A fresh look at data protection and backup best practice, particularly when it comes to ransomware.
The WannaCry ransomware attack crippled thousands of organisations in 150 countries around the globe, most notably the NHS. Trusts were quick to implement their tried and tested disaster recovery strategies and many hospitals were able to return to normality within a matter of days, which is commendable considering the scale and nature of the attack. But, this latest cyber attack has prompted us to take a fresh look at data protection and backup best practices, particularly when it comes to ransomware.
New threats – when backup isn’t enough
The age of malware has added a whole new threat to NHS IT systems. We know that ransomware only works if the damage is reversible. As a cyber criminal there’s little point holding data to ransom and demanding payment if the data is irretrievable. And we know that the perpetrators of these attacks chose their victims carefully, targeting organisations that can least afford downtime and, as a result, are more likely to pay the ransom.
Robust data protection is essential in the battle against cyber attacks but, increasingly, we’re seeing that having a single backup strategy is not sufficient and, depending on the storage media, potentially even part of the problem. Historically, there was little risk to backups themselves, yet ransomware adds a new dimension that threatens and attacks not just the data, but also the backups, as was the case with the WannaCry attack.
Because the risks to NHS systems have evolved, the precautions to protect against new threats are evolving too. Similarly, as the drivers for backing up data changes, the way backups are performed should reflect this.
When backup is actually part of the problem
Today many Trusts use online de-duplication devices as their primary backup media. These devices can store many generations of backup in a small footprint at a reasonable cost. They are convenient to use, quick to restore from – no fetching tapes from off-site storage. BUT, they may actually be more vulnerable to malicious or malware attack, as demonstrated by WannaCry’s proficiency at encrypting files; and, on their own, they present a single point of failure. While you can protect the single failure point by replicating the device to another location, that does not protect against deliberate corruption. This is a general point to remember – resilience features like replication are great if one piece of hardware fails, but no defence against deliberate corruption. They simply ensure that the data is perfectly corrupted in multiple locations.
Related content
- UK retains pole position on open data
- Local government ‘key audience’ for European data sharing initiative
- Public Health England shake-up brings data focus
Typically, de-duplication devices simply look like network file servers. They appear just like any file server presenting what looks like a regular file system (for the technical they present an SMB share). Unfortunately, that is just the sort of thing that ransomware looks for – network file servers are where most sites keep their data so the ransomware looks for these and encrypts them. In effect, you may have made your backups convenient and easy to use, but also easy to damage and vulnerable to malware like WannaCry. What better way for a cyber criminal to incentivise an organisation to pay up than by corrupting the backups as well as the data?
Lessons from history
Traditionally, data backups were written to tape and stored offsite. While there were, and still are of course, physical threats to backups, such as damage to hardware and disasters such as fires and flood, they were not vulnerable to cyber attack. An offsite tape in a fire-safe with the write-protect switch set remains the safest form of backup from any threats, cyber or otherwise. We refer to it as the gold standard. Having an offline or tape backup is a good secure media, but of course it is a pain to use. Tapes have to be located, loaded, positioned and can only be used by one process at a time. For this reason, many Trusts have a desire to move away from tape, but they haven’t always considered the potential vulnerability of the disk-based backups.
Rather than moving away from tape completely, we at BridgeHead feel that offline media should supplement online backups and provide the second layer of protection. Backups are best protected when they are maintained offline from production environments to avoid ransomware viruses corrupting backup copies. So how can you get the best of both convenient quick access and secure offsite protection?
We recommend an easy to restore from, but less secure first stage backup with a ‘cascade’ on to tape or similar offline removable media. Because the ‘cascade’ copying the data is all on backup servers it does not impact production systems. This is commonly called Disk to Disk to Tape. The final copy doesn’t have to be tape, but it must be safe against malware, secure and offsite. Tape is arguably still the simplest though some cloud storage could be considered. The disk copy, most likely de-duplication, is used for quick convenient restores, while tape is used for site disasters or if the de-dupe device itself gets damaged physically or corrupted. The first layer might be a backup to a de-duplication store, or as we commonly do at BridgeHead Software, a Storage Array snapshot that is then cascaded onto tape, or similar offline media, for long term and more robust backup.
Insurance policy
There is no one single best practice when it comes to backup but considering, planning and testing disaster recovery strategies regularly is an essential part of keeping up with evolving threats and minimising impact on patient care through downtime. No one single backup media really meets all the necessary requirements so there is often a compromise and therefore a need for multiple methods and multiple layers of protection from Storage Array snapshots to online de-duplication stores and finally to secure offsite media.
Even with the best firewalls and protection in place, we must accept that cyber attacks can and will still happen and some will get through the defences. Reflecting on the WannaCry attack, we urge Trusts to think of an offline backup as being like an insurance policy – “We hope not to have to make a claim, but it’s essential to be covered in the event of a major disaster.”
Plan and Practice
The final reminder is to have a written plan, make sure all the IT staff know where the plan is, and practice that plan. You do not want to be working out what to do in the middle of a crisis, that’s how mistakes happen and a crisis becomes a disaster.
Gareth Griffiths is chief technology officer at Bridgehead Software
I really liked your article.Really thank you! Want more.
This is so helpful! The advice on saving for a vehicle is gold. I’ve been using this approach, and it’s kept me on track. I also created a free tool to figure out how much to save, which your readers might appreciate. Well done!
Thanks for your article. What I want to point out is that when you are evaluating a good on the net electronics store, look for a web-site with total information on key elements such as the privacy statement, security details, payment options, along with other terms and policies. Always take time to see the help and also FAQ sections to get a far better idea of how the shop performs, what they are able to do for you, and exactly how you can use the features.
Hi my friend! I want to say that this post is awesome, nice written and include approximately all significant infos. I抎 like to see more posts like this.
One thing is that often one of the most frequent incentives for utilizing your credit cards is a cash-back or perhaps rebate present. Generally, you’ll receive 1-5 back for various purchases. Depending on the credit card, you may get 1 again on most acquisitions, and 5 in return on buying made on convenience stores, gas stations, grocery stores along with ‘member merchants’.
I have learned some new issues from your web-site about pc’s. Another thing I have always presumed is that computer systems have become something that each household must have for several reasons. They provide convenient ways in which to organize homes, pay bills, shop, study, hear music and even watch tv series. An innovative solution to complete these tasks has been a notebook computer. These pcs are mobile, small, strong and lightweight.
This really answered my drawback, thanks!
Oh my goodness! an incredible article dude. Thank you Nonetheless I’m experiencing problem with ur rss . Don抰 know why Unable to subscribe to it. Is there anyone getting an identical rss drawback? Anybody who is aware of kindly respond. Thnkx
Policy-making and economic stability go hand in hand. A well-reasoned argument here. The coming months will be telling.
Valuable information. Lucky me I found your site by accident, and I’m shocked why this accident didn’t happened earlier! I bookmarked it.
Thanks a bunch for sharing this with all of us you actually know what you’re talking about! Bookmarked. Kindly also visit my web site =). We could have a link exchange contract between us!
Hi, Neat post. There is an issue along with your web site in internet explorer, could test this?IE still is the marketplace leader and a big component of people will leave out your magnificent writing because of this problem.