Offsite offline backups. Redundant ones. This scenario is really no different than if your datacenter had a gas leak and blew up, particularly because you never will ever be able to prove the attacker didn't retain your data somewhere so all you can do is guarantee recovery. Of note in this case is that the thieves only stole 2TB of data - this is a trivial expense to orchestrate a manyfold backup regime for in near real time when the alternative is shelling out millions.
And its also about your threat model. If data leakage of any form threatens your business you need way more security than if you just want to be able to recover from exploits in your publicly facing infrastructure (or the ability for a rogue actor inside the company from sabotaging the business from the inside).
At the most extreme having physical separation of infrastructure with physical token based auth and multiple signature verification to interact with data is going to be a heavy price in diligence to maintain secrecy. At the lowest end having a redundant backup storage array with a cron job on all employee computers to versioned backup files every minute that doesn't have network signin access.
And its also about your threat model. If data leakage of any form threatens your business you need way more security than if you just want to be able to recover from exploits in your publicly facing infrastructure (or the ability for a rogue actor inside the company from sabotaging the business from the inside).
At the most extreme having physical separation of infrastructure with physical token based auth and multiple signature verification to interact with data is going to be a heavy price in diligence to maintain secrecy. At the lowest end having a redundant backup storage array with a cron job on all employee computers to versioned backup files every minute that doesn't have network signin access.