Blog

The Fight Against Ransomware Calls For a New Backup Strategy

Once-a- day backups leave a whole day’s worth of transactions unprotected. In the digital economy, losing such an enormous amount of data can significantly hurt a business, even putting it at risk of liabilities.

This article was first published in SC Magazine

When ransomware shut down Colonial Pipeline in May, after a week of deliberating the company finally gave in and paid the ransom. When ransomware shuts down plants that process one-fifth of the meat in the U.S., the parent company paid the ransom. More than one-third of healthcare organizations faced a ransomware attack in 2020, facing the same stark choices. Stories of businesses being unable to recover from an attack and being forced to close down keep most CXO’s up at night. Ransomware has become a scourge that’s already a serious national security issue.

Paying a ransom is bad enough. But consider that on average, security teams could only recover 69% of healthcare data even after the organizations paid and got the decryption key.

The companies and government agencies that end up giving in to the demands of the threat actors do so for understandable reasons. Even if the organization has a backup available, often the associated data loss and disruption to business caused by long restore times are more costly than just paying off the criminals and being done with it.

But sometimes it’s even worse: Cybercriminals have been known not only to encrypt an organization’s data but also target the backups themselves. At that point, most organizations have no viable options except to pay.

If they do, we all pay the price, for the ransom money often gets put to bad purposes, including launching more attacks.

There’s also the threat of extortionware where data gets exfiltrated and the cybercriminals use the threat of exposure to secure ransom payment. Businesses must have the ability to restore data from trusted and secure backups in minutes. And to do that, they need a new backup strategy.

The Issue With Legacy Backups

Backup files are written and read by the same operating system that the business uses for its day-to-day activities. This means that the integrity of the backup system depends on the security of the company’s operating system. Now, if ransomware attackers can hack a system severely enough to encrypt its production data, then the compromised system also puts the backups at risk.

Security pros also have to consider the recency of their backup data. Once-a- day backups leave a whole day’s worth of transactions unprotected. In the digital economy, losing such an enormous amount of data can significantly hurt a business, even putting it at risk of liabilities.

It’s also critical to consider the time taken to restore the data. It can often take several hours to days and disrupt business which most companies can’t afford.

The New Strategy: Air Gaps and Virtualization

Rethinking backups requires considering air gaps and data virtualization.

Air gaps: It’s important to isolate the backup network and remove any system-level access to it, creating an “air gap” between the two systems. Doing this will successfully prevent hackers who manage to access production data from reaching the backup files.

Think of this “air-gapped” backup system as a separate, virtual device that can read and write to the system with the right login credentials. Of course, these credentials must be completely independent of the credentials expected by the main system. Thus, keeping them behind “locked doors” and mostly as read-only data further strengthen their protection.

Virtualization: Having a virtualized copy of data means that the company can restore the backups in minutes, avoiding any significant downtime. What’s more, the security team can backup more frequently or even to real-time, minimizing data loss to the business.

Businesses need to snap out of the “pay up or lose data and time” mindset. That was inevitable with legacy backups. But with more modern data management solutions, businesses can rethink their backup strategy and how to protect themselves from ransomware.

Suggested reading

ransomware blog shield image
Blog

How CIOs Can Protect Data Against Ransomware Attacks in 2022

Here are 4 ways to protect your organization’s most precious asset—data—against the ransomware pandemic.
Blog

Downtime: The Real Cost Of Ransomware

Ransoms are just one portion of the total cost of a ransomware attack. Recovery becomes costly as businesses suffer the majority of their losses through lost productivity, and backups don’t preclude expensive recovery.
Blog

The Next Frontier: Automating Data for DevOps Test Data Management

Delphix has been named as a Sample Vendor for DevOps test data management in 2021 Gartner® Hype Cycle™ for Agile and DevOps, Hype Cycle for Application Security, Hype Cycle for Data Security, and Hype Cycle for Software Engineering in 2021.