As an IT professional in 2016, security is a big concern. That’s why infosec is becoming a larger and larger part of IT budgets around the world as each year passes. But what you may not be aware of is the vital role that backups can play in protecting against or recovering from some of the most virulent security threats to your IT infrastructure. Ensuring your backup practices are best-practice can be a great defense against a lot of vulnerabilities. Let’s take a look at why that is, and how you can ensure yours are up to the job.
Ransomware and Other Nasties
We’ve said it time and time again: when it comes to defeating ransomware, backups are your line of last defense. They’re a must have, and the only sure-fire way to avoid paying a ransom if your system is compromised. What we haven’t covered in as much depth, is the specific backup practices that will help ensure your IT infrastructure is as ransonware-proof as it’s possible to be. Let’s go ahead and remedy that.
In terms of backup strategy the most important thing to consider for all forms of malware, but particularly ransomware, is whether you have reliable image backups within an optimal Recovery Point Objective (RPO). In plain English – can you recover an entire system to a point in time before the infection occurred, that will minimize data loss and limit damage to business operations?
Ensuring your backup practices are up to scratch in this regard means tailoring your backup schedule to address the specifics of your business. Normally, when determining an ideal RPO, you identify exactly how much data your company can afford to lose (i.e. without having a significant impact on your operations) and customize your backup schedule to ensure you can recover accordingly. A ransomware infection is a little different in that it has the potential to go undetected for some time, meaning your RPO may have to adjust to address this.
As an example,you might tailor your backup practices to include daily incrementals, that way even if the infection isn’t caught for a couple of days (for whatever reason) you know you can recover to the day before the infection took place. How you customize your specific schedule will depend on the unique requirements of your business, but ensuring you get it right is the best possible defense against malware.
Physical Security and Sabotage
You’re concerned about infosec, so you place a lot of focus on ensuring your networks are tight to keep hackers out and data secure. But have you considered the more mundane forms of data theft? As we mentioned in an article not too long ago, your backups represent a real goldmine for anyone seeking access to your data – they’re essentially a stockpile of all your sensitive data in one location. That makes them an attractive target.
Now, the 3-2-1 rule of backups stipulates that you need at least 3 backups of all important data, on two different media, with one offsite. Let’s say for the sake of argument that to adhere to this best practice you have a rotation of HDDs that you keep onsite, with one of those going offsite once a week. If one of those devices were to be stolen, either by someone in your office or by a third party while in transit, it could be very valuable to your competitors or others wishing to take advantage of your company. But with one simple addition to your backup practices, you can almost completely mitigate this risk: encryption. Encrypting backups (and this applies to cloud backups that are vulnerable to cyber interception too), makes certain that the entirety of your data can’t be snatched in one fell swoop.
The other physical risk that best backup practices can mitigate is human-caused data loss, whether intentional or not. According to a survey by IT security company Databarracks (via SC Magazine), IT professionals state that the most common form of data loss is caused by human error. A less common, but unfortunately not unheard of, cause is deliberate sabotage by a disgruntled employee. In either circumstance, ensuring that you have regular, tested, reliable backups is your safety-net against physical information security threats.
Malicious Data Manipulation
According to Wired Magazine, one of the biggest security threats IT professionals could face in 2016 may not be data theft, but rather data manipulation. The article states that James Clapper, director of national intelligence, testified to the US congress this year that cyber operations seeking to change data to compromise its integrity, as opposed to simply deleting or stealing that data, is “our next nightmare” because it’s much more difficult to detect. Obviously this has huge implications at the state level, because it means hackers could potentially access financial and stock-trading systems to force market changes, or even change the course of missiles during war. But it also has implications for business, particularly when it comes to corporate espionage or sabotage.
Imagine if you had a less-than-scrupulous competitor who was able to gain access to your systems and alter the data you depend on for business continuity – maybe they alter a product you’re developing to cause malfunction, or tamper with your sales records to affect your business strategy. Of course, this is all speculation, but it’s underpinned by real-world capabilities.
The only way to stop it in real time is constant vigilance by network administrators, but after the fact it’s backup practices that are going to minimize the severity of this kind of breach. If you’re archiving backups, you’ll be able to go back to a point before the attack took place and restore the true data. If you’re not, this kind of threat could be devastating.