Security used to be easily managed through physical access controls such as locks on file cabinets and key card entry to server rooms. But today, even with a higher level of awareness and more safeguards in place, the risk for data loss or theft is significantly greater. Methods of intrusion that were once limited to a few career criminals on FBI and anti-virus vendor watch lists, have been replaced by thousands of smaller recreational players who have found ways to morph malware and slip it into the hands of unsuspecting users.
Having a comprehensive backup system in place can help offset the impact of a cyberattack. However, if the data has been infected with malware prior to being backed up, the backup data is now also compromised, and of no value to anyone in the organization. In these cases, the malware beats the backup system most likely because of the following pitfalls.
Common network: When critical data is located on the same network as internet-facing systems, an unsuspecting employee can expose sensitive data to a malware attack simply by surfing the web.
No security scan prior to backup: If a file contains malware when the data is backed up, no matter if the process contains encryption, the data will still contain the malware code after it’s backed up.
Embedded malware: When restoring data, if malware is embedded in the backup, the restore places the malware back on the system, where an end user may inadvertently launch it, corrupting the data.
Shared credentials: More than one employee using the same credentials to access the server where the backup is processed might be convenient, but it is highly flawed. If one employee becomes disgruntled or even if one of them lacks the proper experience, backup data can be intentionally deleted or accidentally lost, with no audit trail to follow.
The Short List
The challenge is to ensure the process backs up “clean” data. The following measures can help achieve that goal.
- Air gap
- Malware detection utility
- Restricted access
- Automatic and immediate response
Let’s explore each one.
Air gap: Employing air gaps between certain data systems and other devices that are exposed to the Internet can help protect the more sensitive data. If attacks occur on the Internet-facing systems, the impact will be isolated, and will not spread to the critical data areas.
Malware detection utility: Another source of malware is from internal users and their devices, such as an employee using a tainted memory stick or an infected cell phone to connect to the network, for example. If you include a malware-detection utility in the backup solution, it decreases the risk of infecting a backup when malware has crossed the perimeter.
Restricted access: By eliminating the practice of shared credentials, access to the backup is limited to only the administrators responsible for its set up and operation. No other users or devices are permitted to connect to the servers housing the backup data. This lowers your probability for experiencing an intentional or accidental breach.
Automatic and immediate response: Alerting and monitoring features are crucial for detecting and responding to anomalies and blatant attacks in a timely fashion. These features enable the backup administrators to configure actions that are automatically performed to quarantine or remediate the situation. Therefore, if an attack takes place, disruption to the business is minimized.
By implementing a managed backup solution around these best practices, your chances are significantly greater for preventing ransomware and other malware from getting through your defenses. In the event something slips by, with these proactive measures in place, you can fight back faster and stronger, effectively protecting your organization, its assets and the brand.
Working with an experienced managed services provider, you can customize and automate your data backups so they are simple, secure and ready to be restored.
Read more about Veristor’s Backup as a Service solutions here.