Backup: Preventive or Corrective Control?

TL;DR

Backups are primarily a corrective control, but have strong elements of being a preventive control too. They don’t stop incidents happening, but they limit the damage when they do. A good cybersecurity strategy uses backups as part of a wider set of controls.

Understanding Controls

Let’s quickly define what we mean by preventive and corrective controls:

• Preventive controls: Stop something bad from happening in the first place. Examples include firewalls, strong passwords, and intrusion detection systems.
• Corrective controls: Limit the damage after something bad has happened. Examples include incident response plans, disaster recovery procedures, and… backups!

Why Backups are Primarily Corrective

1. Reacting to Loss: Backups don’t prevent data loss events like hardware failure, ransomware attacks, accidental deletion or corruption. They react to them. You need a loss event before the backup is useful.
2. Restoration Focus: The main purpose of a backup is to restore your system and data to a working state after an incident. This is inherently a recovery action – corrective.

How Backups Act as Preventive Controls

While primarily corrective, backups contribute to prevention in several ways:

1. Deterrent Effect: Knowing you have reliable backups can discourage attackers (though this shouldn’t be relied upon).
2. Faster Recovery = Less Disruption: Quick restoration minimizes downtime and business impact. This reduces the incentive for attackers to escalate their actions.
3. Testing & Validation: Regularly testing your backup process identifies weaknesses in your overall system, which can then be fixed – a preventive measure.

Practical Backup Steps

Here’s how to implement effective backups:

1. The 3-2-1 Rule: Keep at least three copies of your data, on two different media types, with one copy offsite.
2. Automate Backups: Use backup software or services to schedule regular, automated backups. For example, using a Linux cron job:

   0 2 * * * /usr/bin/backup_script.sh

   This runs the script at 2am every day.

3. Verify Backups: Regularly test your backups to ensure they are working correctly and can be restored.
4. Encryption: Encrypt your backups, both in transit and at rest, to protect sensitive data.
5. Offsite Storage: Store a copy of your backups offsite (e.g., cloud storage) to protect against physical disasters.

Conclusion

Backups are essential for cybersecurity. While they’re best thought of as corrective controls, their ability to reduce downtime and encourage good security practices gives them a valuable preventive role too. Don’t rely on backups alone – use them as part of a comprehensive cybersecurity strategy that includes firewalls, intrusion detection, strong passwords, and regular security audits.