We’ve seen reports of ransomware now targeting backup servers directly to prevent recovery. We currently use off-site cloud backups, but I'm worried about the "immutability" of those records. What are the best strategies to ensure our backups remain untouchable even if our primary admin credentials are compromised by an attacker?
3 answers
Segment your backup network strictly. No one should be able to reach the backup server from the general office VLAN. Use a dedicated management console that requires hardware tokens.
Have you tested your "cold start" recovery time lately? Having immutable backups is great, but if it takes two weeks to pull them down from the cloud, your business might not survive the downtime anyway.
Kevin makes a great point. We started doing quarterly "Fire Drills" where we restore a critical server from the immutable bucket. It taught us that our bandwidth was a bottleneck, so we upgraded our pipes specifically for recovery scenarios. It's better to find that out during a test than a real crisis.
You need to implement the 3-2-1-1 rule. That’s three copies of data, on two different media, one offsite, and one "immutable" or "air-gapped." Immutability is the game-changer here. Many cloud providers offer "Object Lock" features where even an admin cannot delete or encrypt the data for a set period. Also, ensure your backup environment is on a completely separate domain with separate MFA. If your primary Active Directory is compromised, you don't want the attacker to have a straight path to your backups using the same set of stolen credentials.
This is essential, Linda. Network isolation for backup infrastructure is often overlooked but it's the first thing a sophisticated attacker will look for to disable your recovery.