Data is the most powerful currency in the digital world; and there are threat actors lurking to breach your network and get hold of your data. Alongside the advancement of information technology, which is at the forefront of today’s digital economy, cybercrime is also developing at an alarming pace – especially in this war-torn world where attacks are expanding from the physical to the cyber realm. Tidings of hacking has become a daily affair. From large enterprises to small- and mid-sized companies, and government agencies, data breaches are rampant everywhere.
Prominent amongst modern cybercrime tactics is ransomware. Ransomware is a security incident where a hacker gains access to sensitive data and employs malware to encrypt it. Once encrypted, the data becomes corrupted and unreadable, and the hacker demands a ransom to decrypt the data and restore access. Typically, a notice demanding ransom is placed on the targeted computer/server where payment instructions to an anonymous party are listed. The victim is left with no choice but to accede to the demand and pay a ransom settlement (running from several thousands to even millions of dollars) lest they suffer data loss, business downtime, compliance violations, and ensuing penalties.
“66% of organizations were hit by ransomware last year, and 84% of them lost business/revenue due to the attack. – Sophos”
In addition to having security tools in place, one of the best time-tested methods for protecting data is to take regular backups and ensure the backups are stored and protected properly. By restoring from a backup, you are falling back to the last known good status of your data, since the current data is either not accessible or has been compromised. When you are at the stage of backup recovery, it means your other protective mechanisms have already failed or been circumvented. Hence restoring from a backup is considered your last line of defense against external attacks.
This makes it all the more important to secure the storage where backups are preserved. If you have a clean backup copy (or multiple copies) in a secure location in non-erasable, non-rewritable format, you can shield your data from security threats, bit rot and even accidental deletion.
Let’s look at some security best practices to store and protect backups from ransomware strikes and ensuring quick recovery in the event of any data loss.
Ensure Data Integrity using Immutable Storage
Cybercriminals are striving hard to breach the security perimeter and break into your file servers and databases to gain access to your data. Ransomware attacks can be averted if your storage is immutable and does not allow any miscreant to tamper with the data. This is achieved with WORM-based (Write Once Read Many) immutable object storage which uses object locking to lock the data for a specified period of time (days to months to even years). Until the time the lock expires, no one can modify or delete the backup files, which means threat vectors can’t get their hands on your data.
Increase Backup Frequency to Recover Quickly and Minimize Data Loss
It is no longer sufficient to be content with daily backups for critical data. Should there be a ransomware attack today and you happen to lose access to production data, you can only restore from yesterday’s backup copy and would lose all data in between. Consider increasing the backup frequency to a few hours or even an hour for mission-critical data so your data losses are significantly minimized in the face of a ransomware incident.
Integrating your backup tools with software-defined storage solutions enables storage snapshots to be taken efficiently, and contribute towards achieving higher backup frequency.
Complement Backups with Other Security and Recovery Measures
- Create an air gap between the production and backup environments by isolating the backup network and remove system-level access to backups. Even if a malicious party has breached into the production system, backups will be secure and off limits.
- Incorporate activity logging and hashing techniques for anomaly detection as part of your storage system. This can help reveal potential bad actors and verify data hasn’t been tampered with.
- For extremely critical data, build multi-level resiliency with replication of backup copies to a remote/DR site(s). This will aid in confident recovery in the event of data loss.
- Leverage encryption of data in-flight and at-rest to bolster security further.
- Consider using endpoint protection and anti-virus solutions on your backup servers for proactive threat detection and mitigation.
Ransomware attacks cost an average of $4.62 million. This includes escalation, notification, lost business, and response costs; and excludes the cost of ransom.
Cost of a Data Breach Report, IBM Security
Bonus Tip: Follow the 3-2-1-1-0 Golden Rule for Backups
- Maintain at least 3 copies of data
- Store data on at least 2 different types of storage
- Keep 1 data copy in an offsite location
- Have 1 other data copy air-gapped
- Ensure 0 errors throughout the lifetime of the backup data
Attain Ransomware Resiliency with DataCore Swarm
DataCore’s secure on-premises object storage solution, Swarm, delivers robust data protection capabilities to safeguard your backups from ransomware and other security threats and data loss due to disasters and hardware failures. Archive and preserve large volumes of data for as long as needed and comply with regulatory mandates.
Verified by popular tools such as Veeam, Commvault, Rubrik, and Veritas, Swarm serves as a scalable backup target for your growing backup storage needs. Scale from a few hundred TBs to multiple PBs in no time. With just minimal administration effort you can effectively manage and protect all your backups within your data center as per your security policy. Reinforce your backup, replication, and recovery strategy and fight off ransomware with the help of Swarm object storage.