Cybersecurity Awareness Month began in 424 BC when Xerxes II, King of the Achaemenid Empire, ordered his scribes to make two copies of all court documents – storing one set of papyrus in the castle’s granary and one set in clay vessels in the summer palace as a backup. Well, actually not, but it sounds good, right? (Got to check your information sources, always, in this era of cyber spoofing… just saying.)
Seriously, Cybersecurity Awareness Month presents a great opportunity to focus on the importance of backing up critical data in case of accidental data loss, system outages, or cyber-attacks. The current threat levels are off the charts, especially with regard to Ransomware. Even before the war in Ukraine raised cyber-attack alarms to new heights, this year has seen increases in the number and seriousness of ransomware attacks across the board. The “innovation” of Ransomware-as-a-Service now makes it possible for virtually anybody to mount an effective ransomware attack.
Corporate data has never been so vulnerable. Indeed, insurance companies are raising rates and even canceling policies on organizations that do not have strong data protection programs and policies in place for preventing, identifying, and mitigating the damage of ransomware attacks. With that in mind, here are five suggested best practices that you can take before, during, and after an attack.
1. Utilize multi-factor authentication (MFA) – MFA: is one of those simple controls that can do a lot to block access to malicious actors. One of the greatest risks in a ransomware attack is that the attacker will corrupt backup data volumes, leaving you completely bereft of clean data to restore. MFA alone won’t mitigate this risk, but it will make life much more difficult for attackers and potentially slow down the progress of a devastating incident.
2. Employ the Principle of Least Privilege: It’s a wise practice to limit the number of people who have access to root account credentials. This is usually achieved with an identity and access management (IAM) solution. In particular, people and applications who have access to backup systems should not use the same access credentials they use for other applications.
3. Encrypt your data: This is pretty basic, but it’s always surprising to see when this simple rule is not followed. It’s always smart to use data encryption at rest (DaRE). When data is encrypted, the material impact of any data theft is considerably reduced. It is still embarrassing to any company to report a data breach, but much less embarrassing when the exfiltrated data is useless to thieves.
4. Use the 3-2-1 backup strategy: This practice calls for having at least three copies of data. Two are kept on-site but on different media. At least one copy is kept offsite. Veeam, a Wasabi partner, recommends what they call the 3-2-1-1-0 golden backup strategy, which goes further, recommending one copy be air-gapped, either offline or in virtual air-gapped cloud storage. The final “0” refers to zero errors. This is important because onsite backups can be compromised along with primary systems. Getting to zero errors involves monitoring and testing backups regularly. Wasabi, unlike AWS S3 and the other hyperscalers that charge excessive egress fees, makes this practice affordable by not charging additional fees for egress or API calls.
5. Embrace the idea of data immutability: An immutable backup cannot be modified, making it impervious to ransomware encryption. Wasabi’s immutability feature has two modes: Governance and Compliance. Compliance Mode, which adheres to deletion and protection policies required for many regulatory compliance guidelines, is ideal for maximum protection from human error or malicious acts. Governance Mode allows the root user to change the policy on a given object, e.g., if the object is supposed to be retained for 30 days, the root user can change that. In Compliance Mode, in contrast, not even the root user can change the policy.
6. Secure Your Cloud Storage Account: Even with immutable backups, your data isn’t safe if bad actors delete your entire cloud storage account. To keep your account secure, deploy the first two best practices above. Also consider a cloud storage provider that offers cloud storage account security such as Wasabi’s Multi-User Authorization, which makes it impossible for any one person to delete a storage account.
Perfecting Your Backup Strategy with Wasabi
Implementing these best practices should help with ransomware mitigation. They will also put you in good, or at least better, standing with your cyber insurance carrier. Our customers are finding this to be the case. For example, according to Brian Fraley, Sr. IT Enterprise Architect at Aquatech International, “Wasabi has been an amazing addition to our backup strategy. Last year one of our overseas offices got hit with ransomware and the NAS that was acting as the repository was also encrypted leaving them without any usable onsite backups. I was able to restore their environment from Wasabi with just a few clicks. Once the immutable feature was available, we stopped using the USB external drives and we could not be any happier.”
For Aaron Miller, Director of IT at Kentucky’s Hardin County Government, Wasabi’s data immutability feature for ransomware mitigation was also a major factor in his decision to use the Wasabi solution. As he explained, “It seems every day we hear about another organization getting hit with a ransomware attack. With Wasabi, if we were ever to get hit with ransomware, we would be able to reinstall the operating systems then bring down our backup from Wasabi within a matter of minutes. Knowing we have all of our data safe and secure really helps me sleep at night.”
---------
About QD.TEK
Since 2004, Quang Dung Technology Distribution Joint Stock Company (QD.TEK), part of GREENFEED Vietnam Group, is one of the leading ICT distributors in Vietnam, specializes in providing infrastructure solutions for telecommunications, surveillance security and information technology. QD.TEK has been a trusted partner of many leading global ICT manufacturers such as: Allied Telesis, AXIS, Briefcam, CommScope, Hanwha Vision, Milestone, LS, Thales, and Vertiv, serving a solid sales network with more than 2,000 partners throughout Vietnam. QD.TEK is proud to bring safe, high-quality products and solutions at optimal costs to businesses, as well as sustainable environment and social responsibility projects in Vietnam.
For more information about QD.TEK, visit www.qdtek.vn
About Wasabi Technologies
Wasabi provides simple and affordable hot cloud storage for businesses all over the world. It enables organizations to store and instantly access an unlimited amount of data with no complex tiers or egress or API fees, delivering predictable costs that save money and industry leading security and performance businesses can count on. Trusted by customers worldwide, Wasabi has been recognized as one of technology’s fastest-growing and most visionary companies. Created by Carbonite co-founders and cloud storage pioneers David Friend and Jeff Flowers, Wasabi is a privately held company based in Boston. Wasabi is a Proud Partner of the Boston Red Sox, and the Official Cloud Storage Partner of Liverpool Football Club and the Boston Bruins.