Cyber Security

How can we ensure our backups are safe from modern ransomware encryption?

EL Asked by Elizabeth Carter · 05-02-2023
0 upvotes 11,254 views 0 comments
The question

We’ve seen reports of ransomware now targeting backup servers directly to prevent recovery. We currently use off-site cloud backups, but I'm worried about the "immutability" of those records. What are the best strategies to ensure our backups remain untouchable even if our primary admin credentials are compromised by an attacker? 

3 answers

0
L
Answered on 06-02-2023

Segment your backup network strictly. No one should be able to reach the backup server from the general office VLAN. Use a dedicated management console that requires hardware tokens. 

BA 07-02-2023

This is essential, Linda. Network isolation for backup infrastructure is often overlooked but it's the first thing a sophisticated attacker will look for to disable your recovery.

0
KE
Answered on 09-02-2023

Have you tested your "cold start" recovery time lately? Having immutable backups is great, but if it takes two weeks to pull them down from the cloud, your business might not survive the downtime anyway. 

ST 10-02-2023

Kevin makes a great point. We started doing quarterly "Fire Drills" where we restore a critical server from the immutable bucket. It taught us that our bandwidth was a bottleneck, so we upgraded our pipes specifically for recovery scenarios. It's better to find that out during a test than a real crisis.

0
BA
Answered on 07-02-2024

You need to implement the 3-2-1-1 rule. That’s three copies of data, on two different media, one offsite, and one "immutable" or "air-gapped." Immutability is the game-changer here. Many cloud providers offer "Object Lock" features where even an admin cannot delete or encrypt the data for a set period. Also, ensure your backup environment is on a completely separate domain with separate MFA. If your primary Active Directory is compromised, you don't want the attacker to have a straight path to your backups using the same set of stolen credentials. 

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

Book Free Session