Why continuous data protection is key to business survival

President Ntuli, Managing Director of HPE South Africa.

---

Ransomware has quickly evolved to become one of the most formidable threats to African organisations. While prevention remains the ideal outcome, it’s no longer sufficient as a standalone strategy. 

Business leaders must prepare for the inevitable: attacks that bypass defences and disrupt operations. Across Africa, ransomware has surged, with INTERPOL reporting a significant rise in monthly detections. 

The consequences are severe - crippled infrastructure, shaken customer trust, and costly compliance fallout. Traditional recovery methods, designed for small-scale incidents, falter under the weight of such large-scale breaches.

This is where continuous data protection (CDP) has emerged as a transformative approach. As part of a comprehensive cyber recovery strategy, CDP enables rapid recovery from even significant data losses, making recovery speed a critical measure of resilience. For forward-thinking organisations, recovery readiness is now the frontline of cybersecurity.

Backup and recovery have become strategic imperatives. Experts recommend developing a comprehensive recovery plan that is easily accessible - ideally, kept as a printed copy - while also ensuring regular reviews and rigorous testing of recovery procedures. Ongoing staff training is also essential to maintain preparedness and resilience against emerging threats.

Organisations are using various on-premises and cloud-based backup facilities to mitigate risk, and these strategies continue to evolve. For many years, conventional wisdom held that if you had backups, at least you could recover, even after a delay. However, attackers began encrypting or corrupting backups as well. 

As a result, many organisations now have to air gap backups to protect them from corruption. In fact, a recent Enterprise Strategy Group (ESG) survey of midmarket organisations found that 97% of these businesses take steps to protect at least some backups.

Recovery tools must address a wide range of threats, not just ransomware. They should also be equipped to handle application failures, natural disasters, and system outages. 

An IDC survey highlights that data can become unrecoverable for several reasons, including failures in backup systems, corruption or encryption caused by malware or ransomware, data loss during intervals between backups, human error, and the loss or damage of backup tapes.

These vulnerabilities highlight the importance of automated, isolated, and continuous data protection. Although it is recommended to maintain separate disaster and cyber recovery plans, since each demands a distinct approach, recovery tools need to integrate seamlessly into both strategies.

Effective recovery planning must consider two key metrics: recovery-time objective (RTO) and recovery-point objective (RPO). Ransomware complicates these calculations. Unlike predictable downtime from server failures, ransomware recovery is fraught with uncertainty. Even when backups are intact, restoration can fail or take too long. What’s more, many organisations don’t test recovery processes thoroughly or frequently enough.

The restoration process itself can be lengthy; so much so that some victims opt to pay the ransom, believing decryption will be faster and less costly than enduring prolonged downtime and reputational harm. 

During HPE's interactive Race Against Ransomware workshop series, many participants, playing through an incident scenario for the very first time and experiencing the considerable pressure, chose to pay the ransom and sought assistance from insurers and ransomware recovery specialists. 

This trend is reflected in various surveys, which reveal that most organisations are at least partially prepared to pay a ransom, with some even maintaining cryptocurrency accounts specifically for this purpose.

And yet, paying the ransom and hoping to decrypt all your data is not a road to a quick recovery. A high percentage of organisations do pay the ransom, but a third of those that paid were still unable to recover all their data.

The ideal solution to these problems is one that continuously backs up and provides the fastest recovery possible. CDP is a solution that delivers always-on replication of data combined with detailed journaling. 

You start with a complete backup from a known good state, called a gold backup, and CDP automatically backs up all changes to the data, along with when they occurred. This means you can either perform a full restore from the gold backup, plus all the changes, or more likely, roll back to a particular point in time by undoing any changes since that point.

As long as the backups are properly protected, businesses can recover their data quickly and completely after an attack. CDP speeds up recovery by storing backups on disk or flash drives rather than on tape. 

Although this approach can be more expensive, the faster recovery time often justifies the extra cost. Unlike tapes, which store data in a long sequence and require time-consuming winding to find specific files, disks allow instant access to any piece of data, making it much easier and quicker to restore just what is needed.

CDP also saves time because it only backs up data that has changed, rather than copying everything each time. Usually, the CDP equipment is kept close to the servers it protects, but if the organisation needs backups stored off-site for extra security, this can usually be arranged as a backup to the main system.

In an era where data loss can cripple operations and erode trust, continuous data protection has become a key element of every comprehensive recovery strategy. 

By addressing some of the biggest shortcomings of conventional backup, particularly the vulnerability of data written between scheduled backups, CDP ensures that both recovery points and recovery times are minimised. This means that in the face of a ransomware attack, organisations can recover swiftly and completely, preserving business continuity and resilience when it matters most.