As new threats emerge, organizations must take steps to secure the backup environment.
Data backup is the critical last line of defense against data loss due to ransomware and other cyber threats. However, recent research suggests most organizations aren’t doing enough to secure their backup and storage environments.
The average enterprise storage and backup device has 14 vulnerabilities, three of which present a significant risk of compromise if exploited, according to Continuity Software’s 2023 State of Storage and Backup Security Report. The results were based on assessments of 245 organizations with 8,589 storage and backup devices from leading vendors. Top risks included:
- Insecure network settings (use of vulnerable protocols, encryption ciphers, etc.)
- Unaddressed Common Vulnerabilities and Exposures (CVEs)
- Access rights issues (overexposure)
- Insecure user management and authentication
- Insufficient logging and auditing
Such vulnerabilities are particularly troubling because there is ample evidence that threat actors actively target backup environments. According to Veeam’s 2023 Ransomware Trends Report, 93 percent of ransomware incidents attempt to encrypt or delete backup data. In this way, cybercriminals can significantly increase the impact of their attacks, making it more difficult for organizations to recover their data without paying a ransom or suffering extended downtime.
“Securing enterprise storage and backup systems has become a critical part of organizations’ cyber resiliency strategies,” said Dennis Hahn, principal analyst for technology advisory firm Omdia. “As important as rapid data recovery is to business continuity if data is lost or stolen, it is arguably even more important to protect data anywhere it lives and not let storage and backup systems themselves become an entry point for attack.”
To protect the backup environment from ransomware and other threats, all organizations should implement a combination of preventive and proactive security measures. The following industry best practices provide a solid security foundation:
Define a Backup Policy
A comprehensive policy should outline the objectives, scope and procedures for data backup. Document all backup procedures, including configurations, schedules, recovery processes and retention periods. Address backup’s role in disaster recovery and business continuity planning.
Encrypt Backup Data
Encryption with strong, industry-standard cryptography — ideally AES-256-bit encryption —ensures that the data remains unreadable without the proper decryption keys. This minimizes the risk of a data breach if backup files are compromised. It’s also a requirement for compliance with regulations such as PCI DSS and HIPAA.
Regularly Test Backups
Testing backups regularly is crucial to ensure their integrity and effectiveness in case of data loss. Periodic testing helps identify any potential issues with the backup and recovery processes, allowing organizations to address and rectify them proactively.
Limit Access
Use strong passwords, multifactor authentication and role-based access controls to limit who can access or modify backups. Organizations should also regularly review and update access privileges, revoking unused or unnecessary privileges to minimize vulnerabilities.
Adopt the 3-2-1 Backup Rule
The 3-2-1 backup rule involves creating three copies of data using two different media types, with one copy stored offsite. Storing backups in geographically diverse locations reduces the risk associated with localized disasters. Cloud-based storage solutions offer the advantage of secure and redundant data centers in different regions, providing a resilient infrastructure for data backups.
Secure Backup Servers
Apply security patches regularly, configure firewalls and employ intrusion detection/prevention systems to safeguard servers against external threats. Additionally, secure physical access to backup servers to prevent unauthorized tampering.
Segment the Network
Isolating backup storage from production networks with segmentation limits the lateral movement of ransomware within the network. This reduces the risk of backups being compromised.
Educate Personnel
Many data breaches are the result of human error. Organizations should educate employees about cybersecurity best practices and conduct regular training sessions to help create a security-aware culture. This includes training on recognizing phishing attempts and understanding the importance of secure backup practices.
Monitor and Audit Systems
Continuous monitoring and regular audits of backup systems can promptly detect unusual activities or unauthorized access. By proactively identifying potential security incidents, organizations can take corrective action before significant damage occurs.
Conclusion
Securing data backups is not just a best practice. It's a critical component of risk management and resilience. Organizations that prioritize data security and implement robust backup strategies are better positioned to ensure the continuity of their operations in the face of cyberattacks and other unforeseen challenges.
