Immutable backups are the last line of defence against an advanced ransomware threat. As no one, not even an administrator, can alter the protected data, these solutions offer a proven safeguard against ransomware campaigns that target an organisation’s backups.
What Are Immutable Backups?
An immutable backup is a backup that does not change over time and cannot be changed. In theory, all backups should have these characteristics. They are by their very definition, an offline, independent copy of your data. However, immutability takes this definition one step further. It adds a layer of security that protects the data from any change. By enabling immutability on your backups, you effectively lock out any changes for a set period.
Immutability and Ransomware
Ransomware is a lucrative enterprise for cybercriminals. With high returns for very little investment, they continuously adapt their tactics to ensure their victims have no choice when paying the ransom. Typically, organisations could always restore their data if a ransomware attack succeeded in encrypting their data. However, advanced ransomware campaigns target backups first. Cybercriminals realised that encrypting or deleting an organisation’s data during an attack increased the likelihood of a payout. As the organisation had no fallback position, they would either need to pay the ransom or lose their data forever.
Immutable backups mitigate this risk. Locking out any changes protects organisations from ransomware that targets their backups and their data.
Backup Best Practices
Even if your backup solution provides immutable protection against ransomware, you still need to align your data backup strategy with your business requirements. Immutability is a defensive layer that protects your backup solution. At its core, it still needs to meet the organisation’s data protection requirements – protect all data and recover it as quickly as possible in the event of a data loss incident.
Define Your Backup Scope
Defining your backup scope is a vital component of any data protection strategy. If ransomware encrypts a server and you need to recover it, finding out you never backed it up is far from the ideal scenario. Due to the dynamic nature of IT, you must also revisit your backup scope regularly. If the organisation adds a vital server, you must reconfigure your backup policies to include it.
Use Remote Storage
A robust data protection strategy requires an offsite, independent copy of the data. Using remote storage for your backups meets offsite compliance requirements and improves your protection against ransomware. As advanced campaigns target backups first, having these stored in a secure, remote location increases your security. In addition to providing an offsite defensive capability against ransomware, cloud backups offer operational flexibility. As you are leveraging an enterprise backup platform, you can scale your backup retention policies to ensure maximum protection. The location of your cloud service provider is also a factor that can impact your ability to recover rapidly. Leveraging a service provider with data centres in Australia gives you the capability to restore data quickly. It also offers the added benefit of meeting any data sovereignty requirements.
Test Your Restores
No backup strategy or policy is complete unless you test your restores regularly. Not only does it provide the assurance that you can recover your data, but it also highlights any inefficiencies in your restore process. For example, you might discover that the recovery process exceeds the organisation’s acceptable threshold. You may also find that your backups are missing vital data. Identifying and rectifying these issues is critical as discovering them during a ransomware attack is too late.
Recovery Points
Frequently backing up your data increases your recovery rate in the event of a ransomware attack. If you only backup your data once a day, you run the risk of losing 23 hours’ worth of data as a worst-case scenario. Depending on the systems affected, this situation could be catastrophic to some organisations. Legacy backup solutions forced IT to use long recovery points due to limited storage capacity. However, with modern platforms being cloud-based, this constraint is no longer an impediment. Backing up your data as regularly as possible limits the potential destruction of a ransomware attack.
Recovery Times
In many instances, recovery time is as vital as the restored data. Taking days to recover from a ransomware incident can severely impact operations. Depending on the organisation’s business model, it could also lead to irreparable reputational harm. During regular test restores, you must measure the restore time. If it exceeds an acceptable threshold, you will need to adapt your data protection policies accordingly.
Technology and Process Are Both Vital in the Fight Against Ransomware
Immutable backups provide a robust solution against advanced ransomware threats. However, having immutable backups alone does not necessarily mean total protection for your organisation. Defending against an advanced ransomware attack requires a combination of technology and process. Policies and procedures such as your backup scope, using remote storage, testing your restores, and recovery point and time objectives are equally vital.
To support organisations as they plan for this evolving threat environment, AUCloud have published a white paper to give you the information you need.
“How confident are you that you can recover from a ransomware attack” has been written for a government and critical national industry audience who need to incorporate Sovereign Data requirements into their ransomware mitigation strategies.
You can download your complimentary copy by clicking on this link:
