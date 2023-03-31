On the occasion of the world day of backupadvice from Barracuda experts for an effective backup plan against hackers and threats of all kinds.
The latest search for Barracuda Networks shows that in 2022, only 52% of ransomware victims restored encrypted data through backup. In contrast, approximately one in three companies (34%) paid the ransom. For some, in fact, this represented the only chance to get their data back, either because they didn’t have adequate backup systems or because hackers had managed to access the backups and delete the files.
Locating, disabling, or deleting backup data is now an integral part of an attack ransomware. If in the plan of backup any security gap exists, attackers will find a way to exploit it.
Here are hackers’ favorite backup strategies, according to Barracuda:
- High levels of access to backup software – The more people who can access backup software, the greater the risk that attackers will use stolen credentials with domain administration rights or other privileged access rights to infiltrate.
- Network-attached backup systems – If a backup system is connected to the corporate network, hackers can move laterally, starting with the compromised endpoint, to locate and gain access to the backup software, and ultimately disable, remove, or purge the saved files.
- Remote access to backup systems – If backup systems need to remotely connect to servers to save or manage data, a lax approach to password authentication can expose protected systems in the event credentials are stolen or discovered.
- Infrequent backups – Even if you have an effective backup, running it infrequently means you risk losing days, weeks, or even months of data in the event of sudden recovery needs following a crisis.
- Untested Backups – It might seem obvious, but you never know if a backup and restore process works until you test it.
An effective backup strategy
Here are some best practices to define a truly effective backup strategy, focused on security, but also on business continuity:
- Extend backup to everything, not just business data. A full backup will allow you to recover your systems more quickly after a crash. It is also advisable to consider the implementation of an automatic backup service, which guarantees regular backups of all data and minimizes data loss in the recovery phase.
- Try to avoid running backup manager on Windows OS, which is relatively easy to hack. Linux or another platform might be safer choices. Also, it is important to ensure that anti-malware software is running on the backup server.
- Check that the backup systems are not connected to the corporate domain: an attacker could gain access with a compromised domain administration account.
- Implement multi-factor authentication and Role Based Access Control (RBAC) to ensure that only a limited number of authorized users can access the backup. It is also advisable to restrict the ability to permanently delete saved files to very few users.
- Replicate backups off-site to a remote site or cloud provider that provides a level of security with air gap techniques between the local, on-premise backup servers and the external solution.
- If you are backing up data located in the cloud, it is recommended that the backup process also take place in the cloud, as it is the safest option. Also, make sure that all backup data is encrypted, both at rest and in transit.
- Use the golden rule of 3-2-1: three backup copies on two different media, one of which is kept offline.
- Poor implementation can frustrate even the best intentions. For this it is necessary to take care of every aspect and then test it. For every case where a backup server was attacked but the business was saved by having the data copy kept offsite, there is likely another case where the attackers were able to wipe both the primary and secondary, because the login credentials were the same.