How Ransomware Resilient is Your Data Backup Strategy?
When it comes to ransomware protection, backups are your last line of defence. But relying on scheduled backups alone is not enough to protect you against the threats posed by malware.
In this blog post, we take a look at some steps your business can take to ensure you're doing everything you can to protect your backups from ransomware.
Ransomware is Targeting your Backups
Your business’ backup data is an attractive target for cyber criminals. With copies of your critical data and systems in their hands, they have the leverage they need to demand a ransom.
Additionally, your backups may not be adequately protected or segregated from your main network. This makes them easier targets for ransomware attacks. Once threat actors gain access to your network, they may quickly locate and compromise backup systems.
If they can successfully encrypt or delete backups, they can demand higher ransom payments. Businesses may be more willing to pay a larger sum if they believe their only alternative is to rebuild their systems and data from scratch.
Finally, if cyber criminals can access and compromise your backups once, they may be able to do so again. This creates an ongoing threat, as attackers can repeatedly target and extort you.
What Does This Mean For You?
When data backups become a target for attack, the potential effects of a breach increase. If backups are compromised, victims are 50% more likely to pay a ransom.
Recovering after a ransomware attack involves time, effort and resources. If backups are compromised, time to recovery increases exponentially. Just 26% of compromised businesses fully recover within a week. That’s compared to 46% of those whose backups were not infected.
Worse still, ransom demands escalate once criminals know their victim cannot recover data. This can see recovery costs balloon to 800%.
The Pitfalls Of A Cloud-Only Approach
Using the cloud to store backups is a great way to protect against accidental data loss. The cloud also meets the ‘offsite’ copy requirement of a good 3-2-1 backup strategy.
But when data synchronises to the cloud, you often copy ransomware and unrecoverable encrypted data into backups. The archived ransomware may not be 'live', but it will re-infect systems when restored.
How to Build a Ransomware-Resilient Data Backup Strategy
With backups being such a desirable target for ransomware threat actors, what can your business do to make sure your approach to data backup is as ransomware-resilient as it can be? The answer is to strengthen the security of your archives themselves - here's how.
Create Immutable Backups
Making backups read-only is an immediate and effective way to prevent ransomware infection. Creating immutable backups ensures your data is always an accurate reflection of your systems at that point in time.
With the right backup software you define immutability rules that govern when files can be updated or deleted. You also control backup set retention periods to prevent accidental overwriting.
Store Backups Offline
The 3-2-1 backup strategy recommends keeping one copy of your data offsite. Many organisations take this to mean in the cloud - and many cloud providers encourage that belief.
Yet the fact that data remains ‘online’ in the cloud means it is still vulnerable to ransomware. Storing backups offline, also known as ‘air gapping’, ensures that they can't be attacked or compromised remotely.
Immutability combined with offline storage reduces the risk of ransomware affecting your archives. Reliable backups are essential to restoring operations quickly following an infection.
Optimise Your Backup Frequency
Another factor to consider when developing a ransomware recovery strategy is data freshness. Your backup is a point-in-time snapshot, which quickly ages as time passes. The longer between snapshots, the less fresh the archived data becomes.
By reducing time between snapshots, you limit the amount of work required during a restore. Fresher data limits the amount of rebuilding and overall recovery needed to resume operations.
Capturing and archiving your data more regularly will help to mitigate the effects of a ransomware event. In this way, regularity could also speed up time to recovery.
Immutability, air gapping and frequency are the foundations of a successful backup strategy. And not just when dealing with ransomware. Combining all three factors will allow you to manage any disaster recovery scenario successfully.
Join our Webinar: How To Protect Your Backups from Ransomware
Find out more about mitigating ransomware threats - join our webinar on Wednesday May 22nd at 14:30 BST (London) / 09:30 EDT (New York), when we'll welcome special guest speaker and cyber security expert James Bore of Bores Group and offer practical guidance on keeping your backups safe from ransomware.
Secure your spot here.
6 Ways to Build your Ransomware Resilience
7 Ways Your Business Can Demonstrate Data Backup Compliance
