With today’s increased reliance on remote networks and data storage with multi-user access, it’s essential to have resilience measures for your data in place to protect your business, its customers and staff. The National Cyber Security Centre (NCSC) has recently published guidance on how to mitigate ransomware threats to businesses, so we asked leading UK data management company, Redstor, to take us through the guidance and explain what it means for SMEs. Especially those who don’t have in-house security teams.
Rob Buckton, UK Sales Director for Redstor said:
‘Redstor has more than 20 years of experience supporting organisations and local government on how best to prevent data loss or leaks from cyber threats such as malware and other IT disasters, so we are excited to support BRIM and the CRC Network by contributing specialist guidance on improving cyber resilience, particularly in the area of data protection. By supporting SMEs we help protect the national supply chain, more critical now than ever before.
Accelerated recovery of backed-up data is seen as the last line of defence in the world of cybercrime and this is Redstor’s key area of expertise. We look forward to helping with advice and support on best practice to such a critical service delivered by BRIM and the Police.’
Read on for Redstor’s guidance on the latest NCSC recommendations:
Choosing a backup provider that guarantees recovery from a ransomware
Finding the right cloud backup provider to mitigate the threat of ransomware is important as the decision will have far-reaching implications.
Organisations need to do the correct research and the NCSC’s recommendations are an excellent place to start. Many SMEs omit this step.
No-one knows the extent of the risks involved better than the UK's independent authority on cyber security - and the NCSC’s advice is invaluable for IT heads seeking to cover all eventualities. The alarming increase in cyber attacks related to Covid-19, combined with the security vulnerabilities arising from the vast number of people now home working, highlights the importance of securely protecting data.
Most business leaders surveyed for a report by cyber security firm Forcepoint claimed to have confidence in their IT security teams. However, two-thirds of CEOs admitted that they fear becoming the next victim of a major breach.
Accepting the inevitability of a ransomware incident is a foundation stone for a successful strategy to alleviate the threat.
With cyber criminals adopting increasingly sophisticated methods, many organisations are now sensibly taking the attitude that it’s not ‘if’ but ‘when’ an attack will happen - and what they really need to worry about is ‘how’ will they cope. Perhaps the most alarming development in recent years is the realisation that ransomware attacks are now targeting organisations’ network-attached storage (NAS) and on-prem backup appliances.
A report by Kaspersky Lab revealed that hackers are scanning IP address ranges for NAS and backup devices they can access from the internet, then capitalising on known firmware vulnerabilities to encrypt NAS-connected media. That seriously hampers any organisation’s ability to recover data, especially when so many rely on NAS devices or backup appliances to host backups.
Backing up data offsite in the cloud is a popular strategy to mitigate the threat of ransomware. However, there are many crucial differences between providers.
So, what should an organisation look for in a solution to maintain business continuity?
1) End-to-end encryption that foils ransomware
The NCSC recommends a service that keeps multiple versions of backed up data, or which allows you to undo changes to backups. Keeping data 100% safe in dedicated, highly secure, local data centres is not the only criteria, though.
Ensure that your chosen service encrypts data before it leaves your devices - and that it always remains encrypted, in transit and in storage.
Make sure you own the encryption key and aren't required to share it at any time.
That way any malware entering your network won't be able to execute on the cloud platform. It also means that only your organisation can decrypt your data.
2) Protection for cloud data too
To protect data against access by unauthorised intruders, the NCSC advises implementing multi-factor authentication. If you can do this through a trusted third-party identity provider of your choice, such as Microsoft or Google, it helps streamline user access and centralise permissions policies.
Microsoft and Google both recommend a separate backup strategy for data in 365 and G Suite.
Finding a provider that allows you to establish a consistent data protection policy across your whole estate, viewing cloud and onsite data in one place through a central management console is going to save time and money.
3) Isolated offsite protection
Limiting the number of accounts with the ability to access backups is another of the NCSC’s recommendations.
For extra peace of mind, choose a data management provider that has processes in place to avoid the immediate deletion of data and the capability to allow you to recover data quickly. The best way to guarantee recovery from an issue such as ransomware or the actions of a malicious insider is by having robust, automated, isolated, offsite data protection in place.
It's critical that your backups are not permanently on the same network as your live data. Put simply, if they are always connected, they and you are vulnerable.
4) Rapidly accessible backups
Ensuring that a cloud service provider will ship data back to you to aid recovery from an incident, like the NCSC recommends, will provide some comfort, but transportation will still take time.
The technology now exists to ensure business continuity and make downtime a thing of the past.
With Redstor for example, you don’t have to wait for entire systems or large files to be recovered before you start working again, you can simply stream from the cloud while the recovery completes in the background. Accessed data is instantly prioritised so there is no waiting for files to download and even very large files and databases can be accessed seemingly instantly.
Whether your data is on-prem, hybrid or in the cloud, you obtain on-demand access, streaming data in real time to any device so it is always available, instantly. This overcomes the typical limitation of cloud backup, namely the time taken to recover all data over the Internet before staff can begin working again.
5) Bandwidth efficient backup
Checking the schedule of incremental cloud backups when you have client software on-prem is the final recommendation of the NCSC.
It's important to choose a backup technology that enables incremental backups, rather than having to do a full backup every time. Some backup technologies that weren’t designed for the cloud do a full back-up every time. The result is a rapidly ballooning on-prem storage requirement as retention increases.
If on-prem backups are large, which a full backup will always be, offsetting them for DR purposes can prove difficult without very high bandwidth.
If you want to find out more about Redstor and the latest methods of data managing and securing data, visit their website here.
Redstor supports a number of the Cyber Resilience centres. For more information on your local CRC and guidance visit our CRC network page here.