{"id":29921,"date":"2026-05-06T15:56:14","date_gmt":"2026-05-06T14:56:14","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=29921"},"modified":"2026-05-06T15:56:17","modified_gmt":"2026-05-06T14:56:17","slug":"backups-the-last-line-of-defense-against-ransomware-part-2","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/","title":{"rendered":"Backups:\u00a0The Last Line of\u00a0Defense\u00a0Against Ransomware\u00a0Part 2\u00a0"},"content":{"rendered":"\n

This article is structured around four complementary approaches aimed at strengthening end\u2011to\u2011end backup security. After addressing, in Part 1, backup usability (1) and the security of the backup infrastructure (2), this second part focuses on the last two approaches: protecting backups against logical destruction (3) and\u00a0identifying\u00a0the residual risks associated with the measures implemented (4).\u00a0<\/span><\/p>\n

\u00a0<\/span><\/p>\n

3. Protecting backups against logical destruction<\/b>\u00a0<\/span><\/h1>\n

As part of a defense\u2011in\u2011depth approach to backup protection, and\u00a0in light of\u00a0the threat landscape\u00a0observed, the assumption of an illegitimate takeover of components within the storage and backup infrastructure must be considered.\u00a0<\/span><\/p>\n

More generally,\u00a0in order to\u00a0effectively reduce the risk of data loss, best practice\u00a0dictates ensuring\u00a0that backups are not exposed to the same risks (cyber or otherwise) as the stored data. This approach is notably based on diversifying backup media, implementing physical\u00a0or logical segregation, and\u00a0maintaining\u00a0at least one isolated copy that is both offline and off\u2011site.\u00a0<\/span><\/p>\n

The use of mechanisms designed to prevent the alteration or deletion of backed\u2011up\u00a0data,even\u00a0in the event of\u00a0a successful attack on the storage and backup infrastructure,\u00a0should therefore be considered.\u00a0<\/span><\/p>\n

Immutability<\/i>\u00a0and\u00a0air gapping<\/i>\u00a0represent the two main approaches in this area. While these concepts are widely promoted by vendors, the solutions available and the residual risks associated with their implementation vary. It is therefore essential to fully understand the underlying mechanisms of these solutions\u00a0in order to\u00a0select the one that best addresses the required risk coverage.\u00a0<\/span><\/p>\n

According to the Cyber Benchmark conducted by Wavestone,\u00a0nearly 65%\u00a0of organizations implement immutability or air<\/i>\u2011gapping mechanisms,\u00a0at least for critical functions,\u00a0and 21% apply them across\u00a0all of\u00a0their backups.<\/i>\u00a0<\/span><\/p>\n

\u00a0<\/span><\/p>\n

Backup Immutability, an Increasingly Adopted Technique<\/b>\u00a0<\/span><\/h2>\n

\u00a0<\/p>\n

“Data immutability means that data can be written but cannot be modified or deleted\u201d (NIST).\u00a0<\/span><\/p>\n

Far from being uniform, its implementation relies on a variety of technical approaches whose robustness varies depending on whether they are based on hardware or software mechanisms.\u00a0<\/span><\/p>\n

a. Purely Hardware-Based Mechanisms\u00a0<\/strong><\/span><\/p>\n

    \n
  • LTO WORM cartridges (with compatible hardware\/firmware)<\/b>\u00a0<\/span>
    These magnetic tape cartridges allow data to be written once, preventing any\u00a0subsequent\u00a0modification or deletion, provided that the hardware and firmware support WORM (Write Once, Read Many) mode.\u00a0<\/span><\/li>\n<\/ul>\n

    \u00a0 \u00a0 \u00a0For more specific use cases :\u00a0<\/span><\/p>\n

      \n
    • Blu<\/b>\u2011ray\u00a0jukeboxes<\/b>\u00a0<\/span>
      This robotic system uses WORM Blu\u2011ray discs to permanently store data,\u00a0rendering\u00a0it physically unalterable once written.\u00a0<\/span><\/li>\n
    • Flash storage with WORM controller (firmware \/ e<\/b>\u2011Fuse bit)<\/b>\u00a0<\/span>
      Some flash storage devices incorporate a controller with dedicated firmware or hardware mechanisms such as e\u2011Fuse bits, enabling data to be permanently locked after being written.\u00a0<\/span><\/li>\n<\/ul>\n

      \u00a0<\/p>\n

      b. Software-Based Mechanisms, Embedded or Appliance-Based\u00a0<\/strong><\/span><\/p>\n

        \n
      • Hardware appliance with local management<\/b>\u00a0<\/span>
        This is a backup\u2011dedicated appliance, locally configured to enforce immutability policies, often through software locks or\u00a0non\u2011modifiable retention periods.\u00a0<\/span><\/li>\n
      • Hardware appliance with online management<\/b>\u00a0<\/span>
        This type of appliance enables remote management, sometimes via an out\u2011of\u2011band channel, ensuring that immutability policies cannot be altered even if the primary network is compromised.\u00a0<\/span><\/li>\n
      • Software installed on the organization\u2019s operating systems<\/b>\u00a0<\/span>
        Some software solutions allow immutability rules to be defined directly at the operating system level. However, this approach may be less robust, as it can be vulnerable if the host system is compromised.\u00a0<\/span><\/li>\n
      • Cloud capabilities (e.g., Amazon S3 Glacier \/ Azure Blob Storage)<\/b>\u00a0<\/span>
        Cloud storage services offer immutability features through retention policies or WORM locks, ensuring that stored objects cannot be\u00a0modified\u00a0or deleted for a defined period.\u00a0<\/span><\/li>\n<\/ul>\n

        \u00a0<\/p>\n

        It should be noted that the level of immutability can be adjusted based on the nature of the data concerned,\u00a0in order to\u00a0optimize\u00a0the balance between security requirements and operational constraints.\u00a0<\/span><\/p>\n

        Immutability is increasingly\u00a0observed\u00a0as a mechanism deployed within backup protection strategies and\u00a0remains\u00a0more commonly implemented than air gapping.\u00a0<\/span><\/p>\n

        \u00a0<\/span><\/p>\n

        Backup Air Gapping : A Technique Observed but Less Optimized<\/b>\u00a0<\/span><\/h2>\n

        \u00a0<\/p>\n

        An air gap4<\/i>\u00a0is defined as \u201can interface between two systems in which (a) the systems are not physically connected and (b) any logical connection is not automated (i.e., data is transferred across the interface only manually, under human control).\u201d\u00a0<\/span><\/p>\n

        Like immutability, air gapping can be implemented in\u00a0various ways, including:\u00a0<\/span><\/p>\n

        Physical implementations\u00a0 :<\/strong><\/span><\/p>\n

          \n
        1. Offline, protected tape storage (primarily at a remote site)<\/b>\u00a0<\/span>
          Magnetic tapes are removed from the active backup system and stored in a physically separate location, preventing any network or automated access.\u00a0<\/span><\/li>\n
        2. Tapes stored in a backup robot<\/b>\u00a0<\/span>
          Although physically connected, certain backup robot configurations allow tapes to be logically disconnected when not in use, thereby limiting the risk of unauthorized access.\u00a0<\/span><\/li>\n
        3. Other removable storage media such as disks (stored offline)<\/b>\u00a0<\/span>
          Hard drives or SSDs can be used to transfer data, then physically disconnected and stored in a secure environment, ensuring full isolation.\u00a0<\/span><\/li>\n
        4. Optical data diode transfer gateways<\/b>\u00a0<\/span>
          These devices enable one\u2011way data transfer, physically preventing any return flow of information or commands to the source system and providing a certain level of separation. When native support is not provided by backup software vendors, third\u2011party software agents enabling unidirectional transfer must be used in addition.\u00a0<\/span><\/li>\n<\/ol>\n

          \u00a0<\/span><\/p>\n

          Logical Air\u2011Gap Implementations (Departing from Physical Isolation) :<\/strong><\/span><\/p>\n

            \n
          1. \u201cSaloon door\u201d network ports opened only during synchronization<\/b>\u00a0<\/span>
            Network connections are temporarily enabled to allow data synchronization and then automatically disabled, thereby limiting the exposure window and requiring strict controls to ensure that only legitimate replication traffic is authorized.\u00a0<\/span><\/li>\n
          2. Isolation through access control and encryption capabilities<\/b>\u00a0<\/span>
            Strict access control mechanisms combined with encryption make it possible to restrict access to backups to precisely defined users and time windows.\u00a0<\/span><\/li>\n
          3. Backup as a Service (isolated private cloud \/ third<\/b>\u2011party cloud)<\/b>\u00a0<\/span>
            Some externalized backup offerings provide full logical isolation by segregating customer environments and limiting network interactions to strictly controlled channels. However, the risk of compromise is not null, as illustrated by a successful attack in 2025 against an online backup service targeting\u00a0firewall\u00a0configurations.\u00a0<\/span><\/li>\n<\/ol>\n

            \u00a0<\/p>\n

            Subject to\u00a0a risk\u00a0analysis,\u00a0particularly when relying on logical solutions,\u00a0implementing data immutability should\u00a0generally be\u00a0prioritized over air gapping.\u00a0<\/span><\/p>\n

            While immutability and air gapping constitute effective safeguards to preserve the integrity, and even the confidentiality, of traditional backups against risks of modification or exfiltration, other approaches that are more focused on operational optimization also\u00a0warrant\u00a0consideration.\u00a0<\/span><\/p>\n

            In this context, the\u00a0objective\u00a0is no longer to secure full data copies, but rather to rely on alternative mechanisms enabling rapid and large\u2011scale restoration, often at the cost of certain\u00a0trade\u2011offs. This is notably the case with snapshots, which have\u00a0emerged\u00a0as a preferred technical solution in environments where recovery performance takes precedence over backup completeness or robustness.\u00a0<\/span><\/p>\n

            \u00a0<\/span><\/p>\n

            Snapshots: A Fast Recovery Solution, but Not a Full-Fledged Backup\u00a0<\/strong><\/span><\/h2>\n

            \u00a0<\/p>\n

            To better understand what the concept of a snapshot technically entails, it is useful to refer to the definition provided by NIST: \u201cA record of the state of a running image, typically captured as the differences between a reference image and the current state.\u201d\u00a0<\/span><\/p>\n

            In other words, a snapshot\u00a0represents\u00a0an instantaneous capture of the state of a file system or data volume at a given point in time. Unlike a full backup, it records only the blocks or files that have changed since the reference state. This mechanism, which is fast and resource\u2011efficient, is particularly well suited to environments where rapid recovery is a priority. It is therefore widely used in virtualized and cloud infrastructures.\u00a0<\/span><\/p>\n

            However, this operational efficiency comes with notable\u00a0trade\u2011offs\u00a0in terms of backup quality. Snapshots\u00a0do not constitute\u00a0independent copies of data; they depend on the integrity of the host system.\u00a0In the event of\u00a0corruption of\u00a0the primary\u00a0volume, snapshots may become unusable. In addition, their lifecycle management (rotation, retention, application consistency) requires\u00a0particular rigor\u00a0to avoid operational\u00a0drift.\u00a0<\/span><\/p>\n

            While effective in accelerating business recovery, snapshots cannot replace a true backup strategy. They should be considered as a complement to more robust mechanisms that ensure long\u2011term data durability and integrity.\u00a0<\/span><\/p>\n

            Whether dealing with snapshots or traditional backups, their integration into a protection architecture requires a thorough risk analysis, including the identification of residual vulnerabilities.\u00a0<\/span><\/p>\n

            \u00a0<\/p>\n

            4. Risk-Based approach and identification of residual risks<\/b>\u00a0<\/span><\/span><\/h1>\n

            \u00a0<\/p>\n

            Given the stakes associated with irreversible data loss and\/or prolonged disruption of critical business activities, risk analysis applied to backup mechanisms is not an optional step but rather a fundamental pillar of a consistent and well\u2011controlled backup strategy.\u00a0<\/span><\/p>\n

            \u00a0<\/span><\/p>\n

            Embedding Risk Analysis at the Core of Backup Management<\/b>\u00a0<\/span><\/h2>\n

            \u00a0<\/p>\n

            Whether or not it is part of a formal certification or authorization process, conducting a risk analysis of backup mechanisms aims to ensure that the controls in place are aligned with identified threats and business continuity requirements.\u00a0<\/span><\/p>\n

            In this context, a risk analysis applied to backups,\u00a0based, for example, on the EBIOS Risk Manager (EBIOS\u2011RM) methodology proposed by ANSSI,\u00a0makes it possible to assess existing controls, identify plausible attack scenarios such as compromise of the backup server or data tampering, and evaluate their likelihood. This approach helps prioritize security measures according to their potential impact on business activities, while ensuring that residual risks\u00a0remain\u00a0acceptable\u00a0with regard to\u00a0business\u00a0objectives.\u00a0<\/span><\/p>\n

            Monitoring residual risks,\u00a0those that persist despite the implementation of protection measures,\u00a0is a natural extension of the risk analysis process. It is therefore essential to\u00a0identify, document, and integrate them into an ongoing security risk management strategy. By way of illustration, such residual risks may include:\u00a0<\/span><\/p>\n

              \n
            • Insider threat :<\/b>\u00a0A malicious administrator or an employee with privileged access may intentionally alter or\u00a0delete\u00a0backups.\u00a0<\/span><\/li>\n
            • Compromise of the cloud backup service provider :<\/b>\u00a0A compromise of the cloud provider, for example through the exploitation of\u00a0non\u2011public vulnerabilities, could allow an attacker to access or manipulate backups while bypassing customer\u2011side security mechanisms.\u00a0<\/span><\/li>\n
            • Compromise of customer (tenant) accounts :<\/b>\u00a0Unauthorized access to customer accounts may result in loss of control over backups, including their deletion or alteration.\u00a0<\/span><\/li>\n
            • Destruction of backup solution assets :<\/b>\u00a0If the backup infrastructure is destroyed (physically or logically), restoring backups may become difficult or even impossible\u00a0in the event of\u00a0the loss of critical resources such as:\u00a0<\/span>\n
                \n
              • Backup catalogs \/ backup tool databases\u00a0<\/span><\/li>\n
              • Secrets such as decryption keys\u00a0<\/span><\/li>\n<\/ul>\n<\/li>\n
              • Technical compromise of the backup tool :<\/b>\u00a0An attacker may\u00a0render\u00a0backups unusable by exploiting technical vulnerabilities in the backup software or the host system, including via low\u2011level out\u2011of\u2011band access mechanisms such as\u00a0iLO\u00a0or iDRAC.\u00a0<\/span><\/li>\n
              • Compromise of administrative accounts :<\/b>\u00a0Even with immutability mechanisms in place, functional compromise of administrative accounts may allow an attacker to disable or bypass protections before,\u00a0and in some cases after,\u00a0data is written (retention periods, time\u2011management mechanisms, etc.).\u00a0<\/span><\/li>\n
              • Compromise of the backup tool\u2019s cybersecurity controls :<\/b>\u00a0If an attacker tampers with backup protection settings,\u00a0such as encryption parameters (e.g.,\u00a0encryption_secret<\/i>),\u00a0backups may remain unusable. \u00a0<\/span><\/li>\n<\/ul>\n

                \u00a0<\/p>\n

                Once a secure backup solution is implemented, complement the analysis with periodic audits, Including Red Team Exercises<\/b>\u00a0<\/span><\/h2>\n

                \u00a0<\/p>\n

                In addition to theoretical risk analysis and residual risk monitoring, periodic audits help\u00a0identify\u00a0vulnerabilities related to the implementation of the backup solution. Among the possible audit types, Red Team exercises aim to reproduce the behavior of an attacker\u00a0seeking\u00a0to destroy backups. These exercises also serve to test the effectiveness of the technical and human measures in place for protection, detection, and response to an attack.\u00a0<\/span><\/p>\n

                \u00a0<\/span><\/p>\n

                Conclusion<\/b>\u00a0<\/span><\/h1>\n

                \u00a0<\/p>\n

                Protecting backups against ransomware relies on\u00a0a holistic approach\u00a0rather than a purely \u201cproduct\u2011based\u201d one :\u00a0<\/span><\/p>\n

                  \n
                • Continuously verifying the reliability of backups to ensure effective reconstruction of the information\u00a0system;\u00a0<\/span><\/li>\n
                • Securing\u00a0the backup infrastructure by\u00a0reducing\u00a0its\u00a0attack\u00a0surface;\u00a0<\/span><\/li>\n
                • Protecting\u00a0backed\u2011up data,\u00a0with\u00a0immutability\u00a0as a\u00a0priority;\u00a0<\/span><\/li>\n
                • Adopting\u00a0a cross\u2011functional,\u00a0risk\u2011driven\u00a0approach\u00a0to\u00a0security\u00a0management.\u00a0<\/span><\/li>\n<\/ul>\n

                  The level of rigor\u00a0required\u00a0for backup security will continue to increase as attackers refine their techniques and strengthen their capabilities.\u00a0\u00a0<\/span><\/p>\n

                  Continuous vigilance and adaptation to the evolving threat landscape therefore remain the strongest allies of a resilient backup strategy.\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

                  This article is structured around four complementary approaches aimed at strengthening end\u2011to\u2011end backup security. After addressing, in Part 1, backup usability (1) and the security of the backup infrastructure (2), this second part focuses on the last two approaches: protecting…<\/p>\n","protected":false},"author":1285,"featured_media":29558,"comment_status":"open","ping_status":"closed","sticky":true,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2777,3977],"tags":[5051,5050,5049,5052],"coauthors":[2841,4989],"class_list":["post-29921","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-focus","tag-air-gapping","tag-immutability","tag-protecting-backups","tag-risk-based-approach"],"acf":[],"yoast_head":"\nBackups:\u00a0The Last Line of\u00a0Defense\u00a0Against Ransomware\u00a0Part 2\u00a0 - RiskInsight<\/title>\n<meta name=\"description\" content=\"This article is structured around four complementary approaches aimed at strengthening end\u2011to\u2011end backup security. After addressing, in Part 1, backup usability (1) and the security of the backup infrastructure (2), this second part focuses on the last two approaches: protecting backups against logical destruction (3) and\u00a0identifying\u00a0the residual risks associated with the measures implemented (4).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Backups:\u00a0The Last Line of\u00a0Defense\u00a0Against Ransomware\u00a0Part 2\u00a0 - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"This article is structured around four complementary approaches aimed at strengthening end\u2011to\u2011end backup security. After addressing, in Part 1, backup usability (1) and the security of the backup infrastructure (2), this second part focuses on the last two approaches: protecting backups against logical destruction (3) and\u00a0identifying\u00a0the residual risks associated with the measures implemented (4).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-06T14:56:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-06T14:56:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/03\/Image12.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2000\" \/>\n\t<meta property=\"og:image:height\" content=\"1256\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Axel Petersen, paul-adrien Faineant\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Axel Petersen, paul-adrien Faineant\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/\"},\"author\":{\"name\":\"Axel Petersen\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/3544c8184dc9a23e6ca7ad0da430b274\"},\"headline\":\"Backups:\u00a0The Last Line of\u00a0Defense\u00a0Against Ransomware\u00a0Part 2\u00a0\",\"datePublished\":\"2026-05-06T14:56:14+00:00\",\"dateModified\":\"2026-05-06T14:56:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/\"},\"wordCount\":1949,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/03\/Image12.jpg\",\"keywords\":[\"air gapping\",\"Immutability\",\"Protecting Backups\",\"Risk-Based approach\"],\"articleSection\":[\"Cybersecurity & Digital Trust\",\"Focus\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/\",\"name\":\"Backups:\u00a0The Last Line of\u00a0Defense\u00a0Against Ransomware\u00a0Part 2\u00a0 - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/03\/Image12.jpg\",\"datePublished\":\"2026-05-06T14:56:14+00:00\",\"dateModified\":\"2026-05-06T14:56:17+00:00\",\"description\":\"This article is structured around four complementary approaches aimed at strengthening end\u2011to\u2011end backup security. After addressing, in Part 1, backup usability (1) and the security of the backup infrastructure (2), this second part focuses on the last two approaches: protecting backups against logical destruction (3) and\u00a0identifying\u00a0the residual risks associated with the measures implemented (4).\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/03\/Image12.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/03\/Image12.jpg\",\"width\":2000,\"height\":1256},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Backups:\u00a0The Last Line of\u00a0Defense\u00a0Against Ransomware\u00a0Part 2\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity & digital trust blog by Wavestone's consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/3544c8184dc9a23e6ca7ad0da430b274\",\"name\":\"Axel Petersen\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/axel-petersen\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Backups:\u00a0The Last Line of\u00a0Defense\u00a0Against Ransomware\u00a0Part 2\u00a0 - RiskInsight","description":"This article is structured around four complementary approaches aimed at strengthening end\u2011to\u2011end backup security. After addressing, in Part 1, backup usability (1) and the security of the backup infrastructure (2), this second part focuses on the last two approaches: protecting backups against logical destruction (3) and\u00a0identifying\u00a0the residual risks associated with the measures implemented (4).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/","og_locale":"en_US","og_type":"article","og_title":"Backups:\u00a0The Last Line of\u00a0Defense\u00a0Against Ransomware\u00a0Part 2\u00a0 - RiskInsight","og_description":"This article is structured around four complementary approaches aimed at strengthening end\u2011to\u2011end backup security. After addressing, in Part 1, backup usability (1) and the security of the backup infrastructure (2), this second part focuses on the last two approaches: protecting backups against logical destruction (3) and\u00a0identifying\u00a0the residual risks associated with the measures implemented (4).","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/","og_site_name":"RiskInsight","article_published_time":"2026-05-06T14:56:14+00:00","article_modified_time":"2026-05-06T14:56:17+00:00","og_image":[{"width":2000,"height":1256,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/03\/Image12.jpg","type":"image\/jpeg"}],"author":"Axel Petersen, paul-adrien Faineant","twitter_misc":{"Written by":"Axel Petersen, paul-adrien Faineant","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/"},"author":{"name":"Axel Petersen","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/3544c8184dc9a23e6ca7ad0da430b274"},"headline":"Backups:\u00a0The Last Line of\u00a0Defense\u00a0Against Ransomware\u00a0Part 2\u00a0","datePublished":"2026-05-06T14:56:14+00:00","dateModified":"2026-05-06T14:56:17+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/"},"wordCount":1949,"commentCount":0,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/03\/Image12.jpg","keywords":["air gapping","Immutability","Protecting Backups","Risk-Based approach"],"articleSection":["Cybersecurity & Digital Trust","Focus"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/","name":"Backups:\u00a0The Last Line of\u00a0Defense\u00a0Against Ransomware\u00a0Part 2\u00a0 - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/03\/Image12.jpg","datePublished":"2026-05-06T14:56:14+00:00","dateModified":"2026-05-06T14:56:17+00:00","description":"This article is structured around four complementary approaches aimed at strengthening end\u2011to\u2011end backup security. After addressing, in Part 1, backup usability (1) and the security of the backup infrastructure (2), this second part focuses on the last two approaches: protecting backups against logical destruction (3) and\u00a0identifying\u00a0the residual risks associated with the measures implemented (4).","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/03\/Image12.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/03\/Image12.jpg","width":2000,"height":1256},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/05\/backups-the-last-line-of-defense-against-ransomware-part-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Backups:\u00a0The Last Line of\u00a0Defense\u00a0Against Ransomware\u00a0Part 2\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity & digital trust blog by Wavestone's consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/3544c8184dc9a23e6ca7ad0da430b274","name":"Axel Petersen","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/axel-petersen\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/29921","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1285"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=29921"}],"version-history":[{"count":11,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/29921\/revisions"}],"predecessor-version":[{"id":29939,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/29921\/revisions\/29939"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/29558"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=29921"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=29921"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=29921"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=29921"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}