By: John Schroeder on August 31st, 2022
The Best Defense for Ransomware is Data Backup
The success of ransomware attack methods has created a commodity market for criminal activity. Transactions are fast and focused on volume, and methods rapidly change with social and financial trends.
When it comes to ransomware prevention and protection, data backup is easy to overlook – but it may be one of the most valuable tools to protect against ransomware damage. System restoration from data backup is reliable, uncomplicated, and a fitting response to loss caused by a ransomware incident. Let’s take a step back and consider the three pillars of cybersecurity.
The Three Pillars of Cybersecurity
- Administrative security includes policies such as password complexity, non-shared accounts, awareness training, and least-privilege access
- Logical security is multifactor authentication, file share permissions, and activity logs
- Physical security is storage encryption, facility perimeter controls, and data backups
Each Pillar contributes to the prevention of ransomware, but what helps you after an incident?
Data backup has evolved from complex protection against equipment failure and application errors. Modern data backup is highly available and hardware-independent with flexible and simple controls. If you’ve been in IT for a while, you may have once been responsible for changing tapes every day in a backup drive or sending cases full of tapes to an offsite storage facility. Tapes and tape drives are still valuable, but they’re expensive, and the technology changes every few years, making it difficult to maintain compatible equipment. With the advent of cloud storage, data backups and restoration have shifted from the responsibility of senior IT engineering to tasks that can be supported by entry-level IT staff and – in some cases – end users. Modern data backup and restoration solutions provided by MSPs are low-cost, multi-benefit services that run unattended, 24/7.
Additional Advantages of Modern Cloud Data Backup Include:
- Eliminates proprietary hardware and software
- Easy to configure encryption of transmitted data and data at rest
- Multiple archive versions with easy to manage time stamps
- Multiple levels of admin control; permission to restore files within user groups
- Eliminates location dependencies
There is wide variation in the way ransomware attacks are responded to. Most incidents are not publicized, but there are well-documented cases available from MSP media channels. Some of the best documented cases involve a total lockout of PCs and servers at the MSP and their customers:
To illustrate the value of data backup further, consider this minor ransomware scenario:
Multiple PCs and servers are encryption-locked before the spread of a ransomware attack is stopped. A message on each locked PC provides contact info and payment demands from the attackers. Even if the organization can afford the ransom, there is no guarantee that systems will be decrypted after payment.
After completing remediation steps such as changing passwords and applying patches, a decision must be made about how best to recover locked equipment and data.
A decryption key from the attacker may unlock PCs and servers, but databases could be corrupted due to interrupted transactions and altered system files. With that in mind, the IT team rebuilds PCs and servers from standard images and restores files from backups. As a result, total catastrophe is avoided, with a 24-hour loss of data likely to be the worst-case scenario.
Many organizations are required by regulation or industry compliance to have data backups, but the total value and strength of backups are often discounted. Backup processes reinforce good IT discipline – scoping backup file sets is a great way to get business data owners to discuss priorities and critical requirements; examining the backup practices of a new customer or potential MSP acquisition is a reliable indicator of the health of their IT systems.
Although restoring files from cloud backup might be simpler than traditional technology, it still takes time. Depending on the number of locked-out systems, staff resources, and internet bandwidth, the recovery process could be hours, days, or weeks. Every situation will be different, but in almost every case, some data can be restored from backup files.
Bear in mind that good data backups and restoration capabilities are not a single security solution. They are necessary components of a strong cybersecurity foundation, but access management, endpoint protection and encryption, logging, and all other essential tools are necessary to support IT operations and prevent ransomware.
As businesses find ways to slow spending, backup should never be overlooked. To learn how Collabrance can help protect your business and that of your customers, see our security solutions or reach out to our team.