Data Backup and Recovery in the Age of Ransomware

According to the Cisco 2017 Annual Cybersecurity Report, ransomware is growing at a yearly rate of 350 percent. That type of growth means that businesses face a scenario where it’s just a matter of time before they are dealing with ransomware. One way to protect an organization is to develop a sound data backup and recovery strategy.

Companies should enlist every available preventive measure to secure their systems and data against viruses and malware. Today’s best practices include employee education, anti-virus technology, email server content scanning and filtering, access based on Least Privilege, and endpoint security implementation. These measures work together to significantly reduce the chances of a successful ransomware attack.

The primary defense against ransomware infections and other attacks will always be backup. In the event of a ransomware attack, businesses can take infected systems offline, revert to the last clean system copy for restoration, and get back in business without paying a ransom. The FBI, ABA, and other vital cyber security authorities recommend backing up important data no less than daily.

Business Continuity and Disaster Recovery Best Practices

While best practice for backup frequency and scope varies by industry, there are minimum standards that every business should adhere to. The first step is to outline these standards in a formalized internal policy and then standardize automatic notifications for security reminders for backup execution verification. This adherence to a consistent process ensures that data can be retrieved in the event of a cyberattack.

BCDR plans require testing and optimization at regular intervals using several best practices. The first of these is developing goals that revolve around recovery time objectives (RTO) and recovery point objectives (RPO). RTO/RPO comes down to determining how quickly a business needs systems and data back online, and how much they can afford to lose. Figuring out RTO/RPO requirements is no simple task, since it varies for each business and has several variables that must be take into account.

Once RTO/RPO is defined, businesses can then develop a backup strategy. Many will use the 3-2-1 rule of backups: three backups of all important data are stored on at least two different storage destinations, with at least one of those destinations being offsite. Today, cloud disaster recovery can deliver an ideal method for offsite backup.

The next step in putting the plan into action is developing a backup schedule. Many businesses use the Grandfather-Father-Son schedule strategy:

• Grandfather refers to monthly backups
• Father refers to weekly backups
• Son refers to daily backup.

The 3-2-1 rule works in conjunction with the Grandfather-Father-Son schedule by ensuring that there are at least two different media in the rotation and that weekly and/or monthly backups are stored offsite. There are numerous schedule possibilities for a backup strategy, but this is the basic framework for a best practices strategy.

The Importance of Testing

A sound backup plan is useless without the ability to recover, so testing how the systems and data will be recovered is another vital best practice. This testing process provides an early warning system for any inadequacies that could result in data loss and costly downtime in the event of ransomware or another disaster. Testing is crucial if companies want to avoid downtime, as well as any potential regulatory investigations, profit loss, or damage to the brand.

Although this process will vary for each business, they all share the need to test backups and restores to make sure that a complete restoration to a clean system occurs for every last file. Frequent tests and the resulting test results should verify that everything is backed up and restored successfully.

This process will include careful comparisons between original and restored data and files, as well as their state. There are a number of common best practices for the testing process that should be followed, including:

• Testing restores against numerous real-world simulations of hardware, software, and service failures
• Testing every likely restore option to make sure that all backup and restore instructions work as designed
• Testing on a regular schedule throughout the year
• Documenting the tests as part of a formal BCDR review and testing process

Businesses must keep in mind that ransom payments are not the biggest issue (although ideally they will never happen). The focus should be on the effects of downtime on the business. Quite often, bad actors that utilize ransomware are unable to provide a recovery key that will work, so businesses will be faced with downtime no matter what.

A sound data backup and recovery strategy in the age of ransomware can be a complex process with many moving parts. Having the support of a skilled integration partner with robust disaster recovery services can take the complexity and uncertainty out of this vital process and ensure the health of the business.