Today, 31 March 2022, is World Backup Day again – a good time to think about what an effective data backup strategy needs to do. A lot has changed in recent years! More and more data is hosted in the cloud, ransomware is one of the biggest threats to data today.
Advertising
This begs the question: does on-site backup provide everything that companies need? Questions emerge such as:
- Reliability and value for money?
- Are the Office 365 data protected in the cloud?
- Is resilience considered and are air-gap copies of the data backed up?
- Is a solution in place that meets DSGVO requirements?
- How often are DR and recovery workflows are tested?
There is a lot to consider. But that's exactly what's essential if companies want to ensure they don't have to pay for a cyber-attack or complete data loss with a complete business shutdown. Paul Smit of ForeNova comments:
Performing backups is a given – at least in people's minds. Unfortunately, testing backups and seeing whether it is even possible to restore systems and information, and whether the data has integrity, is not yet. But it should be. The 3-2-1 rule with an offline backup is also increasingly being taken to heart and word is also spreading that backups also fall under the competences of IT security.
But many CISOs and IT admins think primarily of protecting the endpoints, i.e. the backup server and the media. But this is not enough, because professional hackers specifically prepare the attack on the secured information and systems – the last reassurance on which many organisations rely. A security-relevant event that occurs across the network perimeter and immediately encrypts, blocks or even deletes assets, for example, and against which an endpoint detection and response or a firewall does not protect, can only be immediately blocked by a network-level defence.
Thanks to a network detection and response (NDR) that recognises suspicious attack patterns, it is often not even necessary to restore digital resources. An NDR pulls further ripcords in an emergency: a predefined playbook of the software automatically initiates a VMWare snapshot as soon as a suspicious network incident is reported and secures the current system and information status before a possibly successful attack. Above all, NDR provided valuable help in analysing an attack once it had taken place and shows when and how an attack was launched.
Dr. Volker Baier, Principal Consultant Risk Management, NCC Group, adds:
The importance of a backup is demonstrated by ransomware attacks – the preferred 'earning method' of cyber criminals. When it comes to business-critical data or confidential customer information – the 'crown jewels' – the pressure to act increases immediately for companies and authorities.
Once this emergency has occurred, those affected have three options: they can decrypt the files, pay the ransom or recover the data. But suitable decryption tools are not always available and often not all information is available again after a ransom payment. In the worst case, further levels of extortion follow with no guarantee of getting all files back. We also recommend not to respond to ransom demands.
This leaves backups as the 'last line of defence'. To make matters worse, criminals also deliberately target them to cause as much damage as possible. IT managers in companies and public authorities should therefore not only adhere to the familiar backup rules (3-2-1), but also prescribe additional authentication before access and create immutable backups – which they store offline, away from the site or main network.
And because after the attack is before the attack, IT managers need to understand how the hackers proceeded. Because when reverting to a backup, the infrastructure with the same vulnerability that was exploited in the attack comes into play. In addition to a logging mechanism, the should also implement services such as Managed Detection and Response to detect possible further suspicious activity on their network.
Advertising