11 May 2023
Backups. You Still Have A Chance to Win!
Last week the city of Dallas became the latest ransomware victim. Per the StateScoop article by Benjamin Freed, the culprits demanded up to $25 Million in Bitcoin. As of May 9th, the city was still rebuilding and testing systems that were knocked out by the incident. Most notably affected was the Dallas 911 Center. The 911 center has been without a computer-aided dispatch system, forcing 911 operators to relay requests to police and firefighters manually. The city of Dallas and its contracted cybersecurity contractors are working tirelessly to restore its systems and services to pre-ransomware levels. This story brings up the topic of backups and their importance in an organization’s cybersecurity program. The City of Dallas couldn’t move this quickly without them.
What are backups?
A backup is a copy of computer data taken and stored elsewhere so that it may be used to restore the original after a data loss event. Backups provide a simple form of disaster recovery; however, not all backup systems can reconstitute a computer system or other complex configuration, such as a computer cluster, active directory server, or database server.
Why are backups important?
Losing important data can be a devastating loss for an organization. Backing up your data allows an organization to maintain a secure archive of its essential files and information. While you may not think you’re at risk of data loss from a cyber threat, just ask the countless organizations that have been victims of one. It is not a pleasant experience to endure. Having good backups gives you a chance to win in a ransomware attack.
What should an organization backup? And to where?
An organization, at a minimum, should back up user-level, system-level information and system documentation (e.g., security and privacy-related), and the organization must protect the confidentiality, integrity, and availability of that backed-up data. An organization can store backup on external hard drives or via the cloud. You should never store backups on the same servers you have all your current information housed.
Should an organization test its backups?
Yes. When an organization employs the practice of backing up its data, the organization must test its backups. It does no good to have backups when there is zero confidence that the backups will reconstitute the computer systems. Here are a few tips to consider:
- The backup must be the first copy immutable. Meaning always ensures the most recent clean copy of your data is safe and recoverable. Immutable backups are built by copying data bits to the cloud or external hard drive as soon as you create them.
- Must have air-gapped backups. Meaning ensuring there are no network interfaces, either wired or wireless, to outside networks.
- Scan everything on backups. Which means scanning the backups for encryption detection and change detection.
Contact us if your organization has questions or needs support implementing mitigations or other cybersecurity practices. Our team of cyber professionals is prepared to support you.