Data backup is not cyber security… or is it?
Although few security officers would consider backup as security, there is a strong argument that backup should be the most secure application in any organisation.
Why? Because sh*t happens – every day. Most of the time, your business is expecting it, and taking steps to prevent it. For example, there are not many big businesses today that don’t have multiple EDR and XDR tools in place, and fewer still that aren’t taking steps to educate their employees on phishing attacks.
But sometimes, when sh*t happens, the cause is totally unexpected.
The irony of a leading cyber security company causing a massive global IT outage last month was not lost on anyone (you know the one we’re talking about).
The fact that such catastrophic disruption could be caused by accident, only serves to remind us of the need to shift towards a resilience strategy over a security one.
It’s natural for technology leaders to want to prevent harmful and disruptive incidents, but the prioritisation of cyber security over data resiliency appears to be misplaced.
Cyber security only shortens the odds of an incident. No matter how small the odds, while there’s a risk, business leaders need to make sure there is a robust recovery plan in place?
Closing the Recovery Gap – 10 ways to harden your backup system
In this guide, we focus on practical steps you can take to make your backup more secure and resilient. While we’ll dive deeper into the role of backup in threat detection in future articles, for now, let’s focus on securing your backup as your safety net.
1. Deploy Multi-Factor Authentication – The last thing you want is to grant attackers administration rights to wipe your backup data.
2. Implement 4-Eyes or Command Approval – Backup administrators have privileged access to data. Trust is essential, but having two people approve critical actions, as demonstrated by the CrowdStrike incident, helps prevent mistakes.
3. Turn on Backup Encryption – While it won’t stop ransomware, encrypting your backups ensures that attackers can’t read your sensitive data, reducing the fear of extortion.
4. Use Complex Passwords for Backup System Access – This basic step is still crucial. Simple passwords make you vulnerable.
5. Decouple Your Backup System from Active Directory – Avoid having a single point of failure by ensuring your backup system operates independently from your primary network.
6. Ensure You Have at Least 3 Backup Copies – These should be real backup copies, not production storage snapshots. Snapshots are useful for operational recovery, but don’t compromise your last line of defence.
7. Keep at Least One Backup Copy Off-Site – This is more about risk management than security, but it’s a practice that predates modern threats like ransomware for good reason.
8. Maintain an Air Gap – If you’ve eliminated tape drives, consider using dissimilar backup server OSs and storage media to maintain an effective air gap.
9. Use Immutable Storage Media for One Backup Copy – This won’t prevent malware from being backed up, but at least the data can’t be changed or encrypted.
10. Build an Isolated Recovery Environment (IRE) – Often called a cleanroom, this is the best way to ensure your backup copies can be safely recovered without further risk.
Find a data resiliency expert
At Predatar we’ve built a global network of elite data resiliency partners. Our APEX partners can help you build the foundations for data resilience, and take you on a journey to total recovery confidence with AI-powered Recover Assurance from Predatar.
Find an APEX partner near you now!