Backup and Disaster Recovery Ransomware

How to Extend Ransomware Protection to Your Backups So Your Data Is Always Secure

July 28th, 2022

By Nikhil Korgaonkar, Regional Director, Arcserve India

The discussion regarding data security is never-ending. However, most of the time, the focus is only on cybersecurity. But data protection and ensuring business continuity are the ultimate goals of any cybersecurity strategy. With that in mind, I’d like to share some data protection strategies that can help your organization protect its data, especially if you fall victim to a ransomware attack.

Cybersecurity Isn’t Enough

A complete understanding of your network security is always an aspiration but is never simple. CIOs and CISOs today must have a game plan that ensures that their enterprise network and all applications running on it are protected from all forms of cyberattack.

To achieve such levels of security, it is always advised that you maintain a secure cyber landscape while minimizing the complexities of your IT environment. Every vendor and solution you deploy introduces potential weak spots and gaps in your security coverage. Mitigating this requires a multi-pronged and unified threat management approach—including malware detection, deep learning neural networks, and anti-exploit technology—combined with secure backup and disaster recovery (DR) capabilities that can close these security gaps for complete ransomware protection. This strategy alone can provide you with a first and last line of defense.

Ransomware attacks increasingly target backups, so you must ensure that your backup system doesn’t allow direct access to backed-up files. At Arcserve, we recommend that once strategies are in place and backups are created, you should perform a test restore to a backup server at least once a month to confirm that the restored data is functioning correctly. By testing your backup and restore strategies, you can assess whether your backups are accurate and be prepared for a possible disaster.

We also highly recommend the 3-2-1-1 backup strategy, which offers a high level of protection against data loss, especially in the event of a fire or natural disaster. The rule is simple: Keep three copies of your data—one primary and two backups—with two copies stored locally on two formats (network-attached storage, tape, or local drive) and one copy stored offsite in the cloud or secure storage. The extra “1” in 3-2-1-1 stands for immutable storage.  

You also need to stay current with patching and updates and ensure the tasks are, in fact, completed so important security fixes don’t fall through the cracks. Automating maintenance tasks and creating an enterprise-wide cybersecurity education and training strategy are also basic data protection hygiene processes.

Data Resilience and Fast Recovery

Data resilience is the ability to protect against and recover quickly from a data loss regardless of its cause—ransomware, cyberattack, data theft, natural disaster, hardware failure, or human error.

Achieving data resilience requires technologies and strategies that help you maintain data availability and accessibility. That minimizes any disruptions or downtime that can lead to tangible—and intangible—losses to your business. Technologies like cluster storage, data replication, backup, and disaster recovery help minimize the damage caused by cyber threats. All of these should be elements of your data resiliency game plan, which can help your company get back on its feet as quickly as possible—with minimal data loss.

A solid data resilience strategy includes two critical metrics, recovery point objectives (RPO) and recovery time objectives (RTO).

RPO defines the amount of data your organization can stand to lose in a disaster. Establishing your RPO can help you determine how often you need to back up your data and what type of infrastructure you need to support your backup plan. It is less about the actual execution of recovery and more about establishing the framework.

By contrast, RTO helps your organization understand the impacts of downtime and enables you to make informed decisions for your data resilience plan. For example, suppose you find that your business can only handle an hour or two of downtime. In that case, you should consider investing in a disaster-recovery solution that lets you get back up and running within that time frame.

Ultimately, planning is the most essential element of ensuring data resilience. The better you plan your processes—with the right solutions in place for your situation—and then test them before an actual disaster strikes, the better your chances of success. Regular testing of your data resilience plan should be standard practice. At a minimum, you should prioritize scheduled testing of your data backup and recovery capabilities to ensure you can reliably restore your data if a cyberattack or other disaster strikes.

Ransomware-Proof Backups With Immutable Storage

Immutable storage is an essential part of a comprehensive ransomware protection strategy. Immutable backups can’t be overwritten, changed, tampered with, or deleted—even by someone with admin rights.

Immutability is different from data encryption as there is no key, so there should be no way to “read” or reverse the immutability. Immutable backup data storage simplifies your DR efforts because there should always be a clean, current copy of your data available to be restored once remediation is complete.

At Arcserve, our focus on immutable solutions lets us deliver continuous data protection (CDP) by taking low-overhead snapshots every 90 seconds. These snapshots are a view of your file system at the moment the snapshot was taken. That means you can go back to specific points in time and recover entire file systems in minutes. Using network-attached storage (NAS) that includes immutability’s write-once read-many-times capabilities ensures that your backups are secure, accessible, and recoverable.

At Arcserve, our immutable solutions are purpose-built so you can add storage—one drive at a time or multiple nodes in a cluster— seamlessly as the organization grows. This dynamic scalability also minimizes storage costs because you don’t have to allocate wasted storage capacity to meet potential usage spikes, as with inflexible scale-up storage.

Air Gapped-Backups: What Can’t Be Found Can’t Be Compromised

Keeping your data backed up is crucial to ransomware recovery. However, as I noted above, hackers now focus much of their energy and tactics on compromising backups. To counter this, you should consider securing your backups with air-gapping technologies. Air-gapping is a practical and cost-effective way to secure your backup data.

Air-gapping can be either physical, logical, or both. A physical air gap means the backups are stored on media disconnected from the IT environment, often using tape backup solutions. Tape has returned to the IT forefront because it offers high storage capacity, affordability, and reliability for data backups. A logical air gap stays connected to your network while giving you controls that let you isolate your backup data from your production environment. Both physical and logical air-gapped storage solutions are affordable, making them attractive backup options. But, using an immutable storage system makes sense for keeping on-premises backups.

For your 3-2-1-1 plan, keep one copy air-gapped in a separate location, disconnected from the company network. A ransomware attack can’t encrypt this copy, and it is protected from localized threats like fire. It should also be accessible from anywhere, so anyone on your IT team can initiate recovery efforts. The bottom line behind air-gapping is that your data can't be compromised if ransomware can’t “see” or find these backups.

Zero Trust and Data Protection

When you move to a zero-trust model, you continuously limit data access by anyone to only what they need to perform their job. The driver behind zero trust is simple: 82 percent of all breaches involve the human element. All it takes is one person in your organization clicking on a malicious link or downloading an infected PDF to immediately put your network and data at risk from malware and ransomware. A successful zero-trust model requires everyone in your organization, from top to bottom, to understand and commit to zero-trust principles.

The zero-trust model includes monitoring for unusual or malicious activities, granular role-based access controls (RBAC), and automated, coordinated system security throughout your infrastructure. When moving to a zero-trust model, you should also focus on protecting critical data in real-time. That’s why we designed Arcserve UDP to support zero-trust security strategies and minimize exposure of essential data backups to external threats. We also believe in going beyond zero trust by completely isolating your backups and monitoring and minimizing access to backup data so that your organization can recover its data in the event of a disaster.

Find Out More

For help with choosing and deploying Arcserve data protection and backup and disaster recovery solutions, find an expert Arcserve technology partner. And check out our on-demand demos to see for yourself how Arcserve products can help protect your data.