By Ripu Bajwa, Director and General Manager, Data Protection Solutions, Dell Technologies
In the past one year, we have witnessed data being generated at an enormous pace with the increasing adoption of new age technologies. While, this has given businesses a chance to extract valuable insights to ensure better outcomes, it has also allowed cyber criminals to carry out successful ransomware campaigns that may target and eliminate all data copies in an organisation’s IT environment. Unfortunately, it has been found that many organisations are simply not prepared and still remain vulnerable to cyber-threats. Infact, as per a study 69 per cent of organisations globally expressed that they lacked confidence in terms of reliably recovering all business-critical data in the event of a cyber-attack. Today, businesses need an effective backup strategy to recover in case of a cyber-attack. Moreover, this backup strategy must evolve with the ever changing IT landscape to ensure they can fulfil their IT requirement.
Hence, organisations should adopt a few simple and effective steps that protects themselves from regular incidents and cyber- attacks:
- If you have not moved away from tape backups now is the time
Tape backup systems were originally designed to address disaster recovery scenarios using offsite media. The probability of encountering a disaster has always been very low. However times have changed and speed of recovery should not be ignored. Many organisations have turned to disk-based backup solutions. These will provide faster recovery and greater recovery assurances.
- Backup everything you need to recover the business to independently managed systems
Backup all application data supporting important business processes, including management services and data stored in the public cloud. This data should be backed up to separate environments that are independent of the source systems and cloud environment under protection, and should be managed by a separate team. - Data retention can defend against latent cyber-attacks
Keep backup copies for at least 60 days or longer to ensure there is scope to recover from latent cyber-attacks. By retaining copies for longer, we force the adversaries to increase their dwell time which makes it harder on them to remain in the network without being noticed.
- Be smart about where and how your passwords are stored
Maintain proper password management hygiene. Don’t store the passwords of backup systems in the same password vault as the systems they protect. Adopting this policy can help thwart the final phase of an adversary’s latent attack.
- Augment passwords with multi-step or multi-factor authentication
Implement multi-step and/or multi-factor authentication to administrative functions in the backup environment. This will prevent insiders from overriding policy and wiping backup systems.
- Principal of least privilege is your friend
It goes without saying, always follow the principle of least privilege when it comes to securing the backup environment. This will make it harder for adversaries to compromise the control software and systems.
- Audit and analyse to catch them in the act
Ensure all actions carried out on the backup systems are auditable and logs sent to a central Security Information and Event Management system (SIEM). The SIEM should provide inspection, correlation and anomalous behaviour detection on access attempts, backup operations and configuration changes.
- What was old is new again – Immutable data
If the backup system can enforce immutability of backup copies, turn this feature on. Immutable backups ensure the data cannot be deleted before it is due to expire, as defined by retention policies. Consider using a system that supports the highest level of immutability in compliance mode.
- Verify immutability features cannot be easily circumvented
Ensure backup systems immutability feature cannot be circumvented by changing the system clock.. Backup systems should provide defences that prevent the system clock from drifting too far too soon.
- Just because you have a backup doesn’t mean it’s any good
The presence of a backup does not assure recovery. Backups may be incomplete or have been compromised since creation. Test and validate backup data, frequently, using a systematic approach. By testing regularly and proactively, issues can be identified and resolved ahead of time.
- Put some air between your production and backup data with an air-gapped cyber vault
Implement a cyber-recovery vault for the organisations most business-critical data. This
may only represent a fraction of the data and provides the last line of defence with additional controls and inspection, to further counter the threat of cyber-attacks. A cyber recovery vault supports the creation of independent, isolated, immutable, and verifiable copies of the backup copies.
Cyber resilience is not about taking piecemeal measures to detect and hopefully prevent cyber-attacks, ransomware, and other intrusions. It is about having a comprehensive strategy and robust processes in place to ensure the data and applications are secure which ultimately will lead to an increased confidence in their ability to cope with any eventuality. The adoption of the outlined steps can help organisations achieve a cyber-resilient backup strategy that allows them to rely on backups to fulfil their intended purpose, including in the face of sophisticated cyber-attacks.