5 Ways You Can Protect Your Backups From Ransomware
Cyber criminals no longer need technical expertise to launch ransomware attacks. In fact, they can be executed with a software solution that costs as little as $40 a month.
Reports show that ransomware cases increased by 84% in 2023. And with the global ransomware threat expected to rise as AI becomes more commonplace, the dangers this malware poses to businesses is unlikely to go away any time soon.
Why do Cyber Criminals Target Business Backups?
Your business' backups are a valuable target for cyber criminals for a number of reasons. Gaining access to your backups allows them to:
-
Access extremely valuable data - Business backups hold valuable data that criminals can use for exfiltration. For example, sensitive customer credentials, financial details and intellectual property.
-
Disable operations for leverage - Many businesses rely heavily on the data stored in their backups for continuity. For example, manufacturing and healthcare businesses may need access to instructions, batch records, certificates and test results to operate on a daily basis. In some cases, losing this data can cause operations to grind to a halt.
-
Cover their tracks - Ransomware can go undetected for a long time. This increases the potential for devices and files to be infected on a much larger scale. If cyber criminals have infiltrated a network and compromised data, they may attempt to cover their tracks by deleting or encrypting backups. This makes it harder for businesses to recover the original data and trace the source of the attack.
-
Encrypt or delete your data - A ransomware actor's main upper hand is the threat to delete or encrypt a businesses' data. As backups store a company's most comprehensive and valuable information, access to these are all a criminal needs to achieve their ends.
How to Protect Your Business Backups from Ransomware
Here are five steps your business can take to mitigate the risk of cyber criminals accessing your backups.
1. Segregate Backups From Your Network
Segmenting backups from the rest of your technology infrastructure can help isolate and protect them. But as long as they’re connected, they’re still vulnerable.
Keeping backups on a hard drive or a server that’s disconnected from external networks when not in use, also known as air-gapping, is the only foolproof way to keep ransomware actors from accessing them.
But what makes this approach so secure also makes it extremely inconvenient. Air-gapped backups often require a massive amount of storage space. Additionally, the hardware must be stored somewhere secure. This may not be a problem for a small business that can fit its backup on a single hard drive, but large enterprises may require several servers.
Also, reconnecting hardware to the network regularly can be difficult and time-consuming. The recovery process can take a lot of time as well. For these reasons, this method is best used for only the most critical data.
2. Keep Multiple Backups in Multiple Formats
Making several copies of a backup on different types of media makes it more likely that you will have at least one usable copy in case of a ransomware attack.
One widely recommended approach is called the 3-2-1 strategy. This involves making at least three backups. These are stored in at least two different formats and at least one copy is stored offsite. For example, you could keep one backup copy backed up on an on-site server, another backed up on a server at an offsite location and another copy in the cloud.
3. Back up Often Using Different Techniques
Every business should back up data and systems regularly. However, maintaining multiple complete backups may not be feasible for many reasons.
Incremental and differential backups can reduce the burden of storage as well as risk. In an attack, ransomware may be limited to an incremental rather than a full backup. Incremental and differential backups can also be useful during a forensic analysis to determine exactly how and where ransomware compromised them.
4. Limit Access to Backups and Backup Applications
Research shows that 88% of data breaches are caused by human error. Employees can fall for phishing scams, or they might unknowingly download malicious files from a contaminated USB drive or other device.
While regular security training and a culture that emphasizes security awareness can reduce the risk of these errors, statistics show that may not be sufficient to protect against ransomware.
A more effective approach is to minimize the number of people on the IT team who have access to backups and any applications used to manage them. Backup tasks and responsibilities can also be divided among different IT team members, either by function or by type of data (such as databases, applications, or documents). This prevents any one person from having total control over backups, limiting the damage if their credentials or access are compromised.
5. Test Backups Regularly
The last thing you want to find in the event of a ransomware attack is that the backups you were counting on have also been encrypted or corrupted. That’s why it’s crucial to test backups regularly and conduct random spot checks to validate their integrity.
If ransomware has compromised a backup, testing increases your chances of detecting it as early as possible, limiting damage and preventing it from spreading to your network.
Macrium Image Guardian - Keeping Your Backups Safe from Ransomware
Macrium products, including our backup and recovery solution Reflect, our backup management software Site Manager and our imaging and deployment tool SiteDeploy all include access to Macrium Image Guardian (MIG). MIG is a feature that prevents backup files from being encrypted by ransomware.
Download a free trial of Macrium Reflect here to see how these products and features can help protect your business from ransomware threats.
What Is the Advanced Encryption Standard? AES Explained
