Using Live Backups? Here’s Why That Might Be A Bad Thing

The range of threats facing modern businesses grows ever larger. And as the entire corporate world moves down the path towards digital transformation, the profitability of cybercrime grows exponentially. One of the largest areas of growth, unsurprisingly, is ransomware.

Why go to the trouble of exfiltrating data when you can simply hold it for ransom? Why spend hours cracking a server’s security when you can simply infest it with a worm via a phishing email? The answer should be clear.

Backups remain the best defense against ransomware. Air-gapping a system and wiping it before it can infect others allows data to be restored through a backup server. This will not change.

But criminals are smart. They know that backups are their achilles heel. And they have started targeting them.

New ransomware may infect backups without the host organization knowing, or a hacker might directly attack a backup server in an attempt to cripple it. Live backups represent a unique risk in this regard. Because they are direct copies of a live server, they can be frightfully easy to infect.

There are several steps you must take to prevent that from happening:

  • Take a three-tiered approach. Run daily backups of files that are regularly accessed and edited by employees. Maintain regular mirrors of user machines on a lower frequency, such as weekly or bi-monthly. Finally, maintain long-term, fully-isolated, comprehensive backups of all critical files and systems.
  • Test. Check regularly to ensure your backups are not corrupted or compromised.
  • Monitor. Track activity on all backup servers, monitoring them for anything suspicious or unusual.
  • Airgap. A skilled hacker will try to find your backups when probing your network. Hide them. Keep them as isolated as possible, and consider taking them offline when they are not in use.
  • Collaborate. One of the most interesting cybersecurity initiatives in North America is known as Sheltered Harbor. Formed by some of the largest financial services institutions in the United States, Sheltered Harbor creates a distributed, collaborative system of backups. Each bank has access exclusively to its backed-up data, which is spread across Sheltered Harbor’s servers and encrypted. More importantly, if a bank’s systems are compromised or brought down, it can rely on the systems of other banks to support it until it is back online.
  • Maintain Multiple Backups. One core element of Sheltered Harbor is redundancy – a principle which must be applied to your backups. Maintaining multiple mirrors of critical files and systems in multiple locations ensures that even if one is compromised, others are kept safe.
  • Automate. For live backups specifically, configure your backup server to validate each change before applying it. If the system logs an activity as suspicious or unusual, it can then ping an administrator to investigate.

There are many threats facing your business – and backups remain one of the best ways to protect against some of the greatest. But whether or not you are using live backups, you must take the necessary precautions to maintain and protect them. Otherwise, you may as well be doing nothing at all.