World Backup Day 2021
Hello everyone! Welcome to World Backup Day 2021! This year I want to expand upon my article from last year’s Backup Day. We are going to discuss: why backups are so important, prioritizing backups to ensure critical information is available first, the 3-2-1 Backup Strategy, and most critical, why testing your backups is just as important as the backup itself. It may be beneficial to start this off with a refresher of my article from last year.
2020 World Backup Day Recap
Backups are a vital part of disaster recovery and business continuity planning. I referenced a Ponemon Institute statistic last year; 60 percent of the small to medium businesses (SMBs) experienced a loss or threat of sensitive data in the previous twelve months. In this year’s report, Ponemon partnered with IBM Security to produce the “Cost of a Data Breach 2020”. In the report, Customer PII topped the list of types of records compromised at a whopping 80%. That is followed by Intellectual Property (32%), Anonymized Customer Data (24%), and Other (23%), Employee (21%). That customer information is very valuable to the tune of $150 (USD) on average per record. Interestingly, the report better defines that cost at $175 (USD) per customer record when it was breached in a malicious attack. They are rewarded handsomely for their efforts, putting in very little effort themselves.
I am not suggesting backups are the silver bullet to stop this by any means. But it is important to mention, having solid backups does provide the SMB with leverage. Leverage to reduce the “payday” for the threat actor and take away the ability to be exploited for profitable gain. Backups cannot take away the underlying root cause for how the breach occurred in the first place, so please do not lose sight of the fact other issues need to be resolved and fast. I digress.
Backups are important, here’s why:
Your data, your customer’s data, and their customer’s data are entrusted to everyone up and down that path. We hear this all the time; confidentiality, integrity, AND availability are all elements (reasons) for why cybersecurity matters to everyone. Information, data, personal data, financial, intellectual, etc. are all very important reasons for planning, protecting, and testing backups for every organization on the planet. Without that data, there is no “worth”, no revenue, nothing to set yourself or your business apart from any other business or individual. Data is valuable, especially in an electronic form. It is easy to access, manipulate, share, and sell. That is why World Backup Day exists, to bring awareness to the need for backups and data preservation. Some of you may now be asking, ok great, what is next? That next is easy. Planning and preparation are the keys to success and that is no different here with backups. To begin the process, you need to understand where your sensitive, important/critical information is stored and that starts with an inventory.
Why should I prioritize backups?
Once you know where all the important stuff is located, prioritize the backup list. That might be easier said than done but do your best. Consult with the data owners, find out their priority and work that into your list. After you have accounted for the important data, fill in the remaining with items that might not be as important. Having a prioritized backup list provides that level of assurance the business can recover its critical information above everything else. Remember, this data is the lifeblood of the organization. Without it, there is no business, no revenue, which means potentially no longer being employed.
Let us not forget about the 3-2-1 concept after the priority has been established. You need three copies, on two devices/media, and one off-line for the backups. That last one is very important and worth repeating. Make sure you keep one copy offline. Cloud is not offline. Your backup service storage should include one element that is disconnected from the network or system and securely placed in a different, yet accessible location.
Do I need an “offline” copy?
Yes, yes you do. Your offline copy is your last hope of being able to restore the data. Something may have gone wrong or your online backups may have been compromised, deleted, overwritten. Additionally, having the data backups stored in an off-site or remote location ensures that in the unforeseen event of a man-made, natural, or geographical disaster, the impact will not affect all backup copies. When practical, this backup should be stored offline. It could be a port that gets disabled on a managed switch and isolates the backup or a purely offline backup run manually on a regular basis. Remember, the business may depend on this last copy.
What about securing my backup application?
We have a few recommendations for some steps you can take to secure both the application and the backups in storage. Starting with a different (non-user and non-system administrator) set of credentials assigned to the backup or disaster-recovery systems. If a user account becomes compromised, then the credentials will not work to elevate an attack on the backup solution. Ensure there is two-factor (2FA) or multi-factor (MFA) authentication on those credentials for enhanced security. Also, consider segmenting the backup solution into a separate virtual local area network (VLAN). Segmentation and the use of VLANs can help prevent compromised on-premises servers or end-user devices, such as workstations or laptops, from attacking or corrupting the backups stored on a different network. Also, consider using a backup vendor who offers a hosted service for immutable storage. Backups sent to their immutable storage solution cannot be changed or deleted until a set specified time. This solution also allows the organization to have a copy of their backup data stored off-site. Lastly, it is important to regularly test backup restoration procedures. This process involves regularly testing backup media for reliability and testing the recovery procedure to ensure that during a disaster, the process has been verified and can be replicated quickly and with minimal errors.
Are you kidding me? Did you say I need to “test” the backups? While you might be thinking there is no way I can do this, we highly suggest making time.
A good data recovery practice can be the difference between a successful cyber or ransomware attack causing massive data loss or minor downtime. In general, most cyber-attacks are focused on the compromise of data rather than the destruction of data. However, this is not always the case, especially with ransomware, a notoriously malicious extortion attack that encrypts and destroys data. Because ransomware attacks have proven to be a very successful and lucrative business model for attackers, expect to see an increase in the frequency and sophistication of these attacks across the SMB space.
Backups are a critical component to good cyber hygiene and all-around best business practice regardless of the size of the organization. Honestly, the smaller the business the bigger the impact if something happens with your data. Please ensure you are keeping a current inventory of your data and where it is stored. Prioritize by criticality, most to least, and adjust your backup strategy to align to the 3-2-1 model. Secure those backups and the applications using 2FA or MFA, network segmentation, and immutable storage, to prevent unauthorized access or corruption through malicious means to the backup information. Last, test your backups, often. This is the most overlooked step in the entire process. You want that data to be there when the need arises.
Remember, you are not alone. Backup and disaster recovery plans (and their implementation) are a big job. They require focus and an investment in resources to be done properly. Don’t be afraid to ask for help. Outsourcing your backup strategy can be a simple way to gain serious peace of mind. A professional service provider can handle everything from support to periodic testing for your data backup and restoration.