With the proliferation of cloud services, many small businesses don’t give much thought to backing up their data. All of which is fine if they use solutions like Office 365 and OneDrive, or a cloud-based ERP. But they forget to go the extra step and backup workstations, PCs, or maybe the odd NAS the “IT guy” has lying around. Enterprises with on-premise servers and storage require and usually have more robust backup systems in place.
With cryptolocking hacks on the rise, backups alone are not enough. It is more important than ever to “backup your backups.” There are several best practices companies of all sizes should adopt to secure backups. But let’s start with why it matters.
Cybercriminals have grown more sophisticated, intelligent, and organized. It was not that long ago that they might encrypt workstations or network drives before someone managed to stop them. Restoring the data was simply a matter of recovering from backup and potentially reimaging some desktop PCs.
Now criminal organizations gain access to your network and take their time to infiltrate your systems and find your most vulnerable assets, like backups. They encrypt or delete backups to prevent you from restoring your data. This increases their leverage and makes victims more likely to pay a ransom.
In a late-2019 cyberattack against global FX company Travelex, CIO Dive noted, “It’s likely the cybercriminals were lurking on Travelex’s network before initiating their ransomware.” The hack cost the company a reported $2.3 million.
Why is your network now at risk?
Hacking is a business now run by criminal organizations. They study your network to find the systems most vulnerable to attack. They determine which devices contain your backups and databases. Then, they go in and start a strategic attack focusing on your most vulnerable areas first.
If you don’t have multi-factor authentication (MFA) enabled, all they need is access to an admin account to start the process. Once that account is breached, the damage can be tremendous.
It’s a little like a ticking time bomb. Cybercriminals don’t immediately start attacking. They often take their time to get an inventory of your servers, workstations, along with a list of users. When monitoring these often vulnerable systems is inadequate, attackers can almost wait as long as they like. And then, one day, at the most inopportune time, when you least expect it, they attack. By then, it’s too late.
How to protect your enterprise backups
There are many ways you can protect your organization from the types of attacks you read about in the news. Aside from staff training, protecting against ACH phishing, the following best practices go a long way to improving the security of your data and business.
In the simplest possible terms, “a snapshot is the state of a system at a particular point in time.” It’s a common feature of many file systems, and you must have a process to take snapshots of your data.
Physical air-gapped backups
With crypto-ransomware attacks targeting backups, keeping air-gapped (offline) backups can be an extremely effective way to protect your data. It is the process of physically moving a copy of your data to a remote location not connected to the internet. The downside is that it’s a time consuming and labor-intensive activity.
We believe the pros significantly outweigh the cons. In doing replication, in many cases backups are accessible by an administrator. If the business gets hacked, the criminals can delete the backups thereby negating their value. An air-gapped backup effectively neutralizes this threat.
Cloud backups of on-premise file storage
On-prem backups are potentially at risk because they typically stay attached to the network. An alternative to a physical air-gapped backup is to use cloud solutions like Azure and AWS. They are significantly more secure than backing up exclusively to a local drive, NAS, or connected external disk and have the added advantage of being easier to implement and maintain than using a remote location you need to courier or drive your backups to.
Another advantage of using the cloud for your backups is that storage can replicate to another storage device in another region. This allows you to benefit from geo-replication even if your data is on-premise.
Cloud Soft Delete States
A “soft delete state” is kind of like a recycle bin that cannot be emptied without an authorized user first giving the cloud provider authorization to do so in writing. In the case of Azure, there is no way to permanently delete data in a “soft delete” state for 14 days. This gives you two weeks to be able to restore your environment after an attack.
How things have changed with Azure Soft Delete
In the past, in an on-prem data center, ransomware could encrypt all of the servers, workstations, and backups. Many times, the only way to recover from this was an air-gapped backup.
With Azure Soft Delete, anything deleted goes into a soft delete state for 14 days. Even if an Azure admin account is compromised, attackers can’t go in and permanently delete the data. In order to delete something, you have to open up a service ticket with Microsoft and provide written consent that you want to delete the specific item.
Is it time to move to cloud for backups?
Cloud is a viable option for your backups, whether an SMB or enterprise. Companies like Microsoft are thinking seriously about the ransomware problem. With solutions like Azure’s Soft Delete included out-of-the-box, now is the time to ask your IT team what would happen if you were hit with the ransomware attack tomorrow. Ask which of the standards and best practices mentioned in this post are in place to protect your business. If not, discuss their next steps. Do they have the bandwidth to get it done? If not, perhaps we can help.
While it’s true that attacks have grown more sophisticated, intelligent, and organized, using the methods defined in this article improves your chances of recovering from a disaster. No-one wants to be the next Travelex.