Each year, I speak at numerous conferences and company board meetings, most often about cybersecurity, the latest threats attacking small businesses, and sophisticated technological solutions to meet those challenges. The conversations summarize current scary statistics and help stakeholders prepare a proper strategy to protect their assets. However, at some point in every conversation, I must pause… reset… and remind the audience about the importance of data backups. While backups aren’t as sexy as a “passwordless environment” or “Managed Detection and Response,” they remain the single best protection against a security incident.
Unfortunately, when engaging with a new client, I almost always encounter two issues. First, the client thinks that their backups have been configured optimally. Upon review, I find that they are not. Second, the client thinks that they have good backup data. Upon testing, I find that they cannot restore from backups they think completed “successfully.”
To help avoid these common, yet dangerous misconceptions, this article identifies three critical issues related to backups: immutability, an air gap, and proper testing and verification. At the end, I provide three simple questions to ask your tech team to ensure your data is properly secured.
Definition and Context
Within information technology, a data backup – or simply, backup – is the practice of copying data from a primary to secondary location, to protect it in the case of accident, disaster, or malicious action. A comprehensive backup strategy encompasses multiple aspects, including regular backups, redundancy, and off-site storage. To achieve a reliable backup process, businesses must identify all critical devices (usually, servers and workstations) and adopt a combination of local and remote backups, ensuring data availability in case of hardware failures, natural disasters, or cyber incidents.
According to a study by the Ponemon Institute, 67% of businesses experienced data loss due to insufficient backup processes. (1) It is vital to prioritize properly configured backups to mitigate such risks.
Immutability
All backups should be immutable. “Immutable” refers to the quality of data that cannot be modified, altered, or deleted. Immutable data backups are protected from unauthorized changes or tampering, ensuring the integrity and authenticity of the stored information. Additionally,Immutable backups offer several key benefits:
Ransomware Mitigation
Ransomware attacks encrypt an organization’s data, holding it hostage until a ransom is paid. Immutable backups protect against these attacks by ensuring that backup data cannot be modified or deleted by unauthorized parties, preventing ransomware from compromising the restore points. This allows organizations to restore their systems and data without paying a ransom.
A notable example highlighting the benefits of immutable backups is the case of the University of California San Francisco (UCSF). When UCSF fell victim to a ransomware attack, they were able to restore some systems using immutable backups, ultimately avoiding the need to pay the entire ransom. Sadly, they did pay some ransom, as they needed to recover the portion of the backup that was not immutable. (2)
Data Integrity and Compliance
Immutable backups provide assurance of data integrity and authenticity. By preventing unauthorized modifications, organizations can meet regulatory compliance requirements and maintain the trustworthiness of their stored information. Immutable backups also serve as an audit trail, facilitating forensic analysis and investigations in case of security incidents or data breaches.
Protection Against Insider Threats
Immutable backups safeguard against insider threats, where malicious insiders may attempt to tamper with or delete critical data. By making backups immutable, organizations can ensure that even privileged insiders cannot alter the stored data, adding an extra layer of protection against internal security risks.
Long-Term Data Preservation
Immutable backups are particularly beneficial for organizations that need to retain data for extended periods. By preventing accidental or intentional data modifications or deletions, immutable backups ensure the preservation of historical data, meeting archival requirements and legal obligations.
Air Gap
All backups should include an air gap. An “air gap” refers to the physical or logical separation of backup systems from the primary network and the internet. It involves isolating critical data by keeping it offline or on a separate network that is not directly connected to the organization’s primary infrastructure. This isolation creates a gap, or barrier, which prevents unauthorized access or tampering with the backup data.
According to a survey conducted by IBM Security, businesses that implemented an air gap in their backup strategy reduced the impact of cyberattacks by 75%. (3)
An air gap provides several significant benefits for organizations:
Protection Against Ransomware Attacks
Ransomware attacks have become a pervasive threat, and an air gap acts as a powerful defense mechanism. By keeping backup systems separate from the primary network, an air gap ensures that even if ransomware infiltrates the organization’s infrastructure, it cannot spread to or compromise the backup data. This separation allows businesses to restore their systems and data without succumbing to ransom demands.
According to CSO Online, organizations that employed an air gap in their backup strategy significantly minimized the risk of ransomware spreading to their backups, enhancing their ability to recover critical data. (4)
Defense Against Insider Threats
Insider threats, whether intentional or accidental, pose a significant risk to data security. An air gap acts as a safeguard against internal threats by physically isolating backup systems from the primary network. This separation ensures that even if an insider with malicious intent or an unwitting employee compromises the primary network, the backup data remains protected and unaffected.
Safeguarding Against Physical Disasters and Hardware Failures
Data loss can occur due to physical disasters, such as fires, floods, or hardware failures. By storing backups offline or on a separate network, protected by an air gap, organizations ensure the preservation and availability of critical data, even if the primary infrastructure is compromised or hardware failures occur.
The National Archives and Records Administration (NARA) conducted a survey that revealed businesses with a separate and offline backup strategy recovered faster and more successfully from disasters compared to those relying solely on online backups. (5)
Testing and Verification
All backups should be regularly tested and verified. Implementing a backup solution alone is not sufficient. Regular testing and verification are essential to ensure the recoverability of your data. Businesses should periodically test their backup systems to verify the integrity of their backups and the effectiveness of their recovery processes.
According to a survey by Datto, 58% of small businesses that experienced a data loss event had inadequate backup testing. (6)
To avoid falling victim to insufficient backups, it is crucial to establish routine backup testing protocols and evaluate the success of recovery operations. Many backup applications will mark a backup job as “Complete” without verifying the integrity of the data. While checking that backup processes successfully completed is important, it’s only the first step. On at least a monthly basis, tech teams should randomly select a file from each critical device, restore it, and verify that the data is intact. If it is not, you have an opportunity to repair processes before you suffer a data loss.
Three Questions for Your Tech Team
Considering the importance of data backups, including immutability, an air gap, and proper testing, please discuss your current backup processes with your tech team. Any IT professional should be able to answer the following three questions quickly and without defensiveness:
- Are our data backups immutable?
- Does an air gap exist between our production network and our backups?
- Do we test the integrity of our backup data (at least) monthly?
Dynamic Edge Can Help
Since 1999, Dynamic Edge has helped hundreds of small and mid-sized businesses maximize the return on their technology investment. Contact us today for a free network assessment, so that we may help you implement cost-effective security solutions to keep your organization and its clients safe and productive. Our Help Desk features friendly, experienced engineers who answer calls live and solve more than 70% of issues on the first call.
- https://www.ponemon.org/research/ponemon-library/?tag=4
- https://www.bleepingcomputer.com/news/security/uc-san-francisco-pays-114-million-for-ransomware-decryptor/
- https://www.ibm.com/downloads/cas/3R8N1DZJ
- https://www.csoonline.com/article/563507/what-is-ransomware-how-it-works-and-how-to-remove-it.html
- https://www.archives.gov/files/records-mgmt/essential-records/essential-records-guide.pdf
- https://www.datto.com/resource-downloads/Datto-State-of-the-Channel-Ransomware-Report-v2-1.pdf