When backups become the target: Why your recovery plan needs a rethink

A MANUFACTURER’S IT team once sat through a demonstration for a backup software. The team was impressed but never deployed it.

Two months later, ransomware struck.

Attackers locked down the company’s primary data and moved swiftly to its backups, a now-standard tactic designed to cut off any path to recovery.

What saved them was something no one had thought to deploy: a read-only snapshot created during that earlier demo, preserved at a point in time before the breach began, that allowed the company to restore its data.

Says Antoine Yang, head of Southeast Asia at Synology: “Their data was restored using the exact snapshot we had created during the demo. After that, the company took backup software seriously.”

It is a pattern that plays out repeatedly across enterprise IT. The tools to protect data are often already in place, but many organisations only recognise their value after something has gone wrong.

From storage to recoverability

That shift in mindset is playing out against a worsening threat landscape. According to the Cyber Security Agency of Singapore's Singapore Cyber Landscape 2024/2025 report, ransomware cases rose 21 per cent in 2024, with manufacturing firms and listed companies among the hardest hit.

The Covid-19 pandemic accelerated the move to hybrid and cloud-based environments, and data is now spread across systems, locations and platforms, making it harder to secure and even harder to recover.

Research by data storage and management company Synology underscores the gap: While more than half of businesses in South-east Asia have experienced cyberattacks, only one in five feel confident they could recover quickly.

Today, the question is no longer how much data a company can store. It is how fast it can get back on its feet.

Rethinking the architecture

For Synology, that shift is reshaping how it positions itself. Founded in 2000, the company is best known for its network-attached storage devices, but describes itself as fundamentally software-led, with around 70 per cent of its Taiwan headquarters staffed by engineers.

“We encourage customers to treat us as a partner, not just a vendor,” says Yang. “It is about understanding how their organisation works so we can design something that fits from the start.”

In a modern ransomware attack, he adds, backups are often the first target. “No matter how many versions you have, once they are compromised, you have no way to retrieve them. So we make each backup version something that cannot be modified. As long as you have one clean copy, you can still roll back.”

This thinking underpins the 3-2-1-1-0 model – where companies store three copies of their data, on two types of media, keep one copy offsite, one copy offline and ensure zero errors by testing the backup process regularly. It is also the principle behind ActiveProtect, Synology’s dedicated backup appliance, where copies cannot be modified or deleted even after a breach.

Building in layers

Synology’s systems are designed to layer onto existing infrastructure in what Yang calls a “building-block” approach. A company might start with storage, add backup capabilities, integrate cloud synchronisation and eventually bring ActiveProtect in as a centralised control layer.

That flexibility proved critical for TOHO Singapore, a food importer supplying more than 2,000 premium Japanese products to hotels, sushi chains and fine-dining establishments. Formed through the merger of three companies, it inherited a patchwork of IT systems and no unified backup strategy.

After evaluating competitors, TOHO chose Synology for its security, resilience and flexibility. The backup process was shortened to under 30 minutes, while critical data remained recoverable even in the event of simultaneous system failures.

Cost is another consideration. Where many enterprise vendors charge recurring fees tied to data volume, Synology’s licensing model is largely perpetual, reducing the long-term cost burden as storage needs grow.

Built for an AI future

As organisations push into artificial intelligence, the challenge grows more complex. Valuable datasets are often siloed across platforms, limiting their usefulness and making it difficult to extract accurate insights.

“When data is spread across different systems, it becomes very difficult to manage,” says Yang. “And when you move into AI, that fragmentation makes it harder to get precise insights.”

Synology’s platforms address this by consolidating files, backups and operational data into a unified layer that can support analytics, automation and AI workloads.

Its PAS7700, an all-NVMe enterprise storage system to be launched in the second quarter of this year, is designed for exactly this environment, combining high performance with the reliability required for mission-critical workloads.

Beyond the backup

Underlying all of this is a broader shift in how organisations think about data. Protection is increasingly tied to data sovereignty: Organisations not only have to keep their data secure, but need full visibility into where their data is stored and who can access it.

Synology’s approach centres on on-premise and private cloud deployment, supported by encryption, immutable backups, snapshots and multi-factor authentication.

The goal is not simply to store data, but to ensure it can be trusted and recovered when it matters most.

“People used to focus on building up their storage pool,” says Yang. “Now they care about recoverability, as in how soon they can get their data back and sustain the business within a very short time.”

As organisations scale their digital and AI ambitions, the ability to manage, protect and recover data is emerging as a defining factor in how effectively they operate and respond to disruption.

Learn how Synology can help your organisation protect and manage your data.