Why an effective data backup strategy is vital protection against ransomware attacks

GUEST REVIEW by Mark Lukie, APAC Sales Engineering Manager, Barracuda: Ransomware attacks continue to top the list of IT security issues for many organizations. They can be disruptive, damaging and very expensive to resolve. In effect, Office 365 Backup Status Survey pointed out that 67% of Australian businesses are concerned about backing up data outside of their geographic residence and 69% are concerned about meeting data privacy requirements.

A recommended defense against these attacks is to have a solid data backup strategy. The logic is that if an attack occurs and the data becomes encrypted, the targeted organization can quickly restore the files and resume normal operations.

The problem, however, is that cybercriminals are well aware that reliable backups can allow an organization to ignore their ransom demands. As a result, many attempt to attack the saved data as part of their initial attack.

If they are able to gain administrative access to a target’s IT infrastructure, it becomes possible for them to locate backups and encrypt them with production systems. If this happens, the victim’s only choices are to pay the ransom demand or permanently lose access to their data.

Organizations can take two steps to protect backed up data. They are:

Create immutable backups: A key strategy that organizations can adopt to reduce the likelihood of losing access to critical data is to create immutable backups. These are copies of data that cannot be modified or encrypted.

In most cases, unauthorized access to immutable backup copies is prevented by only allowing access through a highly secure interface. Immutable data is also written once and never updated.

Introduce an air gap: Creating a physical vacuum or “air” between backed up data and the Internet can greatly improve security. Options include backing up to tapes stored offsite or using a highly secure cloud storage facility.

Maximize cybersecurity defenses
In addition to creating immutable safeguards and introducing a vacuum into an organization’s data protection regime, there are a range of other tactics that can be used. Together they will create a secure data infrastructure that will significantly reduce the chances of a successful ransomware attack.

Recommended tactics include:

Overview of Multi-Factor Authentication (MFA): Implementing MFA will help prevent cyber attackers from gaining access to targeted systems using stolen login credentials.

Using a Linux operating system: Using a hardened Linux operating system means that the backup infrastructure will be much less susceptible to malware and ransomware attacks. This improves security by preventing the execution of unauthorized code.

Integrate local backups and offsite storage routines: To keep data secure, backups should be made regularly with copies also sent to a secure “isolated” location. It is important that routines are established to make this happen like clockwork.

Follow a principle of least privilege access: Ensuring staff only have access to the computing resources they need to perform their jobs reduces the risk of cybercriminals obtaining stolen credentials that give them full administrator privileges.

No use of network sharing protocols: Data backups stored on network attached storage devices using protocols such as Network File System (NFS) or Common Internet File System (CIFS) are easily found and hacked. These protocols should not be exposed.

Deploy end-to-end encryption: Using 256-bit AES end-to-end encryption on all data means it is never readable by an attacker. All communication with the storage appliances can then take place through an encrypted VPN tunnel.

Follow a 3-2-1 backup strategy

To further strengthen backup defenses against a ransomware attack, a growing number of organizations are following a three-two-one strategy.

This strategy requires that an organization have at least three copies of all data at all times. It must be a production copy and two identical backup copies.

Additionally, at least two different types of physical media must be used to host the data. This means that, if one fails or is corrupted, the other can still be used for recovery.

Finally, it is important to keep at least one backup copy offsite. This means that in the event of a disaster, such as fire or criminal theft, data can still be restored.

The threats posed by ransomware are unlikely to diminish any time soon. Microsoft recommends that organizations use third-party backup for their Office 365 data. Using a cloud-native backup solution can provide faster backups, better performance, and instant scalability, while multiple external copies of your files backup guarantee redundancy and security.

By taking these steps, an organization can ensure that it is as well positioned as possible to recover in the event of an attack.

Comments are closed.