Ransomware attacks continue to evolve, targeting not just your primary data but also your backups. As more businesses rely heavily on backups for disaster recovery, attackers are focusing on these critical safety nets to maximise their impact. So, how can you ensure your backups remain safe and effective in the face of these threats?
Why Backups Matter more than ever
Backups are your last line of defence when ransomware hits. If your main systems are compromised, clean backups mean you can restore operations without paying a ransom. However, if attackers can reach your backups and encrypt or delete them, the situation becomes far worse.
In fact, recent ransomware campaigns have shifted to first infiltrate backups, ensuring victims have no way out but to comply with demands. This makes protecting backups a top priority for every business.
Before we outline the best practices below, it's worth noting that these are largely aimed at business users. However, the general principles also apply to personal users, especially those that work from home and may have important data that exists only on their machine for an amount of time. The short version of the best approach in these cases is to:
a) Make sure you have a backup of anything important that only exists on your device, be that personal data or data relating to the company you work for, and
b) Make sure at least one version of that backup isn't directly accessible from your machine By all means back up to the cloud as well, but remember that if your machine can always access that, so can anything that has compromised your machine.
Key Strategies to Protect your Backups
1. Implement the 3-2-1 Backup Rule
This classic rule is still a cornerstone of backup security:
3 copies of your data - one primary and two backups.
2 different media types - for example, a local NAS and cloud storage.
1 copy offsite - physically separate from your main location to avoid local disasters or attacks.
Following this rule adds layers of resilience and reduces the risk that ransomware can corrupt all copies.
2. Use Immutable Backups
Immutable backups are data copies that cannot be altered or deleted for a set period. This is a game changer against ransomware, which relies on modifying or erasing backups to force payment. Look for backup solutions or storage systems that support write-once-read-many (WORM) technology or snapshots with immutability features. This ensures your backups remain untouched even if the attacker gains access.
3. Separate Backup Networks and Credentials
Never store backup systems on the same part of your network as your main operational systems. Use network segmentation and firewalls to isolate backups and restrict access. Additionally, use unique credentials for backup administration. Avoid shared or easily guessable passwords, and enforce strong authentication methods like multi-factor authentication (MFA).
4. Regularly Test Backup Restores
Backups are only useful if they can be restored quickly and reliably. Regularly perform test restores to validate backup integrity and recovery procedures. Test restores also help identify any unnoticed corruption or ransomware contamination in backups before a real disaster strikes.
5. Monitor and Alert on Backup Anomalies
Set up monitoring tools to watch for unusual activity around backup data and infrastructure. Sudden spikes in backup size, deletion attempts, or access outside of scheduled windows can all indicate a ransomware attack in progress. Automated alerts you a chance to respond before backups are compromised.
6. Keep Backup Software and Systems Updated
Vulnerabilities in backup software and devices can be exploited to bypass protections. Regularly apply patches and updates to ensure your backup environment is hardened against known threats.
7. Educate Your Team
Human error remains a leading cause of security incidents. Train staff on the importance of backup security, phishing awareness, and the risks posed by ransomware.Awareness reduces the chance that attackers gain initial footholds that lead to backup compromise.
Backups are a critical pillar in your cybersecurity strategy, but only if they are well protected. With ransomware attackers increasingly targeting backups, taking proactive steps like immutability, network segregation, and vigilant monitoring is essential. By following these best practices, you can rest assured your backups will be a reliable safety net when you need them most.