Your Backups Are Talking - Are You Listening? with Kyle Fiehler

In this episode of Data Security Decoded, host Caleb Tolin sits down with Kyle Fiehler, Sr. Transformation Analyst at Rubrik Zero Labs, to explore why backup data has become a critical — and largely ignored — form of security telemetry.

Kyle explains how secure, immutable backups act as a historical record of attacks that evaded traditional detection tools, capturing digital fingerprints left behind by sophisticated adversaries. From hypervisor-level threats to long-dwell state-backed actors, backups often reveal what endpoint and network tools miss. And attackers know it. As Kyle outlines, ransomware groups like Evil Corp and Storm-0501 deliberately target backups and identity infrastructure to maximize leverage and accelerate payouts.

The conversation also challenges how organizations think about recovery and Mean Time to Response (MTTR). Rather than treating MTTR as a single metric, Kyle advocates breaking recovery into phases — scoping compromise, validating clean recovery, and restoring identity — to pinpoint where resilience actually breaks down. The result is a more actionable, operational view of cyber readiness.

What you'll learn:

• Why secure backups function as a record of threats other tools miss
• How ransomware groups deliberately target backups and identity systems
• Where organizations commonly fail to extract security value from backup data
• How to rethink MTTR by breaking recovery into measurable phases
• Why identity infrastructure is central to modern recovery strategies
• Three concrete steps to operationalize backup intelligence today

Chapters:
[00:00] Backups as Digital Fingerprints
[04:30] The Telemetry Everyone Ignores
[07:45] Who Owns Backup Security?
[10:30] MTTR Is Broken
[12:45] Threat Actors Targeting Backups
[15:00] Three Actions Security Teams Can Take Today

Episode Resources:
Caleb Tolin on LinkedIn: https://www.linkedin.com/in/calebtolin/
Kyle Fiehler: https://www.linkedin.com/in/kyle-fiehler-21962a60/