Security teams spend enormous effort chasing the latest threats, yet often overlook one of the most revealing sources of truth already in their environment: backups. In this episode of Data Security Decoded, host Caleb Tolin sits down with Kyle Fiehler, Transformation Analyst at Rubrik Zero Labs, to explore why backup data has become a critical — and largely ignored — form of security telemetry.
Kyle explains how secure, immutable backups act as a historical record of attacks that evaded traditional detection tools, capturing digital fingerprints left behind by sophisticated adversaries. From hypervisor-level threats to long-dwell state-backed actors, backups often reveal what endpoint and network tools miss. And attackers know it. As Kyle outlines, ransomware groups like Evil Corp and Storm-0501 deliberately target backups and identity infrastructure to maximize leverage and accelerate payouts.
The conversation also challenges how organizations think about recovery and Mean Time to Response (MTTR). Rather than treating MTTR as a single metric, Kyle advocates breaking recovery into phases — scoping compromise, validating clean recovery, and restoring identity — to pinpoint where resilience actually breaks down. The result is a more actionable, operational view of cyber readiness.
This episode offers a clear message for security and IT leaders alike: resilience isn’t just about preventing attacks. It’s about using every available signal, drilling recovery before incidents occur, and recognizing that backups are no longer passive insurance — they’re active intelligence.
What You’ll Learn
- Why secure backups function as a record of threats other tools miss
- How ransomware groups deliberately target backups and identity systems
- Where organizations commonly fail to extract security value from backup data
- How to rethink MTTR by breaking recovery into measurable phases
- Why identity infrastructure is central to modern recovery strategies
- Three concrete steps to operationalize backup intelligence today
Episode Highlights
- [00:00] Backups as Digital Fingerprints Why immutable backups reveal threats that evade traditional security tools.
- [04:30] The Telemetry Everyone Ignores How organizations overlook backups as a source of threat intelligence.
- [07:45] Who Owns Backup Security? The growing shift from IT ownership to security accountability.
- [10:30] MTTR Is Broken Why recovery metrics fail — and how phased recovery fixes that.
- [12:45] Threat Actors Targeting Backups How groups like Evil Corp and Storm-0501 maximize leverage.
- [15:00] Three Actions Security Teams Can Take Today Practical steps to extract real value from backup data.
