13 July 2026 – South African businesses need recovery strategies that go beyond backups, with regular testing, isolation and immutable storage to ensure resilience against ransomware and system failures. According to Mandi Pietersen, true business continuity depends on recoverability, not simply successful backup jobs.
Isolation, testing, and ownership – not just backup jobs – determine whether a business survives an incident, says Dariel’s Senior Cloud & Systems Administrator
South African businesses are increasingly confident in their backup systems – until the moment they actually need to use them. According to Mandi Pietersen, Senior Cloud & Systems Administrator at Dariel, having a backup is not the same as being able to recover. “A completed backup job tells you almost nothing,” says Pietersen. “The only thing that matters is whether you can restore what you need, when you need it, within a timeframe the business can survive.”
The industry standard and where it falls short
One of the most widely accepted approaches is the 3-2-1 backup strategy: three copies of data, on two different types of storage media, with at least one copy kept off-site. But Pietersen says a modern strategy needs to go further, incorporating regular testing, clear retention periods, strict access control, and immutable or offline copies to guard against ransomware.
Real-world incidents have reinforced the lesson. “From the ransomware recovery work we’ve done, one of the biggest takeaways was that backups can’t be reachable in the same way as normal production systems,” Pietersen explains. “If a compromised device can reach the backup location directly, the backup is compromised too. A backup strategy should be judged not just on whether backups exist, but on whether they’re isolated, tested, encrypted, protected from deletion, and genuinely recoverable.”
Backups as the last line of defence
Pietersen frames backups as one part of a broader resilience plan, built around two key measures: Recovery Point Objectives (RPO), which define how much data a business can afford to lose, and Recovery Time Objectives (RTO), which define how fast systems must come back online.
“Resilience doesn’t come from backups alone,” he says. “It comes from documented recovery procedures, regular restore testing, infrastructure redundancy, network segmentation, and secure storage. Cloud tools like availability zones and geo-redundant storage all help but backups remain the last line of defence when systems are damaged, encrypted, or deleted.”
Locking ransomware out of the recovery path
Encryption at rest protects backup data if media is lost or stolen, but Pietersen stresses that stopping ransomware requires more: isolating backup repositories from production entirely.
“Production servers and user devices should never have direct write access to backup storage,” he says. “That means separate backup administrator accounts, least-privilege permissions, multi-factor authentication, and strict firewall rules.”
He adds that immutable, offline, or air-gapped backups are essential so that a single ransomware event can’t reach every recovery point at once. “Backup infrastructure should sit apart from everyday business systems, with monitoring in place to catch failed jobs or unusual activity early.”
Where AI fits into the backup strategy
Asked whether AI has a role to play, Pietersen is measured but optimistic. “AI can help identify failed backups, unusual behaviour, ransomware indicators, data corruption patterns, and abnormal storage growth,” he says. “It can flag when a backup job behaves differently than expected, or when storage consumption spikes without explanation.”
He sees further potential in planning and response. “AI can help recommend better backup schedules based on system usage and business criticality. And during an actual recovery event, it can help prioritise which systems get restored first, which matters when every minute of downtime has a cost.”
The bottom line
For Pietersen, the message to businesses is straightforward: a backup that has never been tested is not a recovery plan. “Best practice isn’t a checklist you complete once,” he says. “It’s isolation, testing, encryption, and ownership, revisited continuously. That’s what separates a business that recovers from one that doesn’t.”
About Dariel
Founded in 2001 on the principle of delivering solutions right, the first time, Dariel bridges the gap between human ingenuity and technology. Our strong client partnerships reflect a commitment to excellence and our consultative approach to software engineering makes us a trusted partner for innovative and sustainable tech solutions. Proudly independent, Dariel is part of the JSE-listed Capital Appreciation Group. https://www.dariel.co.za/
For more information:
Samantha Hogg-Brandjes | GinjaNinja | samantha@ginjaninja.co.za | +27-84-458-4857










