Backing-up data makes sense, from an economic and security perspective. If a company suffers from a cyberattack, then considerable mitigations can be built around the retained data.
A robust data backup platform will enable the companies to return to the last known good point in time before the problem cyberattack struck. In the best-case scenario, the data backup strategy and remedial action should enable a firm to rapidly recover at least the mission-critical business data.
To understand more about the key aspects of data backup, Digital Journal heard from David Friend, co-founder and CEO of Wasabi Technologies.
Friend draws on the principle of immutability as a central plank to the data security and data backup strategy. As he notes: “One underutilized way to protect and backup your data against cyber threats and ransomware is through object-level immutability in your cloud storage, which means certain files and stored objects cannot be modified or deleted by anyone, even a systems administrator.”
He adds: “If you store your backups in immutable buckets, ransomware hackers can’t delete or encrypt your backups. Ransomware hackers know that if you can restore your systems from backups, they are unlikely to be able to extort ransom from you.”
In outlining a data backup approach, a useful starting point is to assess and group business applications and data into the following:
- Existentially-critical for the business to survive
- Mission-critical for the organization to operate
- Optimal-for-performance for the organization to thrive
In terms of the consequences of this, Friend finds: “So they try to destroy backups at the same time they are encrypting your primary data. But if you have done your backups properly, when you get attacked by ransomware, you should be able to start fresh and restore your entire system from backups.”
However, the human resources aspect also needs to be considered, as Friend cautions: “No amount of high-tech prevention will stop ransomware attacks because most of the time the vulnerability is with the humans, not the machines.”
This leads to Friend’s core recommendation: “So my advice is to do the best you can on the prevention side, but more importantly do complete backups, store them in immutable object stores, and test that you can successfully do a full restore before you get hit.”
