A common misconception around IT security is that backups equate to ransomware protection. Backups can be crucial to recovery and keeping data safe. However, they are not immune to the ransomware threat.
If an attacker has infiltrated the primary data environment, then it is likely that they were able to infiltrate the connected backup environments as well. The development of more intricate attacks, including attacks designed to lie dormant and undetected for extended periods of time, only put backup copies at further risk.
Can ransomware infect backups? Yes. Luckily, there are strategies available to mitigate the threat that ransomware presents. Below are three tips for data protection beyond relying on a standard backup.
Use air gaps
While a backup can be compromised in a ransomware attack, backups are necessary to restore an environment back to its uncorrupted state. A standard backup runs the risk of being infected by the attack because it is connected to the primary environment. Once attackers have gained access to that environment, the backups are also accessible to them.
Air gapping protects against this by creating an isolated environment with controlled access. This is traditionally done with a physically removable device such as tape, where admins can keep the data disconnected from the larger network. More recently, logical or virtual air-gapping options have become available for online backup media, such as hard disk or cloud.
Emphasize data management
The ability to recover data from a backup — air-gapped or otherwise — during a cyberattack is only part of the battle. IT organizations must know what data is critical to resume operations.
Typically, this is only a small percentage of an organization’s data. However, identifying critical data and locating the last known unaffected copy of this data can be a difficult task. To accomplish this, IT organizations must implement strong data management practices.
Collaborate with data security teams
Recognizing that ransomware can affect backups alongside primary data proves that backups alone are not a comprehensive approach to cybersecurity. Data protection and data security teams must work together to create a layered approach to cyber resilience. Break down silos between data backup and security teams to ensure they can easily work together to mitigate the ransomware threat.
Backup and security staff should collaborate on critical aspects of organizational data protection, such as choosing tools, creating a strategy, and implementing policies that address ransomware prevention, detection and recovery.
Mitch Lewis is a research analyst at Futurum Group. He provides insight into the IT landscape for enterprises, IT pros and technology enthusiasts alike.