In the Event of a Cyberattack, Secure Your Data First
The cybersecurity fallout from the Russian invasion of Ukraine will be felt for months and years to come. It will become a long-lasting problem for organizations of all sizes and government agencies, particularly those managing national and state infrastructure.
The past few years—especially with the onset of the COVID-19 pandemic—have been transformational and the importance of data security has been thrust into the spotlight as bad actors exploited and profited from resulting vulnerabilities with ransomware and other malware. Organizations’ data was held hostage as attacks targeted not only production data but every possible copy of within the IT infrastructure. Recent examples like Colonial Pipeline and the SolarWinds supply chain attacks have shown the vulnerability of our national infrastructure and the potential for damage. Both culprits responsible for those attacks were believed to be foreign cybercriminals, which brings up another issue: In most situations, it is very difficult to prosecute these criminals because they are outside of our national jurisdiction; we may not have extradition agreements and, most importantly, it is extremely difficult to find cybercriminals given that they are able to hide on the dark web to remain anonymous. Furthermore, the preferred way for victims to make ransom payments is by using cryptocurrency, which is anonymous and for all intents and purposes untraceable. To further complicate the issue, once ransom payments are made, there’s no guarantee that criminals will honor their end of the bargain—data still could be held hostage. Even with careful precautions, if an attack happens, an organization must have clear steps in place for a recovery plan.
Prioritize Data Recovery During a Cyberattack
Organizations must assume that threats will remain and attacks will continue—but with the right recovery strategy, these threats and attacks don’t have to succeed. Two best practices for a recovery strategy relate to data backups. Organizations should secure their data first, before a cyberattack even happens and have both an unbreakable backup and an immutable backup in place.Â
Unbreakable Backup
The first part of your recovery strategy should entail having a backup that is essentially unbreakable. The ideal solution(s) should include features like file fingerprinting, file redundancy, file serialization, secure time stamp and auto file repair, as well as the necessary capabilities to ensure regulatory compliance. And, importantly, the admin keys should be stored in a separate location for added protection. While an unbreakable backup is ideal to protect against ransomware and external threats, it’s equally valuable for data defense internally. An unbreakable backup is just as it sounds—the data is locked down, so to speak, so the backup can’t be damaged or tampered with and the company need not worry about data loss or downtime should an insider threat be lurking. Malicious actors may target the company’s backups just as ransomware does, so the goal with unbreakable backup is to have a solution that eliminates a company’s concerns about the ability to recover its backup.Â
Immutable BackupÂ
Part two of your recovery strategy should incorporate immutable backups. As with unbreakable backup, immutable backups are a perfect solution when external threats are the issue—and this type of backup is just as useful to guard against insider threats. The goal here is to give companies a backup target that lets them lock their backups for a predetermined period of time: An immutable retention period, if you will.
Ideally, this type of solution will integrate with write once, read many (WORM) immutable storage that many cloud providers now offer, which prevents file alteration during a designated time period. The result is the creation of immutable backups that no user can delete.
Organizational defenses should be equal to the level of threat—which means assuming the worst and putting the best solution in place, particularly when it comes to ensuring recovery while protecting data backups.Â
