The Fight Against Ransomware Calls For a New Backup Strategy
This article was first published in SC Magazine.
When ransomware shut down Colonial Pipeline in May, after a week of deliberating the company finally gave in and paid the ransom. When ransomware shuts down plants that process one-fifth of the meat in the U.S., the parent company paid the ransom. More than one-third of healthcare organizations faced a ransomware attack in 2020, facing the same stark choices. Stories of businesses being unable to recover from an attack and being forced to close down keep most CXO’s up at night. Ransomware has become a scourge that’s already a serious national security issue.
Paying a ransom is bad enough. But consider that on average, security teams could only recover 69% of healthcare data even after the organizations paid and got the decryption key.
The companies and government agencies that end up giving in to the demands of the threat actors do so for understandable reasons. Even if the organization has a backup available, often the associated data loss and disruption to business caused by long restore times are more costly than just paying off the criminals and being done with it.
But sometimes it’s even worse: Cybercriminals have been known not only to encrypt an organization’s data but also target the backups themselves. At that point, most organizations have no viable options except to pay.
If they do, we all pay the price, for the ransom money often gets put to bad purposes, including launching more attacks.
There’s also the threat of extortionware where data gets exfiltrated and the cybercriminals use the threat of exposure to secure ransom payment. Businesses must have the ability to restore data from trusted and secure backups in minutes. And to do that, they need a new backup strategy.
The Issue With Legacy Backups
Backup files are written and read by the same operating system that the business uses for its day-to-day activities. This means that the integrity of the backup system depends on the security of the company’s operating system. Now, if ransomware attackers can hack a system severely enough to encrypt its production data, then the compromised system also puts the backups at risk.
Security pros also have to consider the recency of their backup data. Once-a- day backups leave a whole day’s worth of transactions unprotected. In the digital economy, losing such an enormous amount of data can significantly hurt a business, even putting it at risk of liabilities.
It’s also critical to consider the time taken to restore the data. It can often take several hours to days and disrupt business which most companies can’t afford.
The New Strategy: Air Gaps and Virtualization
Rethinking backups requires considering air gaps and data virtualization.
Air gaps: It’s important to isolate the backup network and remove any system-level access to it, creating an “air gap” between the two systems. Doing this will successfully prevent hackers who manage to access production data from reaching the backup files.
Think of this “air-gapped” backup system as a separate, virtual device that can read and write to the system with the right login credentials. Of course, these credentials must be completely independent of the credentials expected by the main system. Thus, keeping them behind “locked doors” and mostly as read-only data further strengthen their protection.
Virtualization: Having a virtualized copy of data means that the company can restore the backups in minutes, avoiding any significant downtime. What’s more, the security team can backup more frequently or even to real-time, minimizing data loss to the business.
Businesses need to snap out of the “pay up or lose data and time” mindset. That was inevitable with legacy backups. But with more modern data management solutions, businesses can rethink their backup strategy and how to protect themselves from ransomware.