Take a combined approach to cybersecurity and data protection, writes Paul Brunyee, EMEA Pre Sales Director at the data and ransomware protection product company Arcserve. Data protection goes beyond “immutable back-up”, he says.
Not one week goes by without another stark reminder of the threats posed by cybercrime to UK businesses. The National Cyber Security Centre (NCSC) recently reported that it had handled more than three times as many ransomware incidents as in the previous year. And, the vast majority of European Law Enforcement professionals still consider ransomware to be the biggest criminal threat to public and private organisations in Europe, according to Europol’s most recent Internet Organised Crime Threat Assessment, despite the widespread underreporting of incidents. However, with all these widespread warnings by experts in the private and public sector, why are so many companies still failing time and time again to implement viable, reliable solutions for the damage ransomware can cause to their businesses?
Part of the reason for this is that effectively bouncing back in the wake of a ransomware attack requires a level of planning and foresight that goes beyond simply making your organisations backups “read-only.” Though recently, implementing this type of backups has been portrayed as a catch-all solution for ransomware. Modern businesses are evaluated not just based on their ability to recover from attacks, but on their ability to recover from them as quickly as possible. Our recent study found that over a third of UK consumers would be willing to switch to a competitor after a mere 24 hours of waiting to access their information or make a transaction. That number increases to 66% if an organisation cannot restore systems in the three days following a cyberattack. Therefore, simply having “read only” backups is of little utility, because even though cyber criminals can do little with these backups, neither can you, which can significantly limit the speed of recovery. So, what is a viable alternative strategy for recovering quickly and maintaining business continuity as ransomware threats continue to expand?
On-premises storage
Businesses focused on the speed and the quality of recovery should be wary of being entirely reliant on public cloud for their backup. Though public cloud has a myriad of benefits such as flexibility and scalability, it’s hard to match the sheer speed of recovery available in an on-premises solution – particularly in the case of a costly ransomware attack where multiple terabytes of data might need to be recovered. Pulling data entirely from public cloud also assumes that your environment is already recovered or rebuilt after a ransomware attack, which isn’t necessarily the case.
This isn’t to say you have to rely solely on on-premises backup for all your needs, many businesses would be best to consider a hybrid cloud model. After conducting a thorough audit and assessing your recovery point objectives (RPOs) and recovery time objectives (RTOs), you can choose the data that is most business critical and requires the most protection (confidential patient data for example). You can ensure this “crown jewel” data is continuously backed up onto an on-premises solution and then still move your “colder” data to cheap public cloud later – the best of both worlds. Implementing a hybrid cloud infrastructure, using some form of on-premises backup solution, may allow you to get your systems up and running at higher speeds than your competitors if the worst does somehow come to the worst (without sacrificing any scalability in the process).
Rather than relying solely on immutable backup for business continuity, a multi-layered approach that emphasises both proactive cybersecurity and distributed backup, can prevent an attack slipping through the net in the first place, and also provide multiple recovery options should the worst happen. Ideally, this means having state-of-the-art cybersecurity capacities that are able detect threats as they continue to evolve. However, this is made difficult by the fact that today’s hackers, such as those using the EKANS ransomware currently plaguing manufacturers, are now going after backups of a company’s data with the same aggression as the primary systems themselves. Backups should instead be treated as a form of critical infrastructure, with the same extremely high level of cybersecurity coverage.
Unfortunately, in the current uncertain economic climate, few organisations have the capacity to pay separate teams or purchase expensive solutions for both the cybersecurity and backup function. A viable alternative is look for solutions which combine data protection and cybersecurity and can be implemented with a minimum of human interference. This will also free up your IT teams’ time to have more visibility of potential threats, or simply to focus on other productive activities.
Immutable storage is touted as the cure-all for ransomware, but remember that ransomware can lie dormant for a long time, so if you back this up to immutable storage, you can no longer remove or quarantine it. Immutable backup can be one part of a much wider ranging solution, but it should not be “the solution”.
Instead, using a proactive cyber security solution to protect the backup infrastructure can help prevent any ransomware compromising the backup system and data. Having the ability to scan backup images for malicious code should generally be made a higher priority too, because how do you know if you have backed up the ransomware inadvertently? Furthermore, distributing the backup copies to multiple locations, onsite and potentially to the cloud, follows the NCSC recommended 3-2-1 and air gap best practices. Organisations should proactively seek out solutions which effectively combine different parts of the puzzle. A combined approach incorporating state of the art cybersecurity and on-premises backup, and which respects the importance of backups as part of critical infrastructure, represents a superior solution for companies who take their business continuity seriously.
