When we talk about cybersecurity, words such as defence, prevention and mitigation spring to mind.
It’s a mindset that forms the bulk or entirety of many organisations’ security efforts: if you stop an attacker in the first instance, there’s no chance that they can succeed.
Unfortunately, this approach alone is no longer adequate in the face of today’s sophisticated threat landscape.
In recent times, we’ve seen countless examples of companies that would have considered their security protocols to be watertight, leaking when put under pressure. Why? The simple fact of the matter is that no organisation can ever be considered 100% secure.
New vulnerabilities are emerging and being exploited all the time. Take Log4J as an example. Uncovered as a vulnerability publicly on December 8, 2021, it was given a rare 10 out of 10 vulnerability score by the National Institute of Standards and Technology (NIST), owing to its unique combination of being easily exploitable and highly damaging.
Identified as a highly concerning and previously unknown weak point, attackers quickly set about attempting their exploits. The first attempt occurred just nine minutes after publication, rising to a total of 40,000 within 12 hours and 830,000 by the time a patch was released to the public three days later.
Of course, preventative methods like endpoint detection and response (EDR), zero trust access and the training of employees in detecting social engineering attacks, such as phishing, all have their place on the security roster. But no matter how prepared a company’s defences are, there’s always a possibility that malware will get in – or that a user will make a mistake resulting in the loss of vital data.
Recovery is therefore just as important as mitigation in ensuring business continuity.
Why you need a multi-layered backup strategy
Thankfully firms are recognising this, establishing backups as a means of responding to attacks. Indeed, a 2020 report by Acronis revealed that as early as two years ago, nearly 90% of companies were backing up the IT components they were responsible for protecting.
Of those companies that have formal data backup procedures, more than half (55%) rely on the cloud as their primary backup location, according to respondents to Apricorn’s latest Twitter poll. However, only 36% of respondents believe this is the most failsafe place to store data securely.
Businesses today depend heavily on cloud storage – and quite rightly, as it offers a convenient, fast and secure way to back up critical information off site. However, relying on this (or any other solution) on its own, leaves organisations vulnerable to a data breach or loss. If a cloud provider experiences downtime or suffers a cyber-attack, for example, data is at risk whether an SLA is in place or not.
For this reason, companies should look to develop a multi-layered backup strategy. By maintaining a physical backup location off-site that complements the use of the cloud, companies can retain an element of control, ensuring they can always recover and restore from a clean, protected data set.
Of course, this is easier said than done. So, what’s actually required to develop a 360-degree, layered backup strategy that not only incorporates offline and online backups but plays to the strengths of both to cover all eventualities?
First, you need to identify and implement a solid set of best practices that will form the foundations of any reliable and effective backup strategy.
Companies should adopt complementary procedures, such as making multiple backups, multiple times a day in an automated fashion to minimise the impact of any potential data loss.
Here, the 3-2-1 rule is an easy guiding principle in developing a resilient backup strategy which stipulates the following: you need a minimum of three copies of data (one primary copy, and two backups); on at least two different media; and with one dataset stored off-site (and ideally offline).
Ransomware attackers will typically target backups in order to stop companies from restoring the data that they exfiltrate and encrypt, forcing them to pay their ransom. By both geographically distributing backups, as well as creating readily maintained offline and online versions, these threats are mitigated.
Of course, the benefits of creating backups are somewhat diminished if you can’t leverage them effectively in critical moments.
Sophos estimates that the average cost to recover from a ransomware attack is $1.85 million. Yet this figure is not simply the typical cost of paying a ransom. It accounts for the downtime, people time, device costs, network costs and other lost opportunities when a company struggles to recover from an attack quickly.
To mitigate these costs, a playbook should be developed outlining the process of performing data backup – who is involved, which programs and products they use and the location of the backups. It should also include the procedure for testing, reviewing and updating the process.
Should any staff be absent in the event of an attack, or critical cogs in the recovery chain leave the company, the firm will still retain a step-by-step guide enabling them to respond effectively.
Technology and tools
Certain technologies and tools can enhance the recovery process, making it easier to achieve best practices.
There are a variety of data backup and recovery software solutions on the market. Almost all will offer the ability to create multiple copies of key applications, documents, files, and folders, housing these in different locations (in line with the 3-2-1 rule). However, they all differ slightly.
Some will be able to perform backups of disk images, mailboxes or virtual machines, and databases on many data storage devices, for example. To differentiate between providers, consider your exact needs.
Ask key questions. Is your business heavily reliant on email? Do your staff need to be able to access these contacts via their inbox? In doing so, you’ll ensure you have everything you need without paying for unwanted or unneeded extras.
Use of encryption
That said, one solution we do recommend you tap into is encryption.
Encryption of backups provides an additional security measure that can help to protect data should it be misplaced, stolen or compromised. Interestingly, IBM’s 2019 Cost of a Data Breach Report pointed to the extensive use of encryption as having the greatest impact in reducing breach costs – ahead of data loss prevention, threat intelligence sharing and integrating security in the software development process (DevSecOps).
By providing employees with removable USBs and hard drives that automatically encrypt all data written to them, companies can give everyone the capability to securely store data offline. It’s also the perfect solution for remote working, allowing employees to move data to, and from, office to home safely. These devices can also be used to back up data locally, mitigating the risk of targeting in the cloud.
Hardware encryption offers much greater security than software encryption and PIN pad authenticated, hardware-encrypted USB storage devices offer additional, significant benefits. Being software-free eliminates the risk of keylogging and doesn’t restrict usage to specific operating systems; all authentication and encryption processes take place within the device itself, so passwords and key data are never shared with a host computer. Encryption is therefore critical. As well as helping to reduce the financial impact of a breach, it is a means of demonstrating your trustworthiness and reliability in the realm of data protection, providing your own data-anxious customers with complete peace of mind.