[BreachExchange] Addressing The Security Risk of Live Backups

Audrey McNeil audrey at riskbasedsecurity.com
Fri May 4 14:45:56 EDT 2018


If you stop to think about it, the breadth and scope of IT risk facing your
organization is downright sickening. You’ve got global ransomware like
WannaCry and NotPetya, which are growing more complex and sophisticated by
the day. You’ve got botnets like Mirai, capable of bringing down an entire
segment of the Internet.

You’ve got state-sponsored black hats, cyberterrorism, corporate espionage,
communications site templates - it’s enough to make your head spin. There’s
a good chance you’re already bolstering your security against these
threats. You’re likely already hardening your infrastructure and training
your staff.

Backing up your systems and data is an essential part of this approach -
but unless you know how to protect those backups (live backups in
particular), they are an imperfect defense, at best.

See, here’s the problem. Criminals (ransomware developers in particular)
know that backups are one of the biggest threats to their craft. As such,
they’re willing to go to great lengths to attack yours. They’ll design
malicious software that infects your backups without you knowing, or else
attack those backups directly.

Here’s what you can do to prevent that from happening:

- Always keep multiple copies of critical files and systems. The key here
is redundancy. In the same way that having multiple switches ensures proper
failover in your network, having multiple backups (in multiple locations)
ensures that even if one of your backups is compromised, the others are
kept safe and secure.
- Test your backups constantly. Picture this - your system ends up infected
with ransomware. Instead of paying the hackers, you wipe everything,
confident that you can restore it from your backups. Only when you go to
check the backups, you come to the sickening realization that they’re
corrupt, and your data is lost for good. Actively test and monitor your
backups, lest you wind up in this situation.
- Air gap everything. Ideally, your backups should be kept entirely
separate from your active servers except when files are being copied over.
Mind you; this is a bit more difficult to do with straight server mirroring
- that’s where the redundancy once more comes in.
- Consider something like the Sheltered Harbor Initiative. A coalition of
some of the largest financial services firms in the US, Sheltered Harbor’s
organizations have worked together to create a distributed system of
backups that are shared between them. Data is spread across this system,
and whenever one bank goes down, another can offer its processing power
until that bank gets back on its feet.

Your data and systems are under constant threat from both internal and
external bad actors. Backups are an essential element of protecting
yourself. But unless you properly maintain and secure them, they are of
little help. Follow the advice here, and you can ensure your data maintains
its integrity and your systems stay operational through even the worst
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180504/6c4a6772/attachment.html>

More information about the BreachExchange mailing list