Backups, Addressing a Major Security Risk | Ransomware Backup Strategy
There is a level of awareness from both IT professionals and the general public that ransomware is a credible threat yet both groups are uncertain how to provide protection. What many don’t realize is that backups are the most crucial line of defense against ransomware.
Backups, disaster recovery, and data protection are now some of the most critical tools in an IT admin's arsenal. With the recent uptick of CryptoLocker ransomware attacks, many organizations are at risk, and they do not even know it.
Backups have become a prime target for cybercriminals over the last few years. If an attacker can hold your network hostage, you may think, we can restore from backup! But what happens if those backups for all your mission-critical data, applications, servers, and VMs are held hostage as well?
Over the last year, we have seen several companies that were hit by ransomware attacks. These attacks ground their businesses to a halt. According to Govetech, businesses lose around $8,500 per hour due to ransomware-induced downtime, and more than $64,000 in downtime costs on average.
While ProArch's Incident Response team worked tirelessly to get them back online, a few had to resort to paying the ransom as their backups were also compromised. Whether believed or not, every business has something to lose, and attackers always have something to gain. It is vital to understand your backup environment, and these companies missed several essential steps in their backup processes and did not have a ransomware backup strategy in place.
How to ensure your backup infrastructure is protected from cyberattacks and ransomware:
- Isolate backups
Remove backup from the domain and use a separate authentication system in case domain credentials are stolen. Backups should never be presented as a share on the network (non-contiguous name-space).
- Keep multiple backup copies at multiple locations
Have three different copies of important files, using at least two backup methods. One of them needs to be at a different location or in the cloud.
- Understand where critical information resides
Know where data is stored on the network and set Recovery-Time and Recovery-Point Objectives (priorities) for restoring data after an event.
- Encrypt backups
If backups are compromised and encrypted, there is a high likelihood your data will be safe.
- Test backups
Make testing backups a routine task to ensure failures are remediated, and data is being fully and accurately processed.
- Document backup policies and procedures
Maintain documented backup and recovery policies and procedures with assigned responsibility.
- Isolate backups
Data is one of your organization's most valuable assets. If your data is compromised, backups are the lifeline to preventing business interruption and downtime. Performing a backup assessment will confirm the backup environment is meeting the requirements of the business and remediate any compliance and security gaps.
ProArch's Backup and Recovery Posture Check is a flat fee engagement that evaluates your current backup and recovery strategies and outlines recommendations for a secure backup environment that meets recovery objectives.