Ransomware attacks are expected to continue increasing in number over the next few years, according to a survey conducted by Omdia. The survey found that 47% of respondents cited ransomware attacks as a significant challenge for their organizations. As a result, it is crucial for organizations to seriously consider the security of their defenses against this ever-evolving threat.
One essential defense against ransomware is a robust backup strategy. By implementing good discipline around data backups, organizations can reduce the effectiveness of ransomware. The ability to restore stolen or encrypted files reduces the need to pay the ransom to regain access to the data. However, avoiding the pointed end of a ransomware attack is not always as straightforward as it seems.
Conventional wisdom suggests following the 3-2-1 rule for data backups. This rule advises organizations to keep three complete copies of their data, with two copies stored locally on different types of media and at least one copy stored off-site. All versions of the data should be subject to regular backups, ensuring that even business-critical data is backed up frequently, potentially once per hour.
Despite these guidelines, many backup strategies are not as robust as they should be. Data is often backed up on-site or to connected devices, replication may not occur frequently enough, and access to the remote backup site can be left open. This leaves organizations vulnerable to attacks that target and disable backup data, ultimately removing their ability to combat the ransomware attack effectively.
To mitigate this risk, backup data needs to receive equivalent focus and protection as operational data. Organizations cannot assume that just because the data is held off-site, it is safe and clean. If a hacker manages to infiltrate the backup data, an organization’s ability to restore business operations or nullify ransom demands can be compromised.
A common misconception is that backed-up files should be duplicated in a safe, disconnected, and anonymous location far removed from operational processes. However, this approach can be costly, impractical, and difficult to manage. It is important to strike a balance between secure backup practices and the practicality of managing the backup process. Making it too easy for the business to manage also makes it easier for hackers.
Ultimately, cybersecurity strategy needs to encompass holistic protection measures. This includes ensuring that all versions of backup data are clean and implementing a reliable import process when needed. The restore process should only occur after thorough screening and cleaning, with complete confidence that the backup and associated devices are not compromised. However, complete removal of ransomware can be challenging since decryptors may not exist for every known strain.
Ransomware should be treated like any other form of cybercrime and fraud, emphasizing the importance of security awareness and overall cybersecurity hygiene. While protecting operational data to prevent ransomware attacks remains a top priority, safeguarding backup files is a close second. The fact that backups are stored off-site does not diminish their importance or mean they can be ignored.
In conclusion, ransomware attacks are a significant and ongoing threat to organizations. Implementing a robust backup strategy is crucial to reduce the impact of these attacks. Organizations must ensure that backup data receives equivalent protection as operational data and that the backup process is secure and reliable. By adopting a holistic approach to cybersecurity, organizations can better defend themselves against ransomware and minimize the potential damage and disruption.