The Critical Role of Safe and Secure Backup System Storage

Solutions Review’s Premium Content Series is a collection of contributed articles written by industry experts in enterprise software categories. In this feature, SANS Institute Dean of Research Dr. Johannes Ullrich explains the critical role of safe and secure backup system storage.

It’s no secret that backup systems are critical to preserving sensitive data files from ransomware, theft, sabotage, and accidental loss. However, it’s important to remember that merely leveraging backups isn’t the end-all-be-all solution to a challenge riddled with complexity. Just because organizations have backup systems in place does not always mean their data is fully protected in the wake of a loss-causing event. And amid sharp rises in the volume and velocity of attacks, the consequences of poor data backups are too severe to overlook. For example, IBM’s 2022 Cost of a Data Breach Report found:

Secure Backup System Storage

• Globally, the average total cost of a data breach increased by 13 percent YoY to a record-high $4.3 million in losses. U.S. organizations were most impacted, with an average loss of $9.4 million per breach.
• The average duration of identifying and containing a data breach lasted more than 275 days – equivalent to over nine months of downtime.

As attackers have grown more skilled and sophisticated, they are now leveraging hard-to-detect tactics, techniques, and procedures (TTPs) that capitalize on backup system vulnerabilities to either steal data or disrupt recovery operations. Remote access backups, for instance, are often reliant on password protections. Due to poor password hygiene or the absence of two-factor authentication, these backup systems can be easy targets for threat actors to utilize as attack vectors against protected systems.

When exploited, backup software vulnerabilities can also compound into giving attackers direct access to live system environments. Take the CVE-2022-36537 vulnerability that was publicized in early 2023 for example. Threat actors used it to access additional servers that were backed up on the same system, essentially “surfing backward” into live environments to exfiltrate data and distribute malware. That very same scenario is impacting organizations of all sizes or sectors, heightening the criticality of effectively implementing safe and secure backup system storage to maximize protection and agility.

The 3-2-1 Rule

Organizations should consider data assets at risk if they are not backed up in at least three different locations. Coined the 3-2-1 rule, this approach combines a diverse mix of cloud, on-premises, and offline/remote copies to ensure data can be preserved even if an online backup is disrupted. Among all forms of backup systems, cloud-based backups are often most vulnerable. In turn, organizations should be leveraging an on-premises backup that can drive rapid restoration at scale, especially in cases where there’s a high volume of critical data to recover.

Always be cognizant of testing recovery speed ahead of time. This provides an accurate barometer of how long it will take to recover sensitive files in the wake of a breach when extended downtime durations can translate to millions in financial losses. It took the City of Atlanta’s municipal department seven full days to restore services from a ransomware event, and in a similar attack against Baltimore’s city municipal department, the recovery timeline lasted more than six weeks. Both city governments ultimately suffered a combined $20-plus million in losses largely due to operational downtime.

When designing a cloud-based solution architecture, focus on access controls, authentication requests, and how the backup lifecycle – spanning from creation over retrieval to eventual deletion — is managed.

Best Practices to Consider

Any data leaving the direct control of an organization, whether it’s physical backup files being shipped offsite or online backups migrating to the cloud, must always be encrypted before exiting the environment.

Encrypting backups adds an additional layer of security by converting sensitive information into an unreadable format – if attackers intercept data while in transit, they still couldn’t access it without a decryption key. Beyond transit data should also be encrypted while at rest at the secondary backup location as well. In addition, organizations should allocate equal prioritization to the three foundational components of effective data management:

• Data Protection: Actively protect both primary and secondary data backups from loss, theft, compromise, and corruption with the ability to rapidly restore data after an incident.
• Data Storage: Create a well-defined security architecture that promotes the safe storage of data backups both on-premises and in the cloud.
• Data Compliance: Ensure all backup systems and network users continuously follow access policies that are compliant with federal and industry compliance regulations.

It’s still important to understand that primary and secondary backup systems weren’t initially designed to defend against cybercrime, especially not from expert threat actors who leverage encrypted malware, double extortion, and phishing campaigns, among others, as core competencies of their TTP framework.

At their inception, backups were made to preserve data in cases of file corruption or accidental removals – not ransomware. However, as cyber threats targeting data assets have intensified, they have emerged as a must-have tool within the enterprise data security arsenal. By implementing effective backup practices at scale, organizations can take proactive steps to strengthen their data security posture and safeguard sensitive files.