Sign up to save your podcasts
Or
Share Why Object First Says Most Immutable Backups Are Not Truly Immutable
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Why Object First Says Most Immutable Backups Are Not Truly Immutable
What happens when the backup you trusted turns out to be anything but immutable?
In this episode of Business of Cybersecurity, I sit down with Anthony Cusimano from Object First to unpack one of the most misunderstood words in cyber resilience right now: immutability. It is a term that appears in countless vendor pitches and product pages, but as Anthony explains, the reality behind those claims can vary wildly. In a world where attackers are actively targeting backups as part of modern ransomware campaigns, that gap between promise and reality can have serious consequences.
Anthony helps me separate marketing language from real architectural protection. We explore why a simple checkbox or software setting is not enough to make backup data truly safe, and why organizations need to think much more carefully about how backup storage is designed, isolated, and protected. He also explains why backup strategy can no longer sit quietly in the background as a routine IT function. It now sits right at the heart of cyber resilience.
One of the biggest takeaways from this conversation is how ransomware operators have changed their tactics. Backups used to be the fallback plan, the thing that gave businesses a path back after an attack. Now, attackers know that too, which is why backup systems themselves have become a priority target. Anthony explains how this shift has changed the role of backup admins, raised the stakes for recovery planning, and forced security leaders to rethink what “safe” really means.
We also get into the role of Zero Trust in backup storage, the risks of false confidence when immutability is poorly implemented, and the practical questions CIOs, CISOs, and infrastructure teams should be asking vendors before they trust them with business-critical recovery data. This is where the conversation gets especially useful, because Anthony does not stay at the theory level. He brings it back to what teams should be checking, testing, and validating right now.
Another part of the discussion looks at how AI is changing the threat picture. As attacks become more automated and more adaptive, organizations will need recovery strategies that are built for pressure, not just written for compliance. Anthony shares his perspective on why long-standing best practices still matter, and why businesses should be far more intentional about where their most important data lives and how quickly it can be recovered.
I also appreciated Anthony’s strong defense of backup professionals, the people who often carry enormous responsibility without much recognition until something goes wrong. This episode is a reminder that resilience is never just about technology. It is also about the people trusted to keep the business standing when everything else is under pressure.
So if your organization believes its backups are immutable, the real question is simple. Are they truly protected at the architecture level, or are you trusting a label that might not hold up when it matters most?
- Connect with Anthony Cusimano
- Learn more about Object First
- Absolute Immutability: The Ultimate Ransomware Defense
- YouTube
View all episodes
By Neil C. HughesWhat happens when the backup you trusted turns out to be anything but immutable?
In this episode of Business of Cybersecurity, I sit down with Anthony Cusimano from Object First to unpack one of the most misunderstood words in cyber resilience right now: immutability. It is a term that appears in countless vendor pitches and product pages, but as Anthony explains, the reality behind those claims can vary wildly. In a world where attackers are actively targeting backups as part of modern ransomware campaigns, that gap between promise and reality can have serious consequences.
Anthony helps me separate marketing language from real architectural protection. We explore why a simple checkbox or software setting is not enough to make backup data truly safe, and why organizations need to think much more carefully about how backup storage is designed, isolated, and protected. He also explains why backup strategy can no longer sit quietly in the background as a routine IT function. It now sits right at the heart of cyber resilience.
One of the biggest takeaways from this conversation is how ransomware operators have changed their tactics. Backups used to be the fallback plan, the thing that gave businesses a path back after an attack. Now, attackers know that too, which is why backup systems themselves have become a priority target. Anthony explains how this shift has changed the role of backup admins, raised the stakes for recovery planning, and forced security leaders to rethink what “safe” really means.
We also get into the role of Zero Trust in backup storage, the risks of false confidence when immutability is poorly implemented, and the practical questions CIOs, CISOs, and infrastructure teams should be asking vendors before they trust them with business-critical recovery data. This is where the conversation gets especially useful, because Anthony does not stay at the theory level. He brings it back to what teams should be checking, testing, and validating right now.
Another part of the discussion looks at how AI is changing the threat picture. As attacks become more automated and more adaptive, organizations will need recovery strategies that are built for pressure, not just written for compliance. Anthony shares his perspective on why long-standing best practices still matter, and why businesses should be far more intentional about where their most important data lives and how quickly it can be recovered.
I also appreciated Anthony’s strong defense of backup professionals, the people who often carry enormous responsibility without much recognition until something goes wrong. This episode is a reminder that resilience is never just about technology. It is also about the people trusted to keep the business standing when everything else is under pressure.
So if your organization believes its backups are immutable, the real question is simple. Are they truly protected at the architecture level, or are you trusting a label that might not hold up when it matters most?
- Connect with Anthony Cusimano
- Learn more about Object First
- Absolute Immutability: The Ultimate Ransomware Defense
- YouTube