Almost no company backs up all its critical data and–this is the important part–actually tests that those backups really work.
Backups have always been a thankless task. Backup software is incredibly complex with hundreds of options and a spotty record of actually working. Yet so little training is offered or taken advantage of that most people simply take the defaults and hope for the best.
Let’s be honest. Every time you’ve done a backup restore, even for a single file, and it worked, you breathed a sigh of relief. That’s because you know backup-and-restore events often don’t work. Many of us have had a needed restore fail. Worse, the backup software might indicate success when the job completes, but some default option set since the beginning of time made your backups worthless.
Poor backup testing is killing security
Even through we know we are supposed to test our backups, almost no one does. Those who do test their backups do so with limited restore of a single database or server. I would say that the people who do even very limited in scope testing make up 1% of security professionals.
The other 99% don’t test backups at all. We are lucky if they read backup…