Cyber Security

How can we protect our local backups from being encrypted during a major ransomware attack?

CH Asked by Christopher Evans · 05-01-2024
0 upvotes 15,642 views 0 comments
The question

I’m terrified of our backups being wiped out along with our primary data during a ransomware event. We currently use an on-site NAS for our backups. If an admin account is compromised, the attacker could easily delete our entire history. What are the most reliable methods for creating "Immutable Backups" that can't be modified even by someone with full administrative access?

 

3 answers

0
PA
Answered on 07-01-2024

To protect against ransomware, you need to implement the 3-2-1-1-0 rule: 3 copies of data, 2 different media types, 1 offsite, 1 immutable (offline), and 0 errors. For immutability, look into Object Lock technology provided by cloud providers like AWS S3 or Wasabi. Once a backup is written with a lock, it literally cannot be deleted or changed by anyone, including the root user, for a set period. On-site, you can use a Linux-based hardened repository. The goal is to create a physical or logical "Air Gap" so that your recovery path remains clean regardless of how deep the infection goes in your main network. 

0
MI
Answered on 09-01-2024

Are you testing your "Restore Speed" regularly, or are you only focused on the storage part of the backup process right now? 

JA 10-01-2024

Michael, that's where most people fail! We realized that while our cloud backups were safe, it would take us 14 days to download everything over our current internet connection. We’ve since moved to a hybrid model where we keep a "Snapshot" on a disconnected local drive for the first 24 hours, and then ship the older data to the immutable cloud. This gives us the speed for small restores and the absolute security for a total disaster. Testing a full recovery once a quarter is the only way to sleep soundly.

0
BA
Answered on 11-01-2024

Use Multi-Person Authentication (MPA) for your backup deletion tasks. It requires two people to approve a delete request, preventing a single compromised admin from causing total data loss. 

CH 12-01-2024

Adding a second set of eyes to critical deletions is a simple but incredibly powerful layer of defense that many companies overlook until it's too late.

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

World globe icon Country: Canada

Book Free Session