ACG-CYBER SECURITY BULLETIN NR 386: Backup Encryption: What it is and Why it is Important for Data Security

Posted on April 11, 2025

Reference Number ACG-CSB 032825386

The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

Backup encryption refers to the method by which information is converted into secret code that hides the information’s true meaning. Backup encryption conceals the original meaning of the data, thereby preventing it from being known to or used by unauthorized personnel. It helps maintain confidentiality and integrity of data by converting unencrypted data, also known as plaintext, to encrypted data or ciphertext. Backup encryption is a two-way function: First, it converts plain text into ciphertext or a secret code and then uses a key to interpret the secret code into plaintext. Once a backup is encrypted, anyone without the decryption key will not be able to read it. To put it simply, encryption safeguards your data from theft or disclosure across networks at various stages of its lifecycle, including storage, processing, and transit.

The science of encrypting and decrypting information is called cryptography. Encryption plays a vital role in securing different types of IT assets and Personally Identifiable Information (PII). Encryption serves four essential functions such as Confidentiality, it encodes the data to prevent it from being understood if it is intercepted; Authentication, it verifies the origin of the data that has been encrypted; Integrity, it validates that the data has not been altered since it was encrypted; and Nonrepudiation, it prevents senders from denying they sent the encrypted data.

Typical encryption methods include symmetric key encryption, which uses a single key together with an algorithm for both the encryption process and its opposite, decryption. The other type is asymmetric key encryption, using a public key to handle encryption and a private one for performing decryption. Backup encryption is very important for securing the data from associated dangers that may emanate from cyberattacks, data breaches, or even theft.

Encrypting backup data is not an added security measure but the most basic requirement in the current digital setup. In the current age of cyberattacks and constant data breaches, providing a secure environment for sensitive information is no longer an option but a must. Encryption converts readable data into a coded form, retrievable only if you own the key. Therefore, even if the data falls into the wrong hands, the information is worthless.

Cybercrimes are growing both in frequency and sophistication. Despite organizations implementing several security controls, threat actors still manage to penetrate defense systems and wreak havoc. Cybersecurity infrastructure and/or measures taken by businesses, governments and individuals are being outstripped or rendered obsolete by increasingly sophisticated and frequent cybercrimes.

Backups are quickly becoming a hot target for cybercriminals because they want to get rid of your ability to recover and gain full control of the attack. Therefore, backup encryption is important not only for business continuity and disaster recovery but also to improve the organization’s overall security posture. Backup encryption is a security best practice that helps protect the organization’s confidential information and prevents unauthorized access.

The primary purpose of encryption is to protect the confidentiality of digital data stored on computer systems or transmitted over the internet or other computer networks. It is used to safeguard a wide range of data, from PII to sensitive corporate assets to government and private sector’s secrets. By encrypting their data, organizations reduce the risk of exposing sensitive information, helping to avoid costly penalties, lengthy lawsuits, reduced revenue and tarnished reputations.

In conclusion, data protection is a critical concern for individuals and organizations in today’s digital age and needs to be addressed at all stages of a file’s journey. A comprehensive approach to data protection that includes encryption, backup and disaster recovery planning, access control, network security, and physical security can help ensure the security and confidentiality of sensitive information. It is important to regularly assess and update security measures in order to keep up with advances in technology and the evolving threat landscape.

RECOMMENDATION

The public is advised to follow these tips to avoid being a victim of cybersecurity-related attacks:

Secure all endpoints, including laptops, mobile devices, and IoT devices, to prevent unauthorized access and malware infections;
Implement strict access controls to ensure that only authorized personnel can access sensitive data;
Use Multi-Factor Authentication (MFA) to add an extra layer of security;
Enable remote location and device-wiping; and
Maintain clear separation between personal and work devices.

For additional information, please refer to the following websites:

https://parablu.com/glossary/what-is-backup-encryption-definition-and-faqs/
https://www.techtarget.com/searchsecurity/definition/encryption
https://www.bitlyft.com/resources/methods-for-protecting-sensitive-data

POINT OF CONTACT

Please contact PLTCOL JERRY V EMPIZO, Officer-In-Charge, Cyber Security Unit, thru e-mail address csradacgroup@gmail.com or contact us by telephone number (632) 723-0401 local 7488 for any inquiries related to this CYBER SECURITY BULLETIN.