In today’s digital age, the significance of robust cyber security measures cannot be overstated. Cyber threats are evolving rapidly, and organizations must stay vigilant to protect their sensitive data and systems. Backups play a crucial role in any cyber security framework, offering a safety net in the event of data breaches, ransomware attacks, or other cyber incidents.
In a recent technical webinar, Wilson Nheu, CEO of BackupAssist, shed light on the role of backups in cyber security frameworks and cyber insurance in Australia. This blog delves into the key takeaways from the webinar.
Note: While this article focuses on Australia’s cyber security frameworks, it’s worth noting that the US has the NIST framework, which shares some similarities with the Essential 8 but also has distinct differences in its approach and scope. |
Understanding the Essential 8
The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) has developed the Essential 8, a set of eight mitigation strategies to help organizations bolster their cyber security posture. These strategies are designed to protect against various cyber threats and are publicly available for free. The Essential 8 Maturity Model outlines four levels of maturity (0-3), with higher levels offering more comprehensive protection against complex cyber attacks.
While all eight strategies are vital, this blog focuses on the controls for regular backups, a cornerstone of any effective cyber security plan.
Controls for Regular Backups
The ACSC outlines 11 specific controls for regular backups, with the maturity level progressively increasing for each control. These 11 controls can be boiled down to:
- Perform and Retain Backups: Organizations should perform and retain backups of data, applications, and settings according to business criticality and continuity requirements. This involves classifying data, determining recovery point objectives (RPO) and recovery time objectives (RTO), and deciding the frequency and retention period of backups.
- Synchronization: Backups should be synchronized to enable restoration to a common point in time. This is crucial for applications like databases, where related files must be restored together. Using point-in-time snapshots, such as VSS snapshots, ensures consistency across all files.
- Secure and Resilient Storage: Backups must be stored securely and resiliently. This includes using offsite and offline backups, ensuring reliable backup processes, encrypting backups at rest and in transit, and having quick access to backups when needed.
- Disaster Recovery Testing: The ACSC recommends full disaster recovery tests at least once a year, rather than simple file restore tests. However, we strongly recommend that you carry out more frequent, and better yet, automated testing of your backups to ensure their reliability.
- Access Control: Backups should be protected from unauthorized access and modifications. Unprivileged accounts should not access or modify backups in order to meet maturity level 1 requirements. However, this control also needs to extend to privileged accounts for higher maturity levels to protect backups from more sophisticated cyber attacks.
- Immutable Storage: Implementing immutable storage solutions can prevent the modification or deletion of backups during their retention period. This adds an extra layer of security, ensuring data integrity even if the backup administrator account is compromised.
Cyber Insurance and Backups
As cyber threats increase, so does the importance of cyber insurance. In Australia, the cyber insurance market is expanding rapidly, with a growth rate of approximately 20% year-over-year. However, only about 20% of SMEs currently have cyber insurance, highlighting a significant gap in coverage.
Cyber insurance provides financial protection against losses resulting from cyber incidents, including data breaches, ransomware attacks, and business interruptions. Insurers typically assess an organization’s risk exposure through detailed questionnaires, focusing on various aspects of cyber security, including backup practices.
Some key questions related to backups in cyber insurance assessments include:
- Do you regularly back up all sensitive and critical data?
- Are backups stored offline and offsite to protect against network-based attacks?
- Do you have a comprehensive disaster recovery plan, and is it tested annually?
Effective backup practices not only enhance an organization’s cyber security posture but also influence their cyber insurance premiums. Organizations with robust backup strategies are perceived as lower risk, potentially leading to lower insurance costs.
Conclusion
The webinar by Wilson Nheu underscored the pivotal role of backups in cyber security frameworks and cyber insurance. By adopting the ACSC’s Essential 8 strategies, organizations can significantly improve their resilience against cyber threats. Regular, secure, and well-tested backups are critical components of a robust cyber security plan. Additionally, these practices can positively impact an organization’s eligibility for cyber insurance and reduce premiums.
In an era where cyber threats are increasingly sophisticated, investing in effective backup solutions and adhering to established cyber security frameworks is not just advisable but essential. As the cyber landscape continues to evolve, staying informed and proactive in implementing best practices will be key to safeguarding digital assets and ensuring business continuity.