World Backup Day is drawing renewed attention to the growing risk of ransomware and a shifting view of backup: no longer a back-office chore, but a board-level concern, according to senior leaders at CTERA.
They describe a move away from traditional disaster-recovery thinking towards models that assume active, intelligent attacks on both production systems and backup infrastructure.
The annual awareness day comes as organisations reassess data-resilience strategies, including immutability, air-gapping and routine recovery testing.
Threat evolution
CTERA’s Chief Technology Officer, Aron Brand, said organisations now face not only accidental loss or physical damage, but targeted attempts to corrupt the backups they rely on for recovery.
“World Backup Day has evolved from a simple reminder into a crucial strategic checkpoint. In the past, we treated data loss like a natural disaster such as a flood or a fire, something you recover from. Today, we face intelligent adversaries who don’t just destroy data; they often weaponize it. They actively hunt and corrupt the very backups that are meant to be our safety net. This fundamental shift in the threat landscape demands a revolution in our defense mechanisms. A backup that can be altered is no longer an asset; it’s now a vulnerability waiting to be exploited. It’s a false sense of security. True cyber resilience is now defined by immutability and air-gapped architecture. It’s about creating a version of your data that is fundamentally unreachable and unchangeable by an attacker, like placing your digital crown jewels in a time-locked vault that only you have the key to. We’re not just making copies anymore. We are forging digital artifacts that guarantee a point-in-time recovery, ensuring that no matter what chaos unfolds on the network, your history, your business, and your future are secure.”
His comments echo broader concern about attacks designed to delete, encrypt or tamper with backup sets before a wider ransomware campaign begins.
Policy quality
Ravit Sadeh, VP Product Management at CTERA, contrasted legacy backup policies with what is now expected in an environment of persistent ransomware threats.
“The ‘digital insurance’ metaphor for backups is more relevant than ever, but the real question is the quality of the policy. For years, a basic policy was enough. Today, with ransomware everywhere, that’s no longer true. A backup that doesn’t explicitly protect against it isn’t just incomplete; it’s actually misleading. The conversation is shifting, and rightly so. It’s no longer just about the 3-2-1 rule. It’s about 3-2-1 with immutability as a baseline. This level of protection shouldn’t feel like a premium add-on. It should be the default-built in, not bolted on. Because resilience shouldn’t depend on how many security experts you have, or how well you configured the system. It should be inherent. When customers invest in a backup solution, they’re not just buying storage. They’re buying certainty-that when something goes wrong, recovery is guaranteed, and their data is truly protected. Preserving a digital legacy isn’t just about keeping data. It’s about ensuring it remains available, trustworthy, and recoverable no matter what.”
The “3-2-1” rule is a long-standing recommendation to maintain three copies of data, on two different media, with one copy stored offsite. CTERA’s view places immutability at the centre of that strategy, positioning it as a baseline rather than an add-on.
Recovery focus
Service and support teams often engage directly with organisations during or after cyber incidents. CTERA’s VP Global Services, Itay Uman, pointed to a common gap between having backups in place and having a tested recovery process.
“From the front lines, we see the real-world impact when digital insurance policies fail. The most devastating calls aren’t from people who forgot to back up, but from those who did, and find their backups encrypted or unusable during a ransomware attack. This is why recovery validation is not just important; it’s everything. Think of it this way: having a fire extinguisher on the wall gives you a sense of safety, but if you’ve never tested it, you’re relying on pure faith. A backup is the same. Backing up data is only the first step. The real value-where peace of mind comes from-is regularly and rigorously testing the restore process. It’s the fire drill for your data. You simulate the disaster to prove your escape plan works. On World Backup Day, the pledge shouldn’t just be to ‘back up your files.’ It must be to ‘prove you can restore them.’ Because a backup that hasn’t been tested is just a hope, not a strategy.”
His comments reflect a growing emphasis on recovery time, recovery assurance and the operational drills that support technical backup designs.
Boardroom issue
CTERA Chief Executive Oded Nagel said data protection has expanded beyond IT into a broader discussion about trust, brand impact and corporate governance.
“In today’s digital economy, trust is the ultimate currency. For too long, leadership has viewed data backup as a technical task delegated to the IT department, perhaps a checkbox on a compliance form. That era is definitively over. Ransomware has elevated data strategy into a boardroom-level imperative, transforming it from an operational chore into a pillar of corporate governance. A data breach today isn’t just an IT disruption. It can shatter customer confidence, erode shareholder value virtually overnight, and irreparably damage a brand’s reputation. This is why modern data protection, built on principles of immutability and guaranteed recovery, is not just a feature but a fundamental component of business continuity. It is the ultimate digital insurance policy-not just for your files, but for your entire enterprise. On World Backup Day, my message to fellow leaders is simple: Don’t just ask your teams if they are backing up. Ask them how they are guaranteeing the swift, complete restoration of your business. The future of your company depends on their answer.”
World Backup Day began as a public reminder about data protection for individuals and businesses. It now also prompts wider discussion about resilience against ransomware, the robustness of backup strategies, and leadership’s role in setting recovery expectations.
