Jan 07 2021

Using Backups to Foil Ransomware: 6 Questions to Ask

As cyberthreats evolve, the right data backup strategy can reduce risk. Here’s what companies should ask to ensure their backups are up to the task.

Ransomware is on the rise. According to IT industry leader Veeam, ransomware attacks now collectively cost companies more than $20 billion each year as attackers seek out new ways to compromise corporate defenses and capture critical data.

Not surprisingly, 2020 has made matters worse. As noted by Security magazine, the COVID-19 pandemic sparked a 72 percent increase in ransomware growth, while Threat Post highlights new attacks related to recent vaccine rollouts. Put simply, ransomware remains one of the top ways for malicious actors to generate ill-gotten gains, often by convincing companies it’s better to pay up than risk the dissemination or destruction of their data.

Robust data backups offer a way for companies to avoid the inherent risks of ransomware — as long as the backups work as intended. If a business can simply deploy an effective backup, paying a ransom to unlock data is unnecessary. To ensure best-laid protection plans do not go awry, however, it’s critical for business owners, IT leaders and security professionals to ask six key questions.

1. Are we following the 3-2-1 rule of backups?

Think of it as the golden rule for backups: three copies of data on two different media types with at least one offsite. In practice, this often means one backup is stored on local hard drives, a second committed to tape and a third stored offsite and in the cloud.

DISCOVER: Protect your organization's data against future threats.

But Jamie O’Hearn, technical partner manager for Veeam at CDW, suggests adding a fourth digit: zero. As noted by O’Hearn, “zero refers to zero errors — and speaks to the ability of companies to complete a secure backup process.” Veeam’s Secure Backup offering allows enterprises to conduct a full virtual restore on demand to ensure written backups are recoverable.

2. How are we securing data backups themselves against attack?

It’s also critical for companies to consider how backups themselves are secured against a potential attack. O’Hearn points to two common options: the write once, read many method, or WORM; and immutable object storage.

Used in tape storage, the WORM approach “means data can’t be overwritten or deleted. Ransomware can’t change the tapes.” Immutable object storage, meanwhile, is managed by a cloud service provider and delivers the same effect in practice: Data can only be read, not written. Companies can set up a cloud storage bucket with built-in immutable object storage; Veeam improves the operation by empowering companies to point specific backups at particular buckets and then sets clearly defined termination dates.

3. Are our data backups clean?

Backups only deliver protection against ransomware if they’re clean and uninfected. As a result, companies must regularly scan backups to ensure they haven’t been compromised. Veeam’s Secure Backup and Restore solutions use multiple third-party anti-virus platforms to verify the absence of malware. “If ransomware is detected,” says O’Hearn, “end users can either abort the restore process or restore it into a secure, isolated virtual environment.”

4. What are our RPO and RTO?

Recovery point objectives and recovery time objectives are critical to ensure companies can get back to business as usual. While there’s no one-size-fits-all standard for RTOs and RPOs, O’Hearn recommends using tools that let companies dial in the best combination of long-term prevention and immediate replication strategies to meet recovery needs.

5. How often are data backups tested?

Regular backup testing helps ensure these data defenses are prepared to go live if ransomware strikes. The challenge? Creating and managing testing schedules is often complex and time-consuming. As O’Hearn notes, “the tools offered by Veeam are all automatable — you can set them to run at specific times, such as the middle of the night, to reduce downtime, and on daily, weekly or monthly schedules.”

6. Is our data recovery strategy working?

It’s one thing to create a recovery strategy; it’s another to confirm the process is working as intended. Are RPOs and RTOs being met? Every time? If not, what’s the margin of error? And more important, what can companies do about it? O’Hearn points to practical solutions such as Veeam’s Ability Orchestrator Version 3, which has readiness reports for RPOs and RTOs, notifying users if objectives aren’t met and then suggesting practical adjustments.

Despite best efforts, it’s impossible for companies to prevent every malware attack. As a result, O’Hearn highlights the need for detection, mitigation and recovery at speed — the ability to find ransomware as it occurs, ensure backups are ready for action and regularly test restoration strategies to ensure recovery processes can meet critical RPOs and RTOs.

Brought to you by:

scyther5/Getty Images