2021 marks the 10th anniversary of World Backup Day. While this day has served as an important reminder of the growing role data has in our lives and the need to protect it, quite a bit has changed over the past decade. As the threat landscape for businesses becomes increasingly complex, small and medium-sized businesses are now more likely to face a ransomware attack than previous concerns like natural disasters or outages. One report from Cybint states that there is a hacker attack every 39 seconds on average, and since COVID-19 started, there has been a 300% increase in cyberattacks, with 43% of attacks targeting small businesses.
The recent spate of high-profile cyberattacks, such as the SolarWinds breach, the massive Microsoft Exchange hack, and Acer's breach via a ransomware attack, should provide enough reason to note that no cybersecurity defense is impenetrable. According to the Verizon 2020 Data Breach Investigations Report, moreover, the smaller guys are being seen as easy targets for hackers—SMBs are four times more likely to be hacked and twice as likely to be infected with malware than larger enterprises. In fact, SMBs accounted for 27% of all cyberattacks in 2020.
In light of this, it’s increasingly important to move past the concept of simply backing up and focus on becoming cyber resilient. The first step is taking an assumed breach mentality. Businesses need to operate as though they've already been breached. And that means that you need a security program that assures the resilience of your business and that of your customers.
By looking at a cybersecurity strategy in a holistic manner—from the first line to the last line of defense—SMBs can be prepared and successfully recover when a breach occurs.
Who Should Smaller Players Turn to?
While large enterprises can afford to spend the majority of their resources on building and fortifying the external walls of their cybersecurity defense, smaller companies have to make do with outsourcing this critical task to third-party experts. Most SMBs normally engage managed service providers to deploy a suite of IT services such as basic digital office functions and other tools like customer relationship management, supply chain management, and human resource management, just to name a few. A further critical part of the suite of services MSPs provide is business continuity and disaster recovery (BCDR) support to ensure businesses are still able to operate without major hiccups in the unfortunate event of a breach.
MSPs are a trusted provider of the functional digital tools for SMBs to carry out their business operations intelligently, efficiently, and at scale, and are often referred to as the outsourced CIOs for SMBs. MSPs need to form the right partnerships with the right players in the ecosystem in order to provide best-in-class services for end customers so they’re well taken care of in cybersecurity, especially in the aftermath of a cyberattack.
Embracing Cyber Resiliency
While these tactics to protect data are important, today’s prolific threat environment demands a transition toward new business practices centered around the concept of cyber resiliency. By definition, cyber resiliency is a measure of business strength in preparing for, operating through, and recovering from the eventuality of a cyberattack. This relies on the ability to not only backup, but to identify, protect, detect, respond, and recover quickly from any cyber event.
Cyber resiliency should consider people and processes as well as a combination of cybersecurity, business continuity, and incident response. However, this is an ongoing business effort and not an overnight endeavor. It’s important for MSPs to engage in conversations around cyber resiliency to help educate their customers—it can be the hardest thing to do, but it's non-optional. Whether small or large, every business has security risk. Driving the conversation around cyber resiliency is crucial to raising awareness of risk to those most vulnerable, like SMBs.
MSPs and SMBs cannot prevent a breach from happening, but they can be prepared with a cybersecurity program and robust capabilities for business continuity. In a world where cyberattacks are often heard and reported in retrospect, organizations need to not only embrace cyber resilience, but ensure they have a pathway to get there by protecting each line of defense from the first to the last.
Protecting the Last Line of Defense
Many of today’s cybersecurity strategies rely on backup as a last line of defense to mitigate damage to the business’s data and infrastructure. For instance, if a erver is infected with ransomware, the backup is an important tool to restore critical business data and recover from such an event. However, not all backups are created equal, and hackers are now targeting these backups at alarming rates. Examples of such attacks on backups are direct hacking attempts or malware from malicious actors.
In these cases, the traditional backup methods deployed by most businesses today are rendered useless. Hackers can directly manipulate backup software as a backdoor to access systems and data, and they can corrupt or encrypt backup data to make it inaccessible. Backup files are also susceptible to ransomware. So how do we protect this last line of defense?
- 2FA to access backups within admin environment: For starters using two-factor authentication to access backup software within the admin portal is important to ensure that if attackers get past the first few lines of defense, they do not have full access to all files. The backup is another vault that needs another lock.
- Utilize key-based SSH authentication: An SSH key helps to lock access to backups that only a unique key held by an authorized person can unlock. This is a much more secure alternative over a password that hacking methods can break.
- Do regular scans of backup files for ransomware: One of the most damaging breaches is one that goes undetected over a long period of time, allowing a bad actor to silently siphon data without resistance. Doing regular scans on backup files is an important way to ensure that this doesn’t happen.
- Save backup copies in a different physical location: Using geographical dispersal is the most prudent method to ensure there is zero digital access to backups.
- Keep a “recycle bin” for backups: As much as backups already serve as the Recycle Bin for main operational files, sometimes critical backups may be deleted accidentally. Keeping a snapshot of backup files to revert to in the cloud relieves any human error risks.
With these methods, a successful backup strategy doesn’t have to be complicated. Though securing a last line of defense requires effort and time, the process is crucial to reducing downtime caused by ransomware attacks. In today’s cyber landscape, it’s not “if” but “when” the next attack will occur, so remember to not only do your backups diligently, but solidify a plan to protect them at all costs this World Backup Day.
RYAN WEEKS is chief information security officer at Datto, responsible for directing and managing Datto's information security program.