Guard against ransomware and business disruption with offline backups

September 30, 2020

Laura Loredo, Diana Salazar, and Carlos Sandoval

A major auto manufacturer’s factories and operations around the world were recently paralyzed when a ransomware attack knocked it offline. It was just the latest in a troubling upward trend of high-profile attacks.

In fact, ransomware attacks have been riding on an upward trajectory for the past couple of years, increasing dramatically in 2020, and becoming more insidious in the process. In April, a joint alert from key United States and United Kingdom federal agencies warned of malicious actors using the COVID-19 pandemic as part of their tactics as a notable increase in cyberattacks across sectors and industries ensued.

Corporate enterprises and governments used to be the main targets of cyberattacks, but now any organization with an online presence is vulnerable. The surge in remote working due to the pandemic significantly increases risk as IT departments balance the demands of security, remote access and business continuity. Widespread use of new apps and solutions, credential sharing, unsecured Wi-Fi, weak passwords, lack of encryption and more provide cybercriminals with many opportunities to exploit gaps in security.

Cybercriminals, emboldened by new vulnerabilities brought on by the dramatic and sudden shift to a distributed workforce, are discovering successful ways to use COVID-19 related themes to target enterprises and organizations. They’re also demanding higher fees and using social media to publicize and boast about their attacks. These tactics are being used to inflict more pressure on organizations to comply with demands, on top of obstructing day-to-day business operations and threatening to inflict reputational damage if ransom isn’t paid.

IT professionals at organizations of all sizes are left to navigate a new landscape where cyberattacks have potentially more severe consequences. The constant threat of cyberattacks is exacerbated by numerous factors that organizations are having to consider, perhaps for the first time:

Remote management of data centers: As employees work off premises, security must often be managed remotely, adding complexity – and vulnerability – to data protection.
Distributed workforce: Employees working off-premises increases security and privacy complexities as workers use a variety of devices that may belong to the organization, a third-party vendor or be personally owned. Home settings are likely to be less secure than onsite where IT departments can provide better oversight and assistance.
Bad cyber hygiene: In the interest of ensuring business continuity during the shift to unprecedented levels of remote working, some organizations felt forced to relax security policies and / or employees sought “workarounds.” Overreliance on inherently weak passwords, credential sharing, unpatched vulnerabilities, outdated software, downloading unauthorized applications, all contribute to risk.
Stressed out/stretched thin IT teams: Because of the COVID-9 crisis, IT professionals found themselves very rapidly supporting a distributed workforce while at the same time tending to organizational requests that fell outside of their traditional roles.
Cloud complexity: Increasingly, more business is done in the cloud amid expectations that the cloud is secure. While the cloud enables immediate access to business-critical data, the cloud isn’t a panacea. Cybercriminals increasingly target cloud vendors for gateway access to corporate information.
Lack of resources and budget: As companies struggle with budget cuts, IT departments are under even more scrutiny to perform daily operations with limited resources. Unfortunately, data breaches continue to drive security investment, rather than careful, proactive cybersecurity planning.

Cyberattacks will undoubtedly continue, making it critical for companies to arm themselves with strong security policies that are tied to solutions proven to work. Having a reliable backup system for data is an important building block of a modern data protection plan.

3-2-1-1 – The new ‘Backup Rule’

While companies and enterprises evaluate their security strategy to account for heightened cybersecurity attacks, IT and storage professionals must consider best practices to safeguard their companies’ data in this new landscape. The traditional 3-2-1 “Backup Rule” recommends that at least three copies or versions of data is stored on two different pieces of media, one of which is off-site. The United Kingdom’s National Cyber Security Center (NCSC) recently released guidance about the importance of offline backups as a defense against ransomware, supporting the modification to the rule to a 3-2-1-1 strategy.

Tape Backup Can Be a Game Changer

In a situation like the recent Honda cyberattack that halted operations globally, tape technology’s offline storage could have quickly restored from backups and minimized down time. Linear Tape Open (LTO) is an example of a high-capacity, single-reel tape storage solution that’s an open format and licensed by some of the most prominent names in the storage industry to ensure a broad range of compatible tape drives and cartridges.

Tape technology has the inherent ability to create a physical barrier from a network, securing valuable long-term data from cyberattacks. The core strength of tape technology is that unlike connected solutions, even those with some ransomware safeguards, it offers a completely physical and disconnected air gap. The air gap nature of tape operations, along with its ability to maintain separated data images that cannot be corrupted, allows tape to serve as a fail-safe method against ransomware. Moreover, if a company's entire data environment were to be compromised, tape can restore data at speeds of up to 360 MB/sec native, 750 MB/sec compressed, outpacing cloud solutions.

The use of tape technology helps fulfill the criteria for advanced data protection by adding another layer of defense with offline storage. The air gap created by offline storage is essential to thwarting more sophisticated ransomware and malware that attempts to corrupt live, backup, and archive data simultaneously. Additionally, offline storage ensures that organizations have a copy handy for quick restoration to better handle “hostage” ransomware situations.

To learn more, visit www.lto.org.

Laura Loredo is a World Wide Product Manager responsible for LTO Tape Solutions, located at the HPE Storage development lab in Bristol, UK. Laura is a Computer Engineering graduate of the University of Oviedo, Spain, and holds an MBA in Technology Management. Laura joined HP in 1995 and has worked in the R&D engineering group on the development of LTO technology since conception, starting as a firmware engineer, she later moved to product management where she is now responsible for worldwide HPE LTO products. Laura is a member of the marketing team for the LTO Program.

Diana Salazar is the Product Marketing Manager for the enterprise backup and archive portfolio at Quantum. Subject matter expert responsible for messaging, go-to-market strategy, and execution. Diana also represents Quantum in the LTO Consortium.

Carlos Sandoval is an Offering Manager for World Wide LTO Tape Products, located at the IBM Guadalajara Campus in Mexico. Carlos is an Electronics and Communications Engineer graduate of the University of Guadalajara, Mexico, and holds an MBA in Industrial Engineering. Carlos first joined IBM in 1995 and has worked in IT and process engineering of HDD sub-assemblies until 2008. In 2010 he returned to IBM as project manager for the development of new tape products, and in recent years he has moved to offering manager of physical tape products where he is now responsible for worldwide IBM LTO products. Carlos is a member of the marketing team for the LTO Program.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.