Backup Basics: How Essential 8

In 2021, a Sligo hotel faced a nightmare scenario. Its booking system, the lifeblood of its operations, was encrypted by ransomware on a busy bank holiday weekend. The hotel paid a ransom in Bitcoin, but the decryption key only partially worked. This incident highlights the brutal reality facing Irish SMEs: a single cyberattack can cripple operations and inflict severe financial and reputational damage.

The threat of ransomware is not diminishing. Reports indicate that nearly one-third of Irish firms paid a cyber ransom in the last year [1]. For small and medium-sized enterprises (SMEs) in Ireland, particularly in regions like Donegal and the North-West, the consequences can be catastrophic. Unlike larger corporations, SMEs often lack dedicated cybersecurity teams and robust defenses. This makes them prime targets.

This article will explain why a comprehensive backup strategy, aligned with the Australian Cyber Security Centre's (ACSC) Essential Eight framework, is the single most critical defense for Irish SMEs against ransomware. We will delve into the types of backups, the indispensable 3-2-1 rule, and the importance of regular testing. Your ability to recover data quickly and reliably is your ultimate safeguard.

The Essential 8 and Your Last Line of Defense

The Australian Cyber Security Centre (ACSC) developed the Essential Eight as a baseline of mitigation strategies to make it harder for adversaries to compromise systems [2]. While originating in Australia, its principles are universally applicable and highly relevant to Irish SMEs. The Essential Eight includes eight key controls, and one stands out as paramount for recovery: Regular Backups.

Backups are not merely a convenience; they are your organization's last line of defense against data loss from hardware failure, accidental deletion, corruption, or malicious attacks like ransomware. When all other defenses fail, a reliable backup allows you to restore your systems and data to a pre-attack state, minimizing downtime and financial impact. Without them, a ransomware attack can mean permanent data loss and business closure.

The Essential Eight emphasizes not just having backups, but having effective backups. This means daily backups, storing copies offline and offsite, and, crucially, regularly testing your recovery process. Many organizations have backups but discover too late that they are corrupted or incomplete when disaster strikes. A backup that cannot be restored is not a backup at all.

Understanding Backup Types: Full, Incremental, and Differential

To build a resilient backup strategy, it's essential to understand the different types of backups and their implications for recovery time and storage. Each type has its advantages and disadvantages [3].

• Full Backup: This is a complete copy of all selected data. It's the most straightforward to restore from, as all data is contained in a single backup set. However, full backups require the most storage space and take the longest to complete.
• Incremental Backup: An incremental backup only copies data that has changed since the last backup of any type (full or incremental). This method is the fastest for daily backups and requires the least storage. However, restoring from incremental backups can be complex and time-consuming, as it requires the last full backup and all subsequent incremental backups in the correct order [3].
• Differential Backup: A differential backup copies all data that has changed since the last full backup. This approach offers a middle ground between full and incremental backups. It's faster than a full backup and quicker to restore than an incremental backup, as it only requires the last full backup and the latest differential backup [3]. However, differential backups grow in size with each passing day until the next full backup.

Choosing the right combination of these backup types depends on your Recovery Point Objective (RPO) – how much data you can afford to lose – and your Recovery Time Objective (RTO) – how quickly you need to restore operations. For most SMEs, a combination of full backups with daily incremental or differential backups provides a good balance of speed and recoverability.

The Indispensable 3-2-1 Backup Rule

The 3-2-1 backup rule is a cornerstone of data protection, offering a simple yet powerful framework to safeguard your critical information [4]. It dictates that you should have:

• 3 copies of your data: This includes your primary data and at least two backup copies. Redundancy is key to ensuring that if one copy is compromised or fails, you have others to fall back on.
• 2 different types of media: Store your data on two distinct storage types. For example, one copy on local disk storage and another on cloud storage or tape. This protects against a single type of media failure [4].
• 1 copy offsite: At least one of your backup copies should be stored in a geographically separate location. This protects your data from localized disasters such as fire, flood, or a physical breach at your primary site [4]. An offsite copy is particularly crucial in a ransomware scenario, as it ensures your backups are isolated from your network and cannot be encrypted by attackers.

Adhering to the 3-2-1 rule significantly reduces the risk of catastrophic data loss. It provides layers of protection, ensuring that even in the face of a severe incident, your business can recover. For Irish SMEs, this rule is not just a recommendation; it's a survival strategy in a landscape rife with cyber threats.

---

Free Resource: Download the Irish SME Cyber Survival Guide — 10 practical controls based on NCSC Ireland and ENISA guidance. No email required for the first section.

---

The Sligo Hotel: A Cautionary Tale

The experience of the Sligo hotel serves as a stark reminder of the devastating impact of ransomware and the critical importance of a robust recovery strategy. When their booking system was encrypted, the hotel faced immediate operational paralysis. Guests couldn't check in, reservations were lost, and the business ground to a halt during a peak period. The decision to pay the ransom, a desperate measure, ultimately proved insufficient, as the decryption key only partially restored their data. This meant continued disruption, manual workarounds, and significant financial losses beyond the ransom payment itself.

This incident underscores that paying the ransom is never a guaranteed solution and often leads to further complications. The true cost of a ransomware attack extends far beyond the ransom demand, encompassing business interruption, reputational damage, recovery expenses, and potential regulatory fines under GDPR.

Testing Your Backups: The Ultimate Validation

Many organizations diligently perform backups but neglect the most crucial step: testing their restorability. A backup is only as good as its ability to restore your data when needed. The Sligo hotel's partial decryption highlights this painful truth. Imagine discovering during a crisis that your backups are corrupted, incomplete, or simply don't work.

If you have not tested your backup recovery in the last 90 days, you do not have a backup. This bold statement reflects a fundamental truth in cybersecurity. Regular, simulated recovery exercises are essential to:

• Verify data integrity: Ensure that your backup files are not corrupted and contain all the necessary data.
• Validate recovery procedures: Confirm that your team knows how to perform a restore and that the process works as expected.
• Measure RTO: Understand how long it will realistically take to get your systems back online.
• Identify and address weaknesses: Uncover any issues in your backup strategy or recovery plan before a real incident occurs.

For Irish SMEs, testing should be a non-negotiable part of their cybersecurity routine. It transforms a theoretical safety net into a proven lifeline. Consider a schedule for testing, perhaps quarterly, to ensure continuous readiness. This proactive approach can be the difference between a minor inconvenience and a business-ending event.

Backup Strategy at a Glance

To help Irish SMEs implement an effective backup strategy, here's a summary of key considerations:

Beyond Backups: A Holistic Approach

While robust backups are paramount, they are part of a broader cybersecurity ecosystem. The Essential Eight framework includes other vital controls that complement your backup strategy, such as patch management, MFA, and restricting administrative privileges. A layered defense is always the most effective. However, for an SME facing the immediate threat of ransomware, the ability to recover quickly and completely is the ultimate safety net.

Investing in a comprehensive backup and recovery solution is not an expense; it's an investment in business continuity and resilience. It protects your reputation, your customer data, and your bottom line. Don't wait until a crisis hits to discover the weaknesses in your recovery plan.

---

Related Reading

• A Sligo Hotel Was Offline for Three Days After a Cyber Attack. Here Is What the Owner Wishes They Had Done.
• What Does a Ransomware Attack Actually Cost a Donegal Business? We Did the Maths.
• Ransomware Kills Businesses. Here Is the Evidence Every Irish SME Owner Must See.

Ready to find out where your business stands? Book a free 20-minute strategy call with our vCISO team at pragmaticsecurity.ie/book-a-call. No sales pitch. No jargon. Just an honest assessment of your cybersecurity posture and a clear plan to address it.

References

1. Nearly one-third of Irish firms paid a cyber ransom in last year - Silicon Republic
2. Why Pursue ACSC Essential Eight User Backup Guidelines? - Microsoft Learn
3. Incremental vs. Differential vs. Full Backup - A Comparison Guide - Acronis
4. 3-2-1 Backup Rule Explained: Do I Need One? - Veeam