Businesses face the constant threat of cyber attacks. Undiscovered security gaps and new types of attacks keep opening up unknown attack vectors that damage your own IT security. Breakthroughs are only a matter of time and can hardly be prevented in the long run. Ransomware attacks stand out due to their damage potential and can paralyze entire supply chains and individual organizations. Businesses need to anticipate this and put policies and procedures in place in advance to ensure timely recovery of IT operations. With forward-looking backup and disaster recovery strategies, the necessary tools can be put in place to minimize damage.
The Right Backup Strategy
There is no need to reinvent the wheel to protect against ransomware cyber attacks. Several well-known concepts and procedures have proven to help protect against ransomware attacks.
The Proven 3-2-1 Rule
The 3-2-1 rule is considered best practice when it comes to data backup. The rule states that three copies must be available at all times, on at least two different media and one other location. The three copies should be stored independently on three different systems such as NAS, SAN, tape or in the cloud. To prevent corruption, the copies should not be constantly synchronized but should be written or read independently.
The use of different media types can create additional hurdles for ransomware cyber attacks. WORM devices such as tape libraries, which write backups to tape and store them offline, can offer absolute protection. However, revision-proof storage systems, VLTs or object storage in the cloud can now be easily integrated into modern backup solutions.
Keeping the data at an additional location is also an important measure.
Targeted Separation Of Responsibilities
User accounts with extensive privileges can be incredibly damaging if compromised. Concepts for separating and limiting authorizations, i.e. restricting the ability of a rogue user to act, have proven themselves in practice.
The responsibilities for the backup should be separated from the production if possible. Different media should be managed by other groups of people or at least using additional access information so that a user ID cannot compromise several or all media simultaneously.
Effective Authorization Management
In principle, personalized accounts should be used for individuals, and the granting of authorizations should be logged. It should always be possible to trace who holds and exercises which permissions. Directory services such as Active Directory can centrally manage accounts, groups and policies and disable them in an emergency. This can make it difficult for hackers to gain access to necessary permissions.
Necessary authorizations that go beyond regular activities should be protected with additional procedures. Separate administrator accounts or systems for managing privileged approvals can secure permissions using other factors.
Securing Root Accounts
Non-personalized root accounts should only be used in exceptional cases and specially secured. Use should always be linked to an event, and registration should be monitored. In the cloud environment, it has always been the best practice not to use the root account operationally after the initial creation of the company account and to secure it with MFA, alarms and other precautions. This makes unauthorized access more complex and easier to detect from the outset.
Encapsulation Of The Backup Infrastructure
Companies can use common concepts to encapsulate the backup infrastructure to avoid uncontrolled access. A first starting point is the use of your physical systems that are dedicated to backup. This can be servers, storage, switches or cables. But cloud services that are managed via separate accounts can also be considered.
Another starting point is the logical separation of the backup infrastructure by using your network segments, such as your V(x)LANs, IP subnets and DNS zones. To secure the pieces, companies can block access with MFA procedures. They can also use firewalls to filter network traffic. Modern firewalls offer various options for this, such as the use of identity-based or group-based filters or classic filter rules specifying sources, destinations, ports and protocols.
Have All The Tools Ready
Cyber attacks, especially ransomware, are trending. The next attack is a matter of time and requires companies to have all the necessary tools in place today to avoid going from bad to worse in the event of an emergency. Already known concepts and approaches can assist and contribute to minimizing damage after an attack. However, companies must not hope that the cup will pass them by but must set the right course for their future security now.
Also Read: What Is Cyber Security?