Build Resilience Against Ransomware Attacks With Data Protection

Imagine you need to quickly recover your data from a ransomware attack or other evolving threats. At that point, it’s too late to choose your data protection solutions to restore that data.

Data-destroying incidents might not even be malicious. A privileged account owner can accidentally wipe out your data as easily as a bad actor can intentionally do damage.

Having the right backup solution in place can ease the pain of both internal and external threats. Beyond staying current on data security trends and technologies, read on to know the basics of data backups, the vendor landscape, and your data protection responsibilities even in a software-as-a-service (SaaS) model.

Data Backups: The Last Line Of Defense 

Data backups might not be the most exciting technology conversation you will have. But they remain the last line of defense and recovery for companies against ransomware and other potential disasters.

Mark McCully, Sayers Senior Solutions Architect, says:

“It’s not really a matter of IF, it’s WHEN a company will get hit. You can have layers of defenses, but it all comes down to end users. There’s always going to be some type of attack vector from that side of things.”

According to Veeam’s 2023 Ransomware Trends Report: 

• 93% of ransomware attacks attempted to destroy backup data 
• Nearly one-quarter of organizations who paid the ransom still could not recover their data
• Only 16% were able to recover without paying a ransom.

The 2023 Unit 42 Ransomware and Extortion Report from Palo Alto Networks found harassment had increased 20 times more often compared to the prior year. Tactics frequently included phone calls and emails targeting individuals in the organization, often in the C-suite. 

3-2-1 Backup Strategy Isn’t Enough

A longstanding backup strategy has used the 3-2-1 approach: have three different copies of your data, on two different types of media, with one of those copies located offsite. 

The more comprehensive 3-2-1-1-0 backup rule for recoverability takes things even further. In addition to 3-2-1, one of the copies is offline, air-gapped (isolated), or immutable (unalterable). Automated backup testing should show zero errors.

Together, immutable storage and air-gapped data provide the best of both worlds.

Gartner Magic Quadrant: Leading Vendors in Enterprise Data Protection

Companies use enterprise backup and recovery software solutions to prepare for ransomware attacks, protect their data environments, and simplify backup and data management. According to Gartner’s definition:

“Enterprise backup and recovery software solutions…capture a point-in-time copy (backup) of enterprise workloads in on-premises, hybrid, multicloud, and SaaS environments. These solutions write the data to a secondary storage target for the purpose of recovering this data in case of loss.”

Several top-tier leaders in this vendor landscape appear in the 2023 Gartner Magic Quadrant for Enterprise Backup and Recovery Software Solutions. Among them:

• Veeam. The Swiss Army knife of enterprise backup and recovery solutions, Veeam’s software-based platform offers fast and flexible recovery. Apply it to fill a specific need such as Microsoft 365 or Salesforce backups, or use Veeam’s full-service, hybrid-cloud enterprise protection. The solution is hardware-agnostic and can use existing storage or hardware for backup repositories.

• Rubrik. Built with security in mind, Rubrik offers immutable and air-gapped storage as well as early detection of threats such as ransomware on backup data. An easy-to-use SaaS administration platform reduces time spent managing backups. Rubrik’s 24x7x365 ransomware response team helps you recover as quickly as possible if you’re attacked.

• Cohesity. Cohesity simplifies data protection for some of the world’s largest organizations. Fast recovery at scale and solid ransomware protection include global management, flexible delivery options, and policy-driven automation. Cohesity’s backup-as-a-service model eliminates the need for on-premise hardware.

SaaS Shared Responsibility Model: You’re Responsible For Your Data 

Among software-as-a-service applications – Microsoft 365 and Salesforce in particular – a shared responsibility model places responsibility with you, not the service vendor, for your application data.

Many enterprises assume the vendor is responsible for protecting their data, resulting in a gap in their data protection. Microsoft explains the division of responsibility:

“As you move to the cloud some responsibilities transfer to Microsoft. …Regardless of the type of deployment, the following responsibilities are always retained by you:

• Data
• Endpoints
• Account
• Access management”

Microsoft is responsible for Microsoft 365 cloud service uptime, but access and control of your data remain your responsibility. McCully says: 

“It’s on the customer to make sure you’re getting the granular level of backup you need, whether for a legal requirement or a disaster recovery scenario. Ultimately, the vendor is not responsible for your data.”

Measuring Your Data Protection

Business Continuity Planning (BCP) and Disaster Recovery Strategy. Two key metrics to establish in your disaster recovery and BCP are: 

Recovery Time Objective (RTO) = The maximum time your organization should take to restore data and processes after a disruption.

Recovery Point Objective (RPO) = How recent the backup snapshot of your data needs to be. This represents the maximum amount of data your organization can tolerate losing.

McCully says:

“If you have established RTOs and RPOs, have you tested your recovery methods to see if your existing data protection platform can hit those numbers? By having backup strategies and data protection assessments of your current environment and recovery metrics, you can know if your current data protection is capable of meeting your needs.”

Questions? Contact us at Sayers today for data protection guidance and solutions.