The key is to understand the role of data backup — and why the most critical factor is recoverability. Many companies still underestimate this. In this interview, Boris Mittelmann, System Engineer at Veeam, discusses the realities of cyberattacks and the importance of backup strategies.
Boris, your focus is on backup and recovery. What is the situation like among companies in Slovakia?
From what I’ve seen, most organizations are in a very poor state. Their mindset often follows a simple rule: “We need to back up somehow, and as long as it works, we don’t have to worry about it.” But this approach doesn’t reflect today’s requirements for data protection.
Now the conversation with clients is shifting: it’s no longer just about “having a copy of data somewhere,” but ensuring that backups can actually be restored — quickly, reliably, and in the necessary level of detail.
So are companies being irresponsible with backups?
It’s not only about irresponsibility. Often, organizations don’t even realize why they are backing up in the first place.
Another common problem is communication. IT teams sometimes fail to explain the importance of backup clearly, or their requests go unheard by management.
And then there’s the problem of technology and knowledge aging very quickly. Information that was relevant five years ago can now be outdated — or even harmful.
What do companies most often underestimate in backup?
A good example is the current trend of immutability. Companies buy storage that promises immutable backups “on paper” and think the problem is solved. But implementation and understanding of how the systems actually work is absolutely critical.
Where are backups most vulnerable?
Weak points are multiplying on many levels. Sometimes a company has excellent technology, but it’s implemented incorrectly.
We saw a client who had a strong backup technology, creating immutable backups on standard servers with internal disks. But they deployed it as a virtual machine — which, by nature, can simply be deleted.
Another example: cloud backups. A client may have a perfectly secured perimeter — SIEM, next-gen firewalls, XDR, all the latest tools. But they pay no attention to the security of the backups they’re sending to the cloud. An attacker doesn’t even need to break into the company — they just need access to the cloud storage credentials to download the data. The client may never even realize the backups are gone.
And then there are NAS devices.
Why NAS devices?
NAS is popular for backups — compact, versatile, with plenty of features. They look affordable and are often marketed as a good solution.
But one of the fundamental rules of backup is that storage with backups must never be directly accessible from the internet (with the exception of properly secured cloud storage). If attackers get access to an internet-facing NAS, you’re essentially serving them your most valuable data on a silver platter.
What’s more, these low-cost NAS devices are not designed to guarantee reliable data recovery. Our support statistics confirm this very clearly.
What challenges arise when restoring data after a cyberattack?
A common scenario: the backups are fine, but after a ransomware attack, there is nowhere to restore them. The primary storage is encrypted and can’t be erased — so there’s no target environment to recover to.
What happens when a company loses data? Can you ever work “miracles”?
Honestly, it’s often frustrating. Most attacks result in weeks or even months of downtime, because the entire IT environment has to be rebuilt. Some companies end up paying the ransom — simply because such long outages would be business-critical. Even then, the recovery process is painful. And many companies have no idea how to act during a cyberattack. There are no plans, just panic.
Have the nature of attacks changed?
Yes — dramatically. A few years ago, attacks were largely automated. Today, only the initial breach might be automated (phishing, for example). After that, attackers operate manually. They carefully select victims, and criminal groups share specialists for specific technologies. Ironically, cybercriminals are often the ones who read technical documentation most thoroughly.
How do specialized cyberattacks unfold today?
Every attack is essentially unique. Sometimes attackers wait for months, studying how administrators work. We’ve seen cases where attackers mapped out an organization’s entire daily routine — even down to the sequence in which admins check systems or when they take coffee breaks.
What trends do you see in backup and recovery over the next 2–3 years?
Many companies are realizing that their backup investments don’t meet their current needs. I expect rising demand for outsourced backup and recovery services. It’s more efficient — and shifts responsibility to specialized providers.
What’s your advice to companies considering outsourcing?
The key is choosing a reliable provider. The challenge in Slovakia is whether there are enough local capacities. If not, the market will need to mature quickly.
Are companies open to outsourcing today?
We’re seeing early adoption, especially in the SMB segment. Smaller companies know they can’t have a single “all-round” expert who understands every IT layer. Larger enterprises are more cautious, usually keeping backups in-house. But some IT teams are beginning to spin off their knowledge as a service to the market — and that’s a positive trend.
What risks are there if backups are managed only internally?
We’re working on a “Top Ten Rules of Proper Backup” with colleagues. It focuses on practical design and operations — with one ultimate goal: recoverability.
One last, personal question: what would you do if you weren’t in IT?
Funny you ask — my daughter asked me the same recently. I originally studied accounting and even started in advertising. But my brother, who had a real talent for technology, inspired me to move into IT. And I told my daughter that when I was 15, my dream was simple: to become a millionaire. 🙂
Published: 10. October 2022
Read also
Get first-hand technology news
Trends, practical inspiration and recommendations in your inbox