financial losses, organizations can lose plenty of other valuable assets due to cyberattacks, including efficiency sacrificed to increased downtime and a potential loss of their company reputation as a responsible steward of customer data. Similarly, SaaS providers to those companies can also forfeit customer trust, if service providers come to be seen as supporting a vulnerable platform or supplying SaaS products and SaaS solutions that can’t protect an organization’s data or its workloads.

To ensure business continuity, the modern backup and recovery solution needs to counter numerous threats and damage inflicted by various bad actors, who use an ever-expanding number of techniques to extort and/or paralyze companies around the world:

• Malware: Malware is piece of software containing one or more viruses that infect(s) an organization’s computer system from within.
• Data breaches: A data breach is when all or part of an organization’s holdings are revealed to the public, including critical data (which is a company’s most sensitive and important information). Data breaches can include granular data (which is sliced into subcategories and studied at a “granular” level). In an IBM study about the cost of data breaches, the figures for the year studied (2021) demonstrated a marked difference in the amount of costs suffered by companies that used security artificial intelligence (AI) and automation versus companies that did not.
• Ransomware: With ransomware, a criminal enterprise gains control of a company, freezes part of its business operations and then demands a ransom be paid before the organization’s computer functionality is returned to normal.
• Cyberattacks: A cyberattack can refer to any intentional outside disruption of a company’s business. Although it’s generally assumed that most cyberattacks are driven by the lure of criminal profit, that’s not always the case. Cyberattacks can be rooted in extreme philosophical differences or other non-monetary motivations. Cyberattacks can also come from foreign interests who wish to disrupt commerce and other normal operations (such as power-grid functionality) within other countries.

Proper data security measures begin with effective authentication protocols and access controls, to ensure only authorized personnel have access to the organization’s site and its data.

SaaS data protection measures begin with a properly implemented SaaS backup solution. This involves archiving all the data a company may get and have within its SaaS apps, including data backup created while using any of the following:

• Jira
• Microsoft SharePoint
• Salesforce
• Dropbox
• Microsoft Office 365
• AWS
• Box
• Google Workspace (formerly G Suite)
• Microsoft Azure Batch

Backup schedules may vary according to individual company needs and their own unique retention policies, but overall, maintaining the frequency of daily backups of essential data is key to a well-coordinated backup strategy. For this reason, most organizations opt to apply automation to backup data to facilitate regularly automated backups. They may even enlist the help of a dedicated backup service like Dropbox Backup, CrashPlan or Microsoft OneDrive if they’re not already backing up their cloud data in established data centers.

There’s now considerably more legal pressure on companies to protect their data, including stricter new guidelines that protect consumer rights as they relate to data. In the United States, the State of California’s sweeping California Consumer Privacy Act (CCPA) gives teeth to data privacy enforcement protocols. The CCPA (enacted into law in 2020) was based on the General Data Protection Regulation (GDPR) of 2018, implemented to protect European citizens and their data privacy rights. Both of these measures apply hefty fines to breaches of data security protocols.

Despite a company’s best intentions and its consistent use of backup software and backup tools, data-loss events can and do still occur. Should these incidents happen, the organization(s) impacted must take immediate action and assume a very proactive security posture.

Hopefully, they will already have taken proper action before it becomes necessary and will have drafted their own SaaS disaster recovery plan. Central to all SaaS recovery operations is creating and perfecting a customized SaaS disaster recovery plan. The term “customized” is used because the plan must reflect that particular organization’s needs and assets as nearly as it can. Disaster recovery solutions are hardly “one-size-fits-all” propositions. They must instead be crafted individually and thoughtfully, or risk being of little value. Meanwhile, the term “perfecting” is offered to underscore the importance of routine testing of SaaS recovery plans.

There are numerous reasons why testing may be the most critically important step in this process. For starters, testing identifies potential problems in the proposed recovery process so that the process can be refined as needed and still be re-implemented before a data disaster strikes.

Likewise, constant testing is the best way to drill employees on the important sequence of procedures that must occur if a data disaster occurs. Regular testing of the plan promotes faster response times by the staff members who must implement aspects of the plan.

Another, almost ancillary, benefit that occurs is that having a well-implemented plan gets everyone in the organization on the same page in terms of data disaster preparation. With a thoughtful plan that’s been thoroughly vetted through constant testing, employees are more likely to know what’s going on during a data emergency—as well as their proscribed roles during such an event.

Among the first things that need to happen is for the company to determine and set its recovery point objective (RPO) and recovery time objective (RTO). These are self-defined limits that the organization (or individual) determines and sets, and they’re likely to be different from one company to another.

• Recovery point objective (RPO): The RPO is a measurement of how much data an organization (or individual) can afford to lose in a data-loss situation. It’s usually measured using increments of time. For example, a particular company may have decided it can afford to lose access to its data for a period of 30 minutes. It should be stressed that the RPO is not a fixed time for all companies. Instead, it’s a time value that must be decided by each company according to its particular parameters and needs.
• Recovery time objective (RTO): Likewise, an organization needs to determine its recovery time objective (RTO)—a time value determined by management on how long can pass between the point of failure and the return of standard operations before incurring an unacceptable amount of damage.