The Biggest Cybersecurity Myth: Backups Will Save You from Ransomware

If your data is compromised in transit, your backups are compromised too.

There’s a dangerous belief still floating around boardrooms and IT departments: “We’re fine, even if ransomware hits us, we have backups.”

It sounds reassuring, like a comfort blanket wrapped around the business. But it’s wrong.

The idea that backups are a safety net for ransomware has been repeated so often that many believe it’s a cybersecurity best practice. But it’s far from that:

A backup is only as good as the data it receives. If ransomware tampers with your data before it’s backed up, you’re simply creating a perfect copy of the corrupted version.

Let’s break this down. Because for too many businesses, the myth that backups protect you from ransomware is creating a false sense of security that could cost your business millions.

Most organizations think about ransomware as something that attacks endpoints or servers. They picture a user clicking a bad link, or a file getting encrypted and held hostage. So naturally, the recovery plan is: “Just restore from backup.”

But ransomware doesn’t always behave that way anymore.

Modern ransomware methods are more sophisticated. They do more than lock you out, they silently tamper with your data in motion, often long before you realize anything is wrong. And if your backup systems are pulling data from compromised sources, then guess what?

You're backing up a breach.

You have nightly backups configured from your application servers to your cloud storage provider. You feel protected.

But in reality, an attacker gained access to your environment weeks ago. They didn’t deploy the ransomware payload immediately; they modified key data files in subtle ways that don’t raise red flags. Maybe they corrupted timestamps or injected false values into financial reports.

Your systems look fine on the surface, and your backups keep running.

By the time the ransomware actually triggers, locking your systems or exfiltrating sensitive data, your entire chain of backups is compromised. And now your “recovery plan” becomes a liability.

Organizations have invested heavily in perimeter defenses like firewalls and threat detection platforms. But 84% of breaches involve stolen credentials, meaning attackers likely already have your keys.

And once they’re inside, they move laterally and target data in motion, because that’s where it’s most vulnerable.

We’ve seen organizations encrypt data at rest and secure their endpoints, but completely ignore what happens when it moves between systems. That’s a gift to ransomware actors.

Backup vendors will tell you they use encryption. But that only applies to data at rest or in their own storage environments. They don’t protect the integrity of the data as it’s being transmitted from your systems. They assume the source data is clean.

Certes doesn’t make that assumption.

We ensure data is protected from the moment it leaves a host until it reaches its destination, including if that destination is your backup appliance or cloud archive. Our approach goes far beyond encryption; it’s about policy enforcement, integrity assurance, and key ownership. It’s about making sure nothing can see or alter your data in transit, full stop.

Under regulations like GDPR, DORA, and NIS2, integrity is non-negotiable. If regulators find that you’ve been backing up corrupted or exposed data, you’ll face legal consequences on top of recovery challenges.

Backups don’t exempt you from compliance.

DORA, for instance, requires evidence that critical data remains unaltered and auditable during transmission. If ransomware alters that data midstream and you can’t prove otherwise, your organization is in violation.

You need to assume your network can be compromised. Assume someone will eventually log in with stolen credentials. 

What you can’t afford to do is assume your backups will save you.

Protect your data before it’s backed up. Protect it while it’s moving. Protect it from being tampered with in the first place.

Certes’ Data Protection & Risk Mitigation (DPRM) makes this possible without adding friction to your systems, without losing performance, and without giving up control of your keys.

If you’re relying on backups as your ransomware strategy, it’s time to re-evaluate.

Because the next time you run a restore, it might bring your attacker right back in with it.

Backups are a necessary part of your recovery plan. But they are not a defense strategy. They don’t stop ransomware. They don’t prevent corruption. They don’t ensure compliance.

Only protecting your data itself, wherever it travels, can do that.

Let’s stop spreading the myth. Backups alone won’t save you. But protected data will.