Backup is the best defence

31st March 2017

Cath Goulding

Cath Goulding
Head of Information Security

On World Backup Day, take a moment to learn why backing up your data is so critical amid the rise in ransomware.

If you aren’t familiar with the term ‘ransomware’, you need to be. This type of cyber attack is rising with such rapidity, even the experts are surprised. In 2015 network security firm Sonic Wall recorded 3.8m incidents of ransomware; in 2016 there were 638m. That’s an increase of 167 times and one described by the firm as “meteoric” [2017 Annual Threat Report].

That’s not the end of the ransomware story. Incidences are expected to continue to rise through 2017 and yet, in the UK, two-thirds of businesses have no ransomware policy.

For many business, their first interaction with ransomware is when their systems freeze and a ransom is demanded for access. This type of malware – of which there are thousands of variants – operates by hackers encrypting a business’ data and refusing to provide the key until a sum has been paid. Many businesses have inadequate backup capability and so have no choice but to pay the criminals to release their data.

Unfortunately, paying up does not guarantee full system restoration. Sometimes even when the money is delivered, the data may be lost or have been copied for future, malicious use. For the fortunate, the criminals are very hospitable when the money is paid back – we have even heard some businesses reporting ‘good customer service’ from the hackers following settlement of the ransom!

That said, the loss of the ransom money is just one part of the financial damage of this malware, as a period without access to crucial systems can take a heavy toll on a business. According to a report by Timico and Datto on The Grim Reality of Ransomware, in 85% of cases of ransomware in the UK the targeted systems were down for a week or more, with the loss estimated at thousands of pounds each day. A third of respondents admitted their data was down for over a month, with 15% reporting their data as ‘unrecoverable’.

If you are a business owner or operator, the thought of ‘unrecoverable data’ will leave you cold, but the consequences for core operators of health care services or city infrastructure can be far more serious and wide-reaching. At least 28 NHS Trusts across the UK have been attacked by ransomware in the past year, often resulting in a loss of patient data and key surgeries being cancelled until the system could be recovered.

Attacks are also increasingly being mounted in the personal user space too. Criminals encrypt personal photos on a smart phone or personal computer – which can be very upsetting – and demand cash for their restoration. As before, paying up may or may not result in the photos being released.

The statistics make it clear that a ransomware attack is more likely than not – it is the largest global cyber threat to a business – and so efforts must be focused on minimising the impact of the attack when it comes, allowing the business to recover quickly. For all cases of ransomware the top piece of advice from experts – even the FBI – is always the same thing: back up your data.

In a business, this starts with having a backup policy that is proactively reviewed and applied – you don’t want to be attempting to restore your data retrospectively if the worst should happen. You should also test your backup systems regularly and check that the data is secure and recoverable.

Invest in a reliable backup software provider or use a separate cloud storage pool. Separate is the operative word – the cloud needs to be accessible only by backup systems to keep the data outside the address space owned by your servers to ensure it remains invisible to malware if the systems is infected.

Following the attack, take care to rid the systems completely before restoring the data else you risk infecting the backup data too, rendering it obsolete.

There is also no such thing as being overcautious, so apply the rule of three and have three separate copies of your backup data, all in separate and secure locations and all regularly checked and updated.

As businesses increasingly rely on networks and data systems to operate, policy for protection and defence need to be prioritised and risks should never be underestimated, especially when it comes to ransomware. With an attack now occurring every 40 seconds, backing up your data has never been more critical.