Ransomware Protection needs a Proper Backup Strategy
Today, high availability is crucial to the operations of every organisation. In the event of a disaster or ransomware attack, you need to trust a platform that ensures business continuity until you can fall back to your primary site.
Ransomware Protection needs a Proper Backup Strategy
Today, high availability is crucial to the operations of every organisation. In the event of a disaster or ransomware attack, you need to trust a platform that ensures business continuity until you can fall back to your primary site.
TIMG’s standby infrastructure for disaster recovery service, offers organisations a near-continuous offsite replication environment so that you avoid costly downtime. Because all too often, local backup files are often the first target for ransomware agents, it is important to know that there are several strategies that can be implemented to mitigate this attack vector locally.
Ransomware Protection Strategy – Onsite Backups
Isolate the Backup Server and Storage
In the event domain administrator credentials or other privileged credentials on the domain are compromised, having the backup server off domain and as logically isolated as practically possible, allows for a fast recovery from local backup files. Whilst this approach is not fool proof, it is the first line of defence against backup compromise. The storage the backups reside on should be similarly isolated, with write access only available from the backup server.
User Rights Assignment
Domain Admin rights should be restricted, with Role Based Access Controls (RBAC) implemented across the organisation, utilising least privilege principles. Similar policies should be applied to the backup server operating system and the backup software. RBAC can be implemented via Veeam backup and Replication, with the Veeam Backup Administrator role limited to as few users as possible.
Do you know the true cost of a Ransomware attack?
Can your business recover?
89%
of organisations feel they are not fully protecting their data.
$1,467
Downtime costs per minute according to IT leaders.
76%
of companies had at least one ransomware attack in 2021.
36%
is the average data loss after a ransomware attack
Ransomware Protection Strategy – Offsite Backups
| The sophistication of modern crypto malware means the 3-2-1 rule is more important than ever.
An air-gapped backup is the most effective defence – an attacker cannot access a tape that is sitting offsite in a vault. However, in most instances where company data and local backups have been compromised, every hour that data is not available is extremely costly and recovery from offsite media can be time consuming.
Cloud based offsite backups can help mitigate this immensely, allowing for fast access to critical files, servers, and databases. There are instances where these backups can also become compromised, such as an attacker gaining access to the backup console and deleting cloud-based backups before executing the main attack. Thankfully, Veeam has designed a solution to safeguard from this happening called Insider Protection.
Veeam Insider Protection
Veeam Insider Protection is implemented on all CloudConnect accounts, ensuring cloud backups that have been accidentally or maliciously deleted, can be immediately recovered by our support team, and transferred to external media (or imported to a TIMG restore only VBR server for fast recovery of critical files/VMs). This functionality is not visible to the end user and 100% segregated from the client network, meaning even a compromised local backup console doesn’t affect client recoverability.