INTELLIGENT SOFTWARE BUSINESS
Repelling ransomware
Placing tight permissions on data is all well
and good but realistically it will not help
businesses, given that credentials can be
obtained with a keylogger or through social
engineering. Instead, to protect themselves
against the threat of insider threats and
ransomware, businesses should look to air
gapped backups, which are essentially off-
line backups that cannot be manipulated
or deleted remotely. The criticality of
the workloads and data within business
environments demands a 3-2-1 rule,
whereby three copies of the company data
should be saved on two different media
and one copy should be off-site. Here are
four options for effective data backup:
1.
Backup Copy Job to disk
The first option is to transfer the data from
one location to another using Backup Copy
Job. Here, a file is not just copied, but the
individual restore points within the backup
are read and written to a second disk
destination. Should the primary backup be
encrypted or become corrupt, the Backup
Copy Job would also fail because the vendor
would not be able to interpret the data.
In such a scenario, the only hope is
that the second backup repository has
been separated from the rest of the IT
environment. One could also use a Linux-
based backup repository to secure against
Windows Trojans.
2.
Nothing can
be taken for
granted in the
cybersecurity
space, as threats
are constantly
shifting and the
number of attack
surfaces grow
with every new
device added to
a network.
This is because tapes do not enable direct
data access, and thus provide protection
against ransomware. Just like rotatable
media, tapes should be exported to a
secure location for optimum protection.
4. Storage snapshots and
replicated VMs
Organisations can enjoy additional
availability and ways to implement the
3-2-1 rule with storage snapshots and
replicated VMs. These are semi off-line
instances of data that can be resilient
against malware propagation.
Never pay a ransom again
The ability to restore data means no
business should ever have to pay a ransom.
However, nothing can be taken for granted
in the cybersecurity space, as threats are
constantly shifting and the number of
attack surfaces grow with every new device
added to a network.
Businesses must assume it is a case
of when an attack will happen, not if. To
remain agile and in control of both new and
emerging threats, security must no longer
operate as a silo IT function but rather as a
fundamental business process and enabler.
Ransomware must be prevented where
possible, detected if it gains access to
systems and contained to limit damage.
But only through a collaborative and
integrated approach, which ensures both
security policies and SLAs align with
business objectives, can organisations
have confidence their data is as secure
and available as possible. Doing so gives
them the best chance of keeping their
organisation one step ahead of the cyber
criminals, as they look to realise the
benefits of digitisation.
Removable hard disks
Another option is to use a removable storage
device as the secondary repository. This is
usually done with removable hard drives
such as USB disks, which aren’t commonly
recommended for security purposes but,
if stored in a secure location, could be a
viable option for avoiding ransomware. In
addition, when it comes to media rotation,
it is possible to detect when an old piece
of media is re-inserted and automatically
ensure that old backup files are deleted and
a new backup chain is started.
3.
Tape
The once-condemned tape option is
becoming an increasingly popular option
for IT with regards to encryption Trojans.
47