*By Alexandre Paoleschi
This is an original excerpt published on TIinside.com.br. Read the full article on TI Inside.
We live in an era where data not only supports businesses but defines their very existence. This same data fuels strategic decisions, connects operations, ensures traceability, and builds trust in increasingly volatile markets. It is no wonder that backup solutions have become mandatory items in the technological arsenal of organizations. However, the simple adoption of these tools has created the illusion that protection is guaranteed, and this is one of the most critical risks today.
An IDC report points out that 51% of ransomware attacks in 2023 attempted to destroy backups, and 60% of those attempts were successful. Other data shows that the industrial sector was the main target of attacks, representing 70% of cases. These numbers show that protecting production data is no longer enough; it is essential to also shield backup routines against increasingly sophisticated threats.
It is comfortable to believe that having a backup routine, configured in a market-validated system, means being secure. This belief is naturally repeated throughout corporate hallways. But in the real world, most failures don’t happen because a tool was missing. They happen because there was too much trust in something that no one was actually watching.
Over the years, working directly in critical data operations, I have faced an uncomfortable reality: systems considered robust and reliable often only show their fragility when they are needed most and, at that very moment, they fail.
In a recent operation, we identified a corporate environment that accumulated more than five thousand failures in less than ninety days. Less than 40% of these errors were effectively reprocessed. The rest were lost amidst communication noise, team overload, and a lack of structured follow-up. Management didn’t even know, and the technical team—outsourced and remote, located abroad—was overwhelmed. The result? Compromised recovery points, critical data exposed, and a vulnerable company. The backup existed, but the protection did not.
Where are the culprits?
The problem is rarely in the technology, but in the lack of governance over processes, the lack of visibility into routine failures, and the absence of effective alerts for quick decision-making. When a server is removed from a backup policy without notification, or when a five-year retention is mistakenly changed to five days, or even when logs are no longer analyzed due to lack of time, an illusion of control is built. And no audit can stand on an illusion.
This is where operational intelligence comes in as a survival factor—and I’m not just talking about artificial intelligence as a market trend, but as a practical tool to compensate for human error. AI should be used to remember what we forget, monitor what no one has time to look at, and act when systems go silent. True continuity is not born from the ability to react to failure, but from the ability to accurately anticipate it. Mature organizations abandon the passive logic of recovery and adopt an active stance of prevention, based on continuous data reading, intelligent alerts, incident management, and clear accountability.
Without this, corporate security becomes a theater, sustained by reports that ignore operational gaps and dashboards that mask silent failures. The price of negligence is usually high—in time, reputation, and money.
The false sense of protection is, today, one of the greatest cyber risks a company can carry. Not because failure is inevitable, but because it is invisible until it is too late. Recognizing this risk and facing it with transparency, visibility, and operational intelligence is the first step toward transforming data into resilient assets rather than silent traps.
Alexandre Paoleschi, CEO of KYMO Investments and founder of Fenix DFA.
