With robust data protection and management integral to business operations, businesses can no longer afford to make data protection an afterthought. With the average cost of a data breach in ASEAN countries now $3.05 million, data protection has grown in urgency in Asia. Regulations and comprehensive privacy laws have either been established or are in the process of being implemented in countries including Thailand, Indonesia, Singapore, and Vietnam.

Yet, a fragmented solutions landscape and leaner IT teams mean businesses often lack the expertise to protect against such threats, rendering them unable to adequately guard against these vulnerabilities. Such unpreparedness can be avoided by debunking three key myths.

Myth 1: Backing up data to the cloud means it’s completely secure

Storing data and workloads on the cloud is de rigueur for any cloud-native business, but cloud backup capabilities continue to be widely misinterpreted. A 2023 study found that 43 percent of IT Data Managers incorrectly believe cloud providers are accountable for safeguarding and recovering data stored within the cloud, but in reality, they’re only able to ensure a certain level of data resilience and redundancy for the data they host.

This is because data backup and disaster recovery are often shared responsibilities in the cloud. Under this shared responsibility model, cloud providers focus primarily on maintaining the availability and integrity of their infrastructure, while offering some built-in tools and capabilities.

When you migrate to the cloud, it’s easy to assume that all maintenance tasks are handled by the service providers. While some compare on-premises operations to maintaining a house and using the cloud to staying in a hotel, a more accurate analogy is leasing a furnished apartment. The landlord ensures that appliances and utilities are in working order, but keeping the space clean and organized remains your responsibility.

However, if you have highly complex or specific backup needs, these standard offerings may not be sufficient, especially when a serious cyber incident hits. For example, falling victim to a nasty ransomware attack means attackers may compromise both primary storage and cloud backups. In this case, self-managed backups and managed services like Backup-as-a-Service (BaaS) and Platform-as-a-service (PaaS) provide more flexibility and customization.

Myth 2: Paying ransoms guarantee data recovery

Ransomware remains the top threat for data breaches and system outages. The Veeam Data Protection Trends Report 2024 found that 75 percent of organizations suffered at least one ransomware attack last year, with 25% being attacked more than four times.

However, ransomware doesn’t seem that scary at first, even if organizations are susceptible to it. It might be a hefty sum, but the process seems straightforward: pay the ransom, get your data back.

The truth is more complex and disappointing. The Veeam 2024 Ransomware Trends Report discovered that 81% of companies complied with the ransom demand, but only 54 percent managed to retrieve their data, with 27% still unable to do so. This is because ransomware isn’t like opening a Netflix account. You don’t get seamless, instant access to what you’ve paid for – you have to wait or accede to more demands from the attackers. In the more unfortunate cases, that wait lasts forever, and no decryption keys are ever supplied.

When the keys are eventually given, decryption can also take a long time, because it only unlocks a small number of files at once. Or else, it’s often that ransomware has already corrupted files or overwritten data. According to the same report, on average, 43% of affected data in a ransomware attack will not be recoverable, leaving organizations vulnerable to substantial data loss and negative business impact as a result. The way around this? Have multiple backups, have immutable (unchangeable) backups, and keep a version offline.

Recovering from ransomware is an unfortunate reality of modern business, yet far too many organizations end up paying the demands and with nothing to show for their efforts and money.

Myth 3: Having backups is enough to recover after a ransomware incident

It’s clear that ransomware payments are not the answer, and experts in ransomware resilience have made great efforts to educate organizations on how data backup and system recovery is a far safer, more reliable, and ethical way to recover from ransomware attacks. Thankfully, practically every organization takes backup seriously these days, but achieving effective ransomware attack recovery requires more than just having backups.

There are a few common trip-ups when it comes to ransomware attack recovery. The first is not having an environment ready to recover data. Organizations sometimes don’t realize until it’s too late that the production environment that houses workloads, whether a cloud or on-premises, is often unavailable for some time. It’s either compromised or ‘cordoned off’ as an active crime scene. If your kitchen has burnt down, you can’t replace it until the building itself has been checked and secured. So, you need a backup environment to recover your backup data during an outage. If this is a cloud, make sure your team is technically comfortable with how that specific cloud works – you don’t want to be refactoring data or learning new cloud specs in the middle of an outage.

Another roadblock organizations run into is that they are misaligned for preparedness. Close to two-thirds of organizations find their backup and cyber teams lacking alignment, resulting in delayed detection of cybersecurity incidents, or inadequate backup and recovery response. When this is coupled with existing misalignment challenges in organizations, it can also affect Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs), leading to extended downtime and operational disruptions.

Ensuring data protection and data resilience is never-ending. You constantly have to adapt to new threats and technologies. This means we must continually educate ourselves or the specialists responsible and wider stakeholders such as senior leadership, finance, and compliance. Widespread misconceptions can make an organization vulnerable or slower to respond to the business’s data protection needs. The more you know, the more you can control, and what you don’t know can’t hurt you, at least, until it’s too late to fix.


Beni Sia is General Manager & Senior Vice President, APJ at Veeam Software. Beni has over 20+ years experience in sales and marketing functions across telecommunications, enterprise, and commercial sectors in the IT industry holding regional roles, managing direct, OEM, alliances, and channel teams.

TNGlobal INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.

Reducing data breaches in car technology: How to improve cybersecurity in modern automotives