This blog post is part of a series of cyber incident top tips, you can view them all here.
Are your Backups Actually your Weakness?
Data is the heart of any business, protecting it and ensuring seamless recovery from any disruptions is not just best practice – it’s essential.
Your backups are a lifeline in the event of data loss or system compromise, promising to restore operations and minimise downtime. However, as ironic as it sounds, your backups themselves can become a vulnerability if not managed and secured properly.
Understanding the 3-2-1 Rule of Backup
The 3-2-1 rule is a widely recommended strategy for backup planning:
- 3 copies of data: Always maintain at least three copies of your data — the original and at least two backups
- On 2 different media: Store the copies on at least two different types of storage media to protect against different failure modes (e.g. hard drive, tape, cloud)
- With 1 off-site copy: Keep at least one copy of the backups off-site and disconnected from the network to protect against physical or logical compromises
This 3-2-1 rule is a pillar of data protection, ensuring redundancy, resilience, and the ability to recover data even in the face of unexpected events or disasters.
The Ransomware Threat Landscape
Ransomware attacks are becoming increasingly sophisticated. According to Veeam’s 2024 Data Protection Trends Report, only 25% of organisations believe they haven’t been hit by ransomware. However, this figure might be lower, as attackers can lurk in systems for up to 200 days before striking. The report also reveals that 96% of attacks target backup repositories, encrypting data to demand ransom at the most opportune moment.
Modern ransomware tactics include infiltrating and disabling backups before deploying encryption malware. By compromising backup systems, hackers significantly increase the likelihood of victims paying the ransom. This underscores the need for robust backup security measures.
The Pitfall of Connected Backup Systems
Imagine a scenario where your backup infrastructure is seamlessly integrated into your network — connected, automated, and perhaps replicating data in real-time. While this setup offers convenience and efficiency for routine operations and quick recoveries, it also presents a prime target for ransomware attackers. Once they gain access to your network, whether through phishing, compromised credentials, or other methods, they can easily locate and compromise these interconnected backup systems. This effectively nullifies the purpose of having backups in the first place. Implementing measures such as Veeam’s four-eyes authentication can provide an additional layer of security by requiring two individuals to approve certain critical operations.
The Case for Offline Backups
In contrast, an older, more manual backup system involving tapes stored in a secure, off-site location, while perceived as outdated, adheres closely to the 3-2-1 rule. The backups are physically disconnected from the network and thus immune to remote attacks targeting online systems. Modern attacks can involve extended periods of infiltration, during which subtle changes are made to avoid detection. If these offline backups are protected, they remain intact and accessible for recovery even if the primary network is compromised.
Securing Your Backup Strategy
To strengthen your defence against ransomware and other cyber threats, consider the following measures:
- Implement air-gapped backups: Maintain at least one set of backups that are physically disconnected from the network. Where possible, include immutability to prevent unauthorised alterations
- Regularly test your backups: Ensure that your backup procedures are regularly tested and verified to confirm their reliability. Solutions like Veeam SureBackup can automate and streamline this process
- Update your backup policies: Integrate with security information and event management (SIEM) systems and employ four-eyes authentication. Veeam’s staged and secure restore features provide added layers of protection and recovery capabilities
- Educate employees: Train your staff on cyber security best practices, including recognising phishing attempts and securing their credentials
Conclusion
While backups are indispensable for data recovery and business continuity, their security is paramount. By adhering to the 3-2-1 rule and ensuring at least one set of backups is offline and immutable, you can significantly reduce the risk of ransomware compromising your recovery efforts. Remember, the strength of your backups can make all the difference between swift recovery and prolonged downtime in the face of a cyber attack.
Need Some Help?
Our operational resilience experts are ready to help you implement robust backup solutions, ensuring your data is always protected and recoverable.
We offer air-gapped and immutable storage to defend against cyber and malicious attacks, with an integrated archive tier to minimise costs for long-term retention.
This blog post is part of a series of cyber incident top tips, you can view them all below:
- Tip 01: Taking advantage of ransomware’s biggest secret!
- Tip 02: Securing your backups from vulnerabilities
- Tip 03: Beware of automated response dangers!
- Tip 04: The importance of disconnecting yourself during a breach
- Tip 05: How to integrate your anti-virus protection with SIEM
- Tip 06: Ensure that your insurance covers cyber incidents
- Tip 07: Preparing for the worst – rebuilding after a major ransomware attack
- Tip 08: Who you should call first during a cyber breach
- Tip 09: Hold onto the evidence – why securing system logs is essential for cyber incident response
- Tip 10: What you need to know to make sure your penetration testing is effective
- Tip 11: Why tabletop exercises are crucial for incident response
- Tip 12: Famous last words – misconceptions before a major cyber breach