INVITED OPINION by Mark Lukie, APAC Sales Engineering Manager, Barracuda: Ransomware attacks continue to top the list of IT security concerns for many organizations. They can be disruptive, detrimental, and very expensive to resolve. Indeed, Office 365 Backup Status Survey highlighted that 67% of Australian businesses are concerned about data being backed up outside of their geographic residence and 69% are concerned about compliance with data privacy requirements.
A recommended defense against these attacks is to have a strong data backup strategy. The logic is that if an attack occurs and data is encrypted, the target organization can quickly restore files and return to normal operations.
The problem, however, is that cybercriminals are well aware that reliable backups can allow an organization to ignore their ransom demands. As a result, many go out of their way to attack backed up data as part of their initial attack.
If they can gain administrator access to a target’s IT infrastructure, they can place backups and encrypt them alongside production systems. If this happens, the victim’s only options are to pay the ransom demand or lose access to their data permanently.
There are two steps organizations can take to protect backed up data. Is it so:
Create immutable backups: A key strategy organizations can adopt to reduce the likelihood of losing access to critical data is to create immutable backups. These are copies of data that cannot be altered or encrypted.
In most cases, unauthorized access to immutable backups is prevented by allowing access only through a highly secure interface. Immutable data is also written once and never updated.
Introduce an air gap: Creating a physical or ‘air’ gap between backed up data and the Internet can significantly improve security. Options include backing up to tapes that are stored off-site or using a highly secure cloud storage facility.
Maximize cybersecurity defenses
In addition to creating immutable backups and introducing a breathing space into an organization’s data protection regimen, there are a variety of other tactics that can be used. Together, they will create a secure data infrastructure that will significantly reduce the chances of a successful ransomware attack.
Recommended tactics include:
Introduction to multi-factor authentication (MFA)– Having MFA in place will help prevent cyber attackers from accessing targeted systems through the use of stolen login credentials.
Using a Linux operating system: Leveraging a hardened Linux operating system means your backup infrastructure will be much less susceptible to malware and ransomware attacks. This improves security by preventing unauthorized code from running.
Integrate local backup and offsite storage routinesNote: For data to be secure, it is necessary to back it up regularly and also send copies to an “air gap” secure location. It is important that routines are established for this to happen like clockwork.
Follow a principle of least privilege access: Ensuring staff only have access to the IT resources they need to complete their roles reduces the risk of cybercriminals obtaining stolen credentials that grant them full administrator privileges.
No use of network sharing protocols: Data backups that are stored on network-attached storage devices using protocols such as Network File System (NFS) or Common Internet File System (CIFS) are easily found and hacked. These protocols should not be exposed.
Implement end-to-end encryption: Using end-to-end 256-bit AES encryption on all data means an attacker will never be able to read it. All communication with storage devices can be done through an encrypted VPN tunnel.
Following a 3-2-1 backup strategy
To further strengthen backup defenses against a ransomware attack, more and more organizations are following a three-two-one strategy.
This strategy requires an organization to have at least three copies of all data at all times. This must be one production copy and two identical backup copies.
In addition, at least two different types of physical media must be used to host the data. This means that if one crashes or becomes corrupted, the other can still be used for recovery.
Finally, it’s important to keep at least one backup offsite. This means that if there is a disaster, such as a fire or criminal theft, the data can still be restored.
The threats posed by ransomware are unlikely to abate any time soon. Microsoft recommends that organizations use third-party backups for their Office 365 data. Using a cloud-native backup solution can offer fast backups, better performance, and instant scalability, while multiple offsite copies of your backup files ensure redundancy and security.
By following these steps, an organization can ensure that it is in the best possible position to recover in the event of an attack.