Will data backups save you from ransomware? Think again

In the ever-evolving landscape of cybersecurity, it's no secret that ransomware attacks continue to plague organizations worldwide. As organizations grapple with this growing threat, one of the most critical components of a solid anti-ransomware strategy is a robust backup solution. Research has shown that the median recovery cost for ransomware victims who rely on backups is only half of the cost incurred by those who choose to pay the ransom. However, not all data backup approaches are created equal.

A separate report reveals a sobering statistic: in 93% of ransomware incidents, threat actors actively target backup repositories. This results in 75% of victims losing at least some of their backups during the attack, with more than one-third (39%) of backup repositories being completely lost. So, what sets one backup strategy apart from another? It begins with immutability, but the story doesn't end there.

Ransomware Continues to Wreak Havoc

According to a recent Veeam Ransomware Trends report, a staggering 85% of organizations have experienced at least one cyberattack in the past 12 months. The study surveyed 1,200 IT leaders from organizations of all sizes across 14 different countries in APJ, EMEA, and the Americas. Among the notable findings is the glaring disconnect between IT backup teams and security teams. A concerning 70% of backup administrators and 59% of security professionals believe that there is a pressing need for either "significant improvement" or a complete overhaul in team alignment.

But why are these teams sensing such a wide alignment gap? One possible reason lies in the fact that only 16% of survey respondents managed to retrieve their data without paying the ransom, while 21% paid the ransom but never recovered their data. Astonishingly, 59% ended up paying the ransom to regain access to their data.

Backup Repositories Under Attack

The report also highlights the alarming statistic that malicious actors targeted backups in at least 93% of attacks in 2022, successfully penetrating backup repositories in 75% of cases. Based on this data, Veeam concluded that:

• There is a 75% likelihood that backup repositories will be affected by a cyberattack.
• When affected, 39% of repositories become unusable.
• Nearly one-third (29%) of data restoration attempts are not viable.

Meanwhile, survey respondents estimated that it took them an average of 3.3 weeks until they considered their recovery efforts to be complete. And the reality is that some recovery efforts can drag on for months.

Making Data Recoverable

Only less than 25% of ransomware victims reported that attacks did not affect their backup repositories. According to Veeam, the key to achieving this level of backup protection begins with immutability or air gapping.

Immutability is the answer for 82% of those surveyed, who utilize immutable clouds, while 64% opt for immutable disks. Immutable cloud backup ensures that the backed-up data cannot be modified, altered, or deleted for a specified period, safeguarding it against accidental or malicious changes. Strict access controls and write-protection mechanisms provide an additional layer of protection against modifications to the backup files.

Air gapping, on the other hand, physically isolates a computer or network from unsecured or potentially compromised networks. By disconnecting the system or network from external connections, such as the Internet, an impenetrable barrier is created, making it difficult for attackers to infiltrate or exfiltrate data. Storing backup data on isolated, offline storage media like external hard drives, tapes, or optical discs adds an extra layer of security.

But what if your data backup doesn't just get lost, but gets contaminated? Even with immutability tools in place, the Veeam report noted that 56% of organizations still run the risk of re-infection during restoration.

Data Backup Immutability Plus Scan

Immutable data backup not only creates secure, unchangeable copies of production data but also automatically scans data copies for signs of corruption introduced by malware or ransomware. This scanning can help identify a ransomware attack soon after it’s launched, enabling the identification of data copies that remain unaffected. Armed with this information, backup teams can swiftly detect an attack in progress and recover a clean data copy.

Data immutability and scanning are also crucial for performing the forensic analysis necessary for incident assessment. This helps teams formulate optimal recovery plans and determine the scope of recovery for files, databases, or entire systems.

Reducing Breach Timeframes and Impact

The Veeam report underscores that data backups are just one piece of a robust cyber resilience plan. Four key elements are essential for a resilient backup framework:

1. Data Copy Immutability: This creates secure, unchangeable copies of active production data typically stored separately from production.
2. Proactive Monitoring: Utilizing various data sources and analysis tools to detect malicious patterns, such as access logs, heuristics, and correlation with logs from other systems.
3. Test/Validation of Data Copies: Ensuring data copies are validated clean before further actions.
4. Rapid Recovery: Involves forensic investigation to determine the cause and scope of an attack, extracting data from backup copies for restoration to the production environment.

Truly Effective Data Backup

Investing in a backup strategy is crucial for organizations in today's cyber-threat landscape. However, it's essential that this strategy is fully immutable and equipped for fast recovery from an attack. Data scanning and monitoring play pivotal roles in this equation, making data contamination detectable and breach resolution faster and more straightforward. This approach allows organizations to resume operations in a matter of hours, not weeks.

#Cybersecurity #RansomwareProtection #DataBackup #CyberResilience # JonathanReed