As World Backup Day celebrates its 14th anniversary, the message has shifted from backing up your data to holistically ensuring data resilience.
This year, on this commemorative date, which originated from a 2011 Reddit post, the message has evolved from ‘back up your data’ to ‘be prepared against data loss and data theft.’
The shift in focus from mere backup to comprehensive data resilience is a testament to the evolving landscape of data security.
Over the years, individuals and organizations have made significant progress in backing up their data, both on-premises and in the cloud, thereby reducing the risk of data loss due to hardware failures, natural disasters or other traditional threats.
However, the threat landscape has undergone a significant transformation. We have now entered the age of data exfiltration, where the primary concern is no longer the encryption of data by cybercriminals but rather the leakage or sale of sensitive information on the dark web.
Furthermore, with the growing adoption of AI, it is becoming increasingly challenging to keep track of which parts of our data are out there, as AI-powered systems can potentially disseminate and process our data in unforeseen ways, making it difficult to maintain control and visibility over our sensitive information.
Growing Awareness of Data Backup Importance
This year’s World Backup Day brings good news: many consumers and organizations have realized the importance of backing up data.
According to a new Western Digital study, based on a survey by Researchscape, 87% of consumers reported backing up their data automatically or manually.
The top reasons are fear of losing essential files (83%), to free up space on their device (67%) and to protect against cyber threats (42%).
The Age of Double-Extortion Ransomware
Meanwhile, cybercriminals are ever more focused on data exfiltration rather than data encryption and removal, with the leakage or sale of sensitive information on the dark web becoming a common occurrence.
According to ReliaQuest, in 2024, only a fifth of ransomware attacks relied on data encryption, with at least 80% of attacks last year focusing solely on exfiltrating data.
Many of these groups have shifted towards a double-extortion ransomware model, in which attackers aim to steal sensitive data and threaten to publish it online while also locking down the victims’ systems.
Therefore, cybercriminals tend to increase their reliance on Living Off the Land (LOTL) techniques, the use of legitimate encryption tools to exfiltrate sensitive data from organizations and the use of legitimately licensed tools.
Additionally, ransomware attackers are applying a significant focus on defense evasion tactics to increase dwell time in victim networks.
For organizations, the explosion of data resulting from digital acceleration, Industry 4.0, the proliferation of personal devices and the Internet of Things (IoT), as well as the adoption of general-purpose AI in the workplace, means that it has become almost impossible to know what data could be exposed.
A Seven-Step Roadmap for Data Resilience
In light of these emerging threats, the message on World Backup Day should now be to have a comprehensive data resilience plan in place rather than relying solely on a backup plan.
This includes implementing robust data protection policies, conducting regular security audits and investing in advanced threat detection and incident response capabilities.
Infosecurity spoke with several experts, including Loren Johnson, Risk Evangelist at Aravo; Alexander Huang, Director of Product and Customer Support at Laserfiche; Sterling Wilson, Field CTO at Object First; and Rekha Shenoy, CEO of BackBox.
We have compiled some of their recommendations in a seven-step roadmap to enhance your data resilience plan and mitigate the threats you might face in 2025:
- Proactively assess risk through sensitive data scanning and categorization, risk recommendation and remediation
- Architect a robust data protection and recovery plan based on your recovery time objective (RTO) and recovery point objective (RPO) that encompasses on-premises and cloud assets, mobile and portable devices and IoT devices
- Integrate immutable storage, account separation between the backup application and the backup storage and copies of your data in different locations in your backup and data resilience infrastructure
- Provide secure, on-premises storage as one of your resilience zones in order to recover your data at the fastest speed possible no matter the status of your external connections
- Evaluate your current backup infrastructure against industry best practices and emerging threats
- Build a data security culture within your organization
- Make sure your third parties’ data is also backed up and your partners have similar data resilience plans
Conclusion
In 2025, the emphasis on World Backup Day has expanded to encompass a broader range of data protection strategies, including data leakage prevention, threat detection and incident response.
However, if you’re still in the market for backup solutions, the World Backup Day website provides a wide range of backup solutions across many platforms and use cases.