There is no doubt that ransomware and other forms of cyberattack present a massive, urgent problem across industries. Ransomware in particular has increased almost 13% since 2021—an increase as big as the past 5 years combined—and was present in almost 70% of malware breaches in 2022.1
Despite organizations’ general knowledge of this risk, there are still some misconceptions that exist related to backup and recovery shortcuts that can supposedly be taken to avoid disastrous outcomes. However, the truth is that data typically cannot be recovered from a ransomware attack if they are not being stored properly. There are 4 common false beliefs that should be dispelled to better protect organizations and their data.
Pitfall #1: Simply Paying the Ransom
In the case of crypto-ransomware attacks, the action to take might sound simple: Pay the ransom and get back the data. But the reality is that paying a ransom rarely helps an enterprise recover data in a useable or sustainable manner. Studies show that 58% of enterprises that have been targeted by ransomware and responded by paying ransoms were not able to resume operations with the recovered data.2 To put it another way, there are less than a coin-flip’s odds of restoring operations, which is extremely bleak. And of those organizations that are able to restore operations from ransomed data, more than half experience persistent issues with corrupted data moving forward.
For a recent example of how paying a ransom can go wrong, look no further than the ransomware attack on the Colonial Pipeline in 2021, which caused a 6-day shutdown and gas shortages across the East Coast of the United States.3 Colonial Pipeline paid the ransom but had to use its old backups anyway. Cyberthreat groups are similar to schoolyard bullies. If you give them your lunch money once, they are likely to keep bothering you. Worse still, they could sell their ransomware to another criminal group that could also decide to target you.
Cyberthreat groups are similar to schoolyard bullies. If you give them your lunch money once, they are likely to keep bothering you.
Pitfall #2: Relying on a Single Backup Source
All too often, well-meaning security professionals believe they can set and forget automatic backups—but this is not the case. Enterprises should not rely on only 1 backup source or on cloud backups, since unforeseen circumstances can take them out of commission. For example, recall the record-breaking heatwave in the United Kingdom in July 2022.4 The heat was enough to take down Google and Oracle data centers and disrupt a variety of cloud services.
Furthermore, it is important to note that attacks also affect backups. According to a recent report, 68% of attacks affected some or all backup repositories.5 Cybercriminals know that effective backups eliminate their ability to receive a ransom. So, if they are able to retrieve network data, they are almost certainly also attacking backup repositories. The only real way to protect against such outcomes is to follow the 3-2-1 rule6 and have offline backups in place.
Pitfall #3: Keeping Only One Backup
It is not enough to merely back up data to multiple locations. Ideal risk reduction requires practicing the 3-2-1 rule, which mandates that 3 copies of data exist on 2 different media, 1 of which is offsite and encrypted. While the 3-2-1 rule calls for 3 data copies, keeping backups over time can help. On average, it takes an organization 207 days to identify a breach.7 This means that an attack happens long before most organizations are even aware that their security has been compromised.
Given this, once an attack is discovered, an enterprise might have to go back more than 6 months to find an uncorrupted backup from which it can restore its operations. If there are multiple backups in multiple places, an organization can count on at least 1 of them remaining clean and not corrupted, sparing the enterprise from potentially devastating consequences.
Pitfall #4: Employees Failing to Play an Active Role in Data Backup
In 2021, 82% of breaches involved human error, highlighting that “people continue to play a very large role in incidents and breaches alike.”8 It is always up to management to ensure that employees understand their critical roles in keeping data secure and following cybersecurity protocols, but this has become more difficult in recent years. As workforces have become more distributed and many teams continue to work from home or through a hybrid model, keeping security at its strongest poses significant challenges. To make matters worse, employees often do not consider themselves potential targets, nor are they taking precautionary measures when working remotely.9
To counteract this gaping security lapse, employees must be given the tools and resources to back up their own data in a secure manner, such as with encrypted storage devices, particularly if they are working offsite. Management should also communicate the risk involved with falling short on security practices and the responsibility each team member has to uphold their part. Finally, security and IT teams must be better integrated. If security teams are separate from the team responsible for backups, problems can easily arise (e.g., backup data failing to be properly isolated). This could lead to compromised or corrupted data, which, in turn, could prevent proper data restoration.
Cyberattack risk continues to increase, but knowledge is power. Taking the time now to properly store data puts enterprises in a position to protect them when attacks strike—and emerge without business interruption.
Endnotes
1 Verizon, 2022 Data Breach Investigations Report, USA, 2022
2 Townsend, K.; “It Doesn’t Pay to Pay: Study Finds Eighty Percent of Ransomware Victims Attacked Again,” SecurityWeek, 8 June 2022
3 Staff, D.; “Colonial Pipeline Ransomware Attack: Lessons for Technologists,” Dice, 23 May 2022
4 Veeam, 2022 Ransomware Trends Report, USA, 2022
5 Ibid.
6 Markley, K.; “How to Develop and Execute a Rigorous Data Backup and Recovery Strategy,” ISACA® Industry News, 18 April 2022
7 IBM, Cost of a Data Breach Report 2022, USA, 2022
8 Solomon, H.; “Human Error Tops Causes of Data Breaches, Says Verizon Report,” IT World Canada, 24 May 2022
9 Apricorn, Annual Global IT Security Survey 2022, USA, 2022
Kurt Markley
Is the US managing director at Apricorn and has more than 20 years of experience in encryption and cybersecurity. He has worked with many organizations in the manufacturing, government, finance and healthcare industries to help strengthen their data protection.