4 data loss examples keeping backup admins up at night
Protecting data is a critical task for backup admins, and threats are ever evolving. Preparation is key to preventing data loss and recovering quickly.
Data loss events can be catastrophic, so it's no surprise that it is a top-of-mind issue for backup admins. Data loss at an enterprise level can result in financial losses, a damaged reputation and legal repercussions if the business doesn't meet regulatory compliance guidelines.
A rising number of major data loss events has resulted in a lot of pressure on backup teams today.
Ransomware attacks have continued to grow in sophistication and scale, becoming harder to prevent and recover from. Ransomware attackers target organizations of all sizes and industries, and even aim at backups to make recovery more difficult.
Inside threats such as human error and system failure are ostensibly easier to predict and prevent than third-party attacks. However, they are just as capable of inflicting damage. In addition, natural disasters are a major area of focus for backup admins today, causing downtime and affecting critical infrastructure.
Below are four data loss examples to keep an eye on and what organizations can do to mitigate the threat.
Ransomware
Ransomware has been a trending topic in backup and cybersecurity for several years now, and it surely keeps backup admins up at night. In a ransomware attack, an attacker corrupts an organization's data and renders it unusable until a ransom has been paid.
Ransomware attacks are increasingly common and being deployed with complex variations. Sleeper attacks are a type of ransomware that lies dormant for a period of time, which makes it difficult to spot until it's too late.
After a ransomware attack, organizations need to recover an uncorrupted copy of their critical data -- or pay the ransom and hope for the best. Since there is no guarantee the attackers will relinquish the data once paid, that is the much less desirable option.
A key issue with ransomware recovery is finding and ensuring a clean backup copy that can get operations back up and running quickly. Ransomware will often affect backup environments as well as the primary data. Organizations must use isolated, air-gapped backups that cannot be infiltrated, as well as have the capability to identify the critical data needed to resume operations.
While a full defense against ransomware requires a layered approach, without a clean backup to recover from, organizations will be left paying a costly ransom.
Data extortion
Unlike a ransomware event, in which data is left in place but corrupted, a data extortion event is when attackers obtain sensitive data and threaten to release it. This type of attack is increasingly popular with cybercriminals.
Defense against data extortion goes well beyond backup, but backup admins must do their part. Unlike with ransomware, restoring data does not fix the problem, so backup admins must shift focus entirely toward prevention. Sensitive data -- including backup copies -- must be identified, secured with encryption and stored according to any associated regulations.
Data protection is often focused on protecting data from outside actors, but backup admins must also be prepared for data loss that stems from inside the organization.
Data protection and security teams must work together to create a comprehensive strategy to secure data and restrict access to sensitive information. While data extortion might not be data loss in the traditional sense, it can be costly for organizations that aren't prepared.
User error and insider threats
Data protection is often focused on protecting data from outside actors, but backup admins must also be prepared for data loss that stems from inside the organization. In some cases, the issue is as simple as an accidental deletion. In other situations, such as a rogue admin attack, an insider acts maliciously within their own data environment.
While the intentions behind these data loss scenarios are different, the commonality is that they are executed by someone from within the organization with authorized access. Organizations can minimize this risk by adhering to strict role-based access and the principle of least privilege. In this scenario, users only have the minimum access necessary to perform their roles. This minimizes the radius of data in which a user can cause harm.
Other measures might also be necessary to protect critical data, such as storing it immutably. Backup admins might also enact two-person concurrence, in which an action requires approval by two separate parties.
Device and system failures
While ransomware and other cyberthreats are a trending topic, backup admins cannot forget the ever-present risk of data loss due to device or system failures. Components break, systems malfunction, and even entire data centers could be taken out due to natural disasters.
It is because of this continuous threat of data loss that backup teams should implement best practices such as 3-2-1 protection strategies and frequent backups. The 3-2-1 approach is built on the concept of using multiple backups across different systems, including an off-site location, to ensure that if something fails, recovery is possible.
Mitch Lewis is a research associate at Futurum Group. He provides insight into the IT landscape for enterprises, IT pros and technology enthusiasts alike.
