How can your ransomware backup strategy improve?

As external threat actors who use ransomware, phishing and other attack vectors continue to evolve their capabilities, so, too, must IT cybersecurity and data protection professionals continually up their game. A ransomware attack that prevents access to IT systems and data can shut down an organization.

Given the threat environment IT professionals face in 2020, effective preventive measures for your ransomware backup strategy include having a highly protected network perimeter plus data backup and disaster recovery plans. But are they enough?

Ransomware protection that uses artificial intelligence is currently gaining momentum. An AI component not only examines data packets using a large database of digital signatures, it also analyzes suspicious data packets.

From a data backup perspective, perhaps the best ransomware backup strategy is to have critical data, systems and resources backed up to an alternate location. On-site and remote storage options are plentiful and varied, so examine the options carefully. Some of the issues to examine include:

1. location of storage resources, particularly how close they are to the organization's primary location;
2. on-site versus hosted storage options;
3. amount of network bandwidth for large data downloads and system recoveries in an emergency;
4. criticality of the data and systems being backed up, so your organization can access them on a priority basis in an emergency;
5. frequency of data backups, especially as stated by recovery point objectives;
6. multiple data storage facilities, so that data can be backed up to two or more storage locations;
7. data encryption technologies to further protect data;
8. secure access methodologies;
9. periodic testing and verification that backed up data and systems are operational and accessible; and
10. a data backup policy that addresses ransomware situations.

The cost of data storage resources is a major consideration for your ransomware backup strategy, especially if you use a brick-and-mortar platform. Organizations with multiple data centers must be able to justify the overhead expense associated with these facilities. Cloud storage can save money by reducing the need for physical footprints, but your organization must assure security and data protection. From a threat perspective, however, more data points mean increased access points for threat actors.

Issue No. 4 above is a key consideration. If a ransomware attack blocks access to critical systems and data, those critical resources must remain available and not threatened. Do your disaster recovery and data backup plans address such a situation? Use a business impact analysis (BIA) to identify the mission-critical systems and data needed to run the business. The BIA can also identify the recovery time objectives and recovery point objectives of these critical resources.

These resources and metrics are essential for your ransomware backup strategy and for recovering after an attack. When planning data backup resources, carefully consider these factors. Could your current data backup facilities be compromised? If there's any concern about the recoverability of critical resources, then you must investigate alternate storage platforms that you can more securely protect.