Rampant cyberattacks continue to impact businesses with often devastating results. The World Economic Forum reported in 2022 that cyberattacks worldwide jumped 125% in 2021. Even with the increase in ransomware attacks, cybercriminals are not staying static and are becoming more ingenious as they look for vulnerabilities in a company's defenses. The latest trend is attacking backup copies of mission-critical data. IT organizations within companies rely on backups to quickly recover from a ransomware attack without paying the ransom. But attackers understand that backup copies threaten their criminal enterprise, so they first attack the backup data infrastructure. The cybercriminals delete the backup copies first and then encrypt or exfiltrate the primary production data.
The good news is there are ways to stay ahead of cybercriminals and defend against ransomware attacks that target vital backup data — immutability and air gapping.
Keeping data safe with immutable storage solutions
Immutability is rapidly emerging as the last line of defense against ransomware. An immutable storage solution continually protects data by taking snapshots every 90 seconds. These snapshots allow users to go back to specific points before an attack and recover entire file systems in minutes. As a result, even if a cyberattack is successful, the information will be quickly and easily recoverable to a very recent point in time.
If backup data is immutable, then the data can't be altered by administrators or ransomware. There will always be a series of recovery points, ensuring that data remains protected. This immutability can also bridge the security and the operational infrastructure teams, which have traditionally been siloed. That means these two groups can speak the same language and work together in the face of cyber threats.
An essential element of immutable storage is intelligent data tiering. An ideal storage system will use analytics to identify frequently used data that the organization should always back up and seldom-used data that doesn't have to be. It gives organizations an intelligent, tiered data architecture that provides rapid access to mission-critical information. For example, legal documents at a law firm are automatically qualified as data that needs to be retained in its original form without being altered. Another example is a financial services company that may automatically classify journals and ledger entries as mission critical. Organizations can feed those classifications into their backup and disaster-recovery policy, which translates into greater protection against a ransomware attack and the ability to go back and recover historical point-in-time data.
Protecting data with air gapping
Air gapping is one of the most practical and effective ways to secure backup data against a ransomware attack.
There are two types of air gapping. The first is traditional, physical air gapping, in which an organization disconnects the digital asset from all other devices and networks, creating a physical separation between a secure network and any other computer or network. Organizations store backup data on media such as tape or disk using a physical air gap, then disconnect these media entirely from their production IT environment.
The second type of air gapping is called logical air gapping. A logical air gap relies on network and user-access controls to isolate backup data from the production IT environment. It's like a one-way street on which data is pushed to its intended destination, whether a storage device on-premises or a custom appliance. The key here is that the control and management of that data, such as how it is retained or who can modify it, is unavailable through that same system or path. Anyone who wants to manage or alter the data must use entirely different authentication channels.
Implementing a robust backup plan
As cybercriminals continue to explore different ways to infiltrate businesses, it is not an "if" situation, but more of "when" an organization will suffer from a ransomware attack. It is a business imperative to implement a robust and reliable backup and recovery plan. Organizations also need to stay vigilant and continuously review and update their defenses. Immutability and air gapping are two defenses that will allow a company to safeguard all copies of its data, whether it is a backup, primary or secondary.
