Ensuring that a secure copy of your organisation’s data is kept offsite and offline is one of the best ways to avoid falling prey to ransomware.
In today’s digital world, where data seems to be increasing at an unstoppable rate, organisations are leveraging this vast volume of information to fuel innovation and power better-informed business decisions.
It goes without saying that any organisation that leverages its data in this manner will know the importance of not only strong cyber-security, but also effective backup and storage. And it is the latter that is most crucial, as this is the key to avoiding becoming a victim of the most popular current form of cybercrime, namely ransomware.
In a nutshell, ransomware infects an enterprise’s computers and restricts users from accessing any business data, through some form of encryption, until the ransom is paid. Ransomware is considered to be dangerous for a multitude of reasons, including:
A company is hit by ransomware every 40 seconds
Some 71% of companies targeted by ransomware attacks have been infected
Despite paying the ransom, one in five businesses never get their files back
Regardless of whether a company chooses to pay or to try and restore everything from backups, it is inevitable that the business will find itself inoperative for at least several days. This will likely not only cost the business considerable money, but may also see its reputation take a knock.
Obviously, when it comes to reversing the effects of data loss incurred through an incident like this, backup and recovery mechanisms are key. However, it is crucial to understand that while such a recovery process must meet recovery time metrics to support the business, it is also fundamental that backup data be uncorrupted.
Achieving this requires an ‘air gap’ to ensure that there is no direct or indirect connection between a computer or system and a network. After all, if the data can’t be reached, it can’t be corrupted or stolen.
Current best practice in regard to using storage as a way to foil cyber-criminals is for organisations to implement what is known as the 3-2-1 rule (sometimes referred to as the 3-2-1-1 rule).
In simple terms, it works as follows:
Three copies of the data are backed up
Two different storage media are used for the backup
One copy of the data is kept off site
Keeping a copy remote protects the business even in case of a fire or natural disaster. Moreover, when applying the corollary of 3-2-1-1, the additional copy is one that is kept offline.
By keeping a copy of your data offline, you create the ‘air gap’that adds a crucial layer of security, safeguarding your data and mitigating ransomware risk. Air gapping allows you to isolate and segment a backup copy, thereby making it inaccessible from the public portions of the environment.
What this means is that if your business is hit by ransomware - or even some other type of cyber-crime - the threat will have a limited attack surface. Obviously, the public portions of the environment may get infected, but the isolated data will not, because it cannot be accessed by these bad actors.
Because they are kept offline, your backups are safe, secure, and available for restoration. You could quite easily compare an air gap defence to protecting a medieval castle. Such castles tend to be surrounded by a moat, meaning the only access to the structure is when the drawbridge is let down periodically to bridge the gap.
Tale of the tape
When it comes to creating the requisite air gap, HPE StoreEver Tapeis the ideal solution for ensuring your backup data is inaccessible. Traditional tape storage provides a vital last line of defence, as it is the perfect technology for maintaining copies of data fully offline.
HPE StoreEver tape offers a scalable and secure method of securing and protecting infrequently accessed, yet essential data, in the long term. In addition, the ultra-low cost per GB and the medium’s rapid transportability gives enterprises extra reassurance that they can rapidly recover data if an incident occurs.
Of course, bad actors are well aware that data recovery is critical for any company seeking to get back online without paying ransom fees. This, in turn, means that backup environments have become prime targets of ransomware attacks.
This then creates a new concern for businesses - even those that employ air gaps - because cybercriminals are now instituting sleeper ransomware attacks, which are designed to infiltrate an organisation’s backup environment, and then lie dormant.
Generally, the ransomware slips into the storage media rotation when a network is temporarily open for a data transfer. Therefore, it is critical to ensure that any air-gapped copies are made immutable, so that even if they are accessed, they cannot be encrypted or deleted by attackers.
Once again, tape is the most suitable medium for achieving this. As a key partner of HPE, Tarsus Distribution offers the company’s full range of tape systems, providing a comprehensive set of options to deliver isolated recovery capabilities at scale, with a cost profile that cannot be matched by disk-based technologies.
Tape may be one of the older storage methods still available, but it has a unique set of characteristics that are extremely suitable for combating ransomware. Add to this a desirable cost profile and virtually unlimited scale, and it is clear that tape continues to hold its own. In fact, it could be said that tape’s inherent strengths are becoming more, rather than less, vital in today’s rapidly evolving digital world.