Backups are an Essential Aspect of your Organization’s Cyber Security Protection

Image credit: Unsplash.com

Image credit: Unsplash.com

1

David Owens, Vice President of Sales and Marketing, FSN
Goering Center eNewsletter April 2018

Reliable and restorable backups are one of the fundamental foundations provided by IT personnel.   Ensuring business continuity and the integrity of your data, including your customers’ sensitive information, is paramount in today’s digital age.

Traditionally, backups have been deployed as an insurance practice for when things go wrong in terms of hardware failures or disaster recovery events, including building fires or other natural occurrences, like floods and tornadoes.

In today’s era of prevalent cyber security threats, backups are equally important for restoring data as a result of a cyber-attack, where your data gets encrypted then held for ransom by criminal elements.

According to Cybersecurity Ventures, cybercrime damage costs are expected to hit $6 trillion annually by 2021.  Cybercrime has become the most insidious and destructive threat that businesses and organizations of all types face today.

While it was once thought that cyber threats were only a concern for major corporations and other large businesses, hackers are now frequently targeting small and middle-market organizations.

  •  Over 90 percent of cyber-attacks start with a phishing email
  •  43 percent of cyber-attacks target businesses with less than 100 employees

Cyber criminals are working hard to find ways to breach your security.  You need to do all you can to protect your business and your customer data.  Among the data security defense tools in your arsenal are reliable and restorable backups.

If companies don’t have the ability to restore data from a backup job prior to the phishing event that encrypts your data – then paying the ransom to the cyber criminals might be the only recourse.  Besides being a costly endeavor, your data might not be restored, as there is no honor among thieves.

The more data that is lost or compromised, the greater the negative business impact.  Clients might lose faith in your ability to safely deliver products and services, either resulting in lost revenue or liability that could ultimately end in bankruptcy.

Part of a good backups protocol is being able to restore business operations to the condition it was in before your data and software applications were encrypted by the cyber criminals.

Below is the best practice 3-2-1-0 backup strategy:

3: Maintain at least three copies of your data.  One active production copy of your software application running on your server platform (either on-premises, hosted or co-located) and two backup jobs.  The first backup job is local for quick file restores, when a user accidently deletes a file.  The second copy is located at a different geographical location in case of a disaster recovery scenario.

2: Store your backups on two different hardware platforms.  One reason for this is to avoid your backup targets processing the same vulnerabilities.   Backups jobs should never be susceptible to the same point of failure.  As an example, hard drives on the same computing platform could be corrupted by the same virus or hardware failure.   By leveraging different hardware platforms, you can reduce your exposure to the same incident on your backups jobs.

For the local backup target, we recommend a Network Attached Storage (NAS) appliance as a cost-effective storage solution – independent of your active production data on either your server or a storage area network (SAN) under a high-availability configuration.

1: Consider when a catastrophe occurs at your primary data center, whether on-premises or hosted in a private cloud, if all your data is in one place then you are at risk of losing all your critical business data.

For your offsite disaster recovery copy, the hardware storing your secondary copy should be in a physically distant data center. 

0: Verify your recovery plan has zero errors.  It is not uncommon for organizations to deploy a data recovery plan but fail to validate that it performs as required.  Daily monitoring of successful backup jobs and regularly scheduled recovery testing are essential to ensure if you lose data, either to an unexpected event or a criminal act, your organization can be operational in a nominal amount of time.

Regarding your backup solution, two other aspects to consider include having an image based backup vs. file level backup to improve your Recovery Time Objective (RTO).  Determine the Recovery Point Objective (RPO) of how often incremental snapshots should occur, with the goal of keeping a full backup for restoration, in case of a cyber security episode.

In the case of an incident where you need to restore a backup due to a hardware failure, having the entire server or PC image backup will allow recovery in a significantly lesser period of time vs. individually installing operating system functions, the software applications, and then the numerous files.  RTO is important to critical business functions, where hours of downtime vs. days widely impacts your business operations.

Further, the frequency of the backup and the total retention time need to be determined based on specific business needs.  Part of this decision is the financial calculation of the total amount of storage investment for both local and offsite backups necessary to accomplish the defined RPO.