Improving Backup Resiliency as the Last Line of Ransomware Defense

( Zephyr_p/Shutterstock)

In just the first half of 2021, two ransomware attacks had significant impacts on the U.S. and global economies: the attack against Colonial Pipeline limited gasoline availability on the U.S. east coast and drove gas prices up, while the attack against JBS temporarily shut down many of the world’s meat processing plants.

Those are just the most visible recent manifestations of today’s fastest growing cyber threat. Not only are these attacks growing exceedingly common, but they’re getting more sophisticated—some are now targeting and crippling the essential data backups companies previously thought were safe.

Given the pervasive nature of these attacks, it’s important to ensure your backup and recovery strategy is resilient. Here’s how:

Centralize Through a Backup Platform

As a preliminary step, implement a centralized backup platform, which will make it easier to backup and store data from a wide array of sources. This will help ensure all your data is protected and backed up, eliminating the protection gaps that may be present without a centralized platform. Simply put, with one centralized platform instead of many different backup solutions, you can more easily implement, measure and test your protection strategy.

Strengthen the Resiliency of Your Backup Platform

After you have a centralized backup and recovery platform for all your data sources, harden it against ransomware attacks by:

• Encrypting data at rest and in transit: Your data is at risk both while at rest and in transit. Encrypting data at rest will help protect the data that is not currently moving from one device or network to another. Encrypting data in transit is critical as files may be moving through networks, devices or the cloud and can be exposed to threats throughout their journey.
  

  Public key infrastructure (PKI) is an essential security technology (faithie/Shutterstock)

• Using digital certificates and integrating a PKI: Public key infrastructures (PKI) define a secure standard framework to exchange and manage encryption keys, as well as small- and large-scale digital certificates. The digital certificates in PKI should be used by each of the components within your backup infrastructure to strongly authenticate each other. This will help to protect the integrity of the data and the communication between your backup systems.
• Using strong authentication and user roles: Access to your backup systems and their data should be heavily restricted. Clearly defined access roles and rights help to precisely map the privileges of a user to their real responsibilities within the organization. Additionally, features such as two-factor authentication and user privileges can ensure only approved users are accessing your backups.
• Leveraging containers for an easy patch management process: Implementing containers for patch management allows for faster rollout of new patches. This limits the vulnerabilities on the operating system level of your backup infrastructure. Containers can also help reduce the downtime of a system by providing rollback opportunities if something goes wrong.
• Implementing anomaly detection to detect potential ransomware: Anomaly detection can help identify rare or unusual items within a backup system that could indicate ransomware.

Develop a Plan for When a Crisis Strikes

Even after implementing the above, it’s still necessary to develop a plan for when an attack happens. Being proactive and creating a plan will help you react appropriately and expeditiously in the event of an attack, thereby limiting the effects and scope of the crisis. Your plan should include:

• An outline of who needs to be involved and their responsibilities;
• Detection and initial analysis of the attack;
• Defining the scope of the attack;
• Determining the origination of the attack (who/what/where/when);
• Determining if the attack has concluded or is ongoing;
• Determining how the attack occurred;
  

  Good planning is essential for a rapid response to crises (Gorodenkoff/Shutterstock)

• Containing the impact and propagation of the attack;
• Eradicating the malware and vulnerabilities that may have permitted its ingress and propagation;
• Recovering data from hardened backups;
• Responding to regulatory and/or contractual obligations as a result of the breach.

Test and Test Again

It’s critical that you test your protection strategy before a disaster event like ransomware happens. This includes drilling your ransomware recovery plan outlined above. Testing your protection strategy can be cumbersome, but a good centralized backup platform can help you automate the testing. 

Educate Employees and Business Leaders

Taking the time to educate yourself, your leaders and company employees about the risks and signs of ransomware can help not only prevent an attempted ransomware attack, but detect a successful one early, potentially preventing it from even getting near your data backups.

Now Is The Time To Act

There is no doubt the ransomware threat will continue to grow—it’s a matter of when, not if your organization is impacted. Choosing now to back up your data with a centralized platform and implement the other recommendations above will establish a last line of defense to protect your backups and your business.

About the author: Simon Jelley is the general manager and vice president of product at Veritas Technologies.

Related Items:

Data Under Attack During COVID-19

Deep Learning Is Our Best Hope for Cybersecurity, Deep Instinct Says

Ransomware: Employing Object Storage to Defeat a Growing Threat