It may seem like a silly question, as backups are never traditionally thought of as being at risk. It stems back to a time when backups were on tape—a medium that would be tough for even the most skilled developer to hack into. But today’s backups are stored (whether on-prem or in the cloud) on disk… or more specifically, files in a file system. Depending on how accessible that file system is, your backups themselves may be at risk.
It’s far more likely they’d be at risk of attack from ransomware than anything—if for no other reason than the benefit to the cybercriminal: If they can encrypt your backups (along with production data), you’d have no other recourse but to pay the ransom, no matter how high. The only other instance I can think of when backups would be important to an attacker is in the case of data manipulation or data destruction, if they were intent on prohibiting you from putting data back into a known good state, destroying backups could be a strategic move.
Take the following examples of malware and think about how backup data could be accessed:
While none of these specifically are examples of backupsbeing encrypted, the point is, if your backups are accessible to any endpoint (and they are), they are at risk.
First off, if you’re thinking “I’m safe, my backups are encrypted,” you’re missing the point. Attackers aren’t trying to access your backups; they’re trying to take away your ability to use your backups.
So, how do you protect your backups?
Your mindset should be one of security here. The goal is to protect a data set that is the foundation for protecting every other data set in your organization. The following steps (although not an exhaustive list) could put your organization in a good position to help ensure backups aren’t inappropriately accessed or manipulated.
If you’re not taking these kinds of proactive steps, your backups are potentially at risk. Cybercriminal organizations are becoming more sophisticated in their tactics, looking for ways to ensure their attacks are successful. So, it’s natural to conclude that if removing backups as an option for their prey is beneficial to the attacker, they’re going to look for ways to make that happen.
By putting the three steps above in place, you can help reduce the likelihood of your backups being a target, and increase your organization’s ability to recover from an attack.
Nick Cavalancia has over 20 years of enterprise IT experience and is an accomplished executive, consultant, trainer, speaker, and columnist. He has authored, co-authored and contributed to over a dozen books on Windows, Active Directory, Exchange and other Microsoft technologies. Nick has also held executive positions at ScriptLogic, SpectorSoft and Netwrix and now focuses on the evangelism of technology solutions.
Follow Nick on Twitter at @nickcavalancia
To find out how SolarWinds Backup can help you and your MSP business increase efficiency and protect your customers, click here
© 2018 SolarWinds MSP UK Ltd. All rights reserved.
The SolarWinds and SolarWinds MSP trademarks, service marks, and logos are the exclusive property of SolarWinds MSP UK Ltd. or its affiliates. All other trademarks are the property of their respective owners.