Ransomware 2020: why legacy backup systems should be left in yesteryear

Year on year ransomware, and the criminals distributing it, becomes more sophisticated and subsequently harder to defend against. Until now traditional detection and prevention tools have largely protected us against criminal’s tactics of throwing a flurry of threats our way and hoping one sticks, but that won’t work in 2020 and beyond. Cybercriminals are getting smarter, always, and moving towards highly targeted attacks to breach a network, free to delete and encrypt once they’re in.

We know by now that these breaches are a case of when, not if, and that trying to build an impenetrable Fort Knox isn’t the answer. The question isn’t how we keep attackers out at all costs, but what we have in place to swiftly recover as we move towards a more generalised ransomware resilience.

Backup solutions that served us in the previous decade will be of little help when faced with pinpointing the ins and outs of a given attack. These legacy solutions simply aren’t up to identifying the intricacies of a breach and, whilst your IT team is racing against time to find the answers, the damage is already done. To avoid a wild goose chase through your infrastructure, consider proactively deploying a next-gen backup solution, complete with the following attributes, instead:

Immediate, automatic diagnosis.
The ability to quickly identify the issue and where it lies in the data centre is the first step in remedying any ransomware attack.

Machine learning.
Criminals are subtle, and often leave little to no trace of their presence among your data, particularly to the human eye. Machine learning allows the diagnosis mentioned above by analysing metadata across your infrastructure and learning to detect the smallest of anomalies.

A safe state, ready and waiting to be reinstated.
In the case of a successful breach, how quickly you can return to normal will decide what happens next. Legacy backup systems create backups sporadically, but a next-gen solution will be primed and ready to bring you back to a safe normal thanks to continuous data protection (CDP). CDP is essentially real-time backup, meaning every change is backed up as it happens.

Intelligent data storage.
The above measures are only as effective as your data storage. To stop intruders from encrypting and holding your data to ransom, source data should be stored in immutable backend storage. This cannot be accessed or altered by an attacker and therefore can stop an attack in its tracks.

Instant restores.
The ability to instantly restore large servers can significantly reduce post-ransomware attack downtime. This is a crucial time for any victim organisation, deciding how the attack will affect their customers, the financial fallout they will suffer and the reputational damage that could follow. Being able to instantly restore your servers will make sure all of the above is kept at a minimum.

Essentially, next-gen solutions are a must if we are to improve our defences to match the increasingly smarter criminals looking to penetrate them. Failing to do so is comparable to leaving your organisation and its sought after data behind an unlocked door for anyone willing to try the latch.

By Robert Rhame, Director of Market Intelligence, Rubrik


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.