Ransomware attacks are increasing –here’s how to cover your bases
Picture this: It’s an ordinary morning, you’re logging onto your organisation’s network when… BAM… access denied. Your files have been encrypted. You (and everyone else) are officially locked out.
Then comes the ransom demand – tens of millions of dollars if you’re playing in the big leagues. You could pay, but there are no guarantees that you’ll ever get your data back in good condition.
We get it. It’s easy to think “It’ll never happen to me”. The unfortunate reality, however, is that ransomware attacks have skyrocketed in frequency over the last year. They are targeting everything from global enterprises to local “mom and pop” shops.
With privacy laws in full focus, the damage of these attacks – successful or not – can be astronomical, not just in terms of productivity, but also reputational and financial damage.
The good news is, businesses using Microsoft 365 have access to some very sophisticated protections against ransomware and other malware. Properly configured, these should protect against 95% of ransomware attacks. But what about the other 5%?
Realistically, prevention can only get you so far in today’s constantly evolving technology landscape. It’s essential to also have a recovery plan in place, should a worst-case scenario occur.
When it comes to ransomware, that plan revolves entirely around backups – having up-to-date and easy-to-restore copies of all critical data ready to replace encrypted or corrupted versions at a moment’s notice.
Best practice basics of modern backup
Gone are the days when a simple tape backup, run once a day/week/month and stored in an office safe, was sufficient. These days, effective data protection (and continuity) requires a multi-level backup approach that includes the following:
For cloud-based enterprises, “onsite” backups generally refer to a backup stored within the same availability zone as your main production systems. Restoring from an onsite backup is usually the fastest way to get up and running after a ransomware attack.
There are situations in which onsite backups can be damaged or corrupted alongside your primary systems. This isn’t usually a direct result of ransomware, but the last thing you want to find in the midst of an attack is that your onsite backup is unusable, and you have no fallback.
For that reason (amongst others) the best data protection strategies use a 3-2-1 approach: three copies of your data, on two different storage types, with at least one offsite copy.
The amount of data you lose to a ransomware attack is directly related to how well you schedule your backups. Consistently run, strategically scheduled backups dramatically reduce the risk of critical data falling through the cracks between your last backup and your latest attack.
Keep in mind the right schedule for you won’t necessarily look the same as any other business. Plan around your unique workflows to find the most effective timing for you.
Ever hear about how the film Toy Story 2 was almost lost to a backup failure? It’s true. After an accidental deletion incident back in 2012, the team at Pixar discovered their backups hadn’t run successfully for a month. The film was saved by a 2-week-old backup on one employee’s home computer.
If that’s not a lesson on the importance of testing your backups regularly, we don’t know what is.
Having backups and knowing how to use them are two very different things. For the fastest recovery times, make sure your disaster response team knows exactly how to access and restore your backups when necessary.
What to look for in your backup solution
There are a lot of third-party backup solutions that can theoretically deliver on the above. So, how do you choose the best fit for your needs?
Cost, speed and flexibility on a restore should be priorities, of course, but we also suggest keeping an eye out for the following attributes:
- Scalability – can scale your backup storage as your needs grow and/or shrink?
- Ease of deployment – how quickly can you take your data from “at risk” to secure?
- Business continuity – how disruptive would the onboarding process be?
- Support – is there ongoing product development and active customer support?
- Ease of use – how much control do you have and how easy is the recovery process?
- Compliance – can you satisfy Data Subject Access and Right to be Forgotten requests?
Having worked with countless backup solutions over the years, AvePoint remains our most frequently recommended. It consistently checks the right boxes for the majority of our customers and takes first place in objective analyses like The Forrester New Wave™: SaaS Application Data Protection, Q4 2021.
What about Microsoft backups?
We get this question a lot. Yes, Microsoft does offer native backup on all primary apps like SharePoint Online, OneDrive for Business and Outlook. No, they are not enough to fully protect your data.
Microsoft’s backups are designed primarily for environment-level disaster recovery. They don’t have the speed, flexibility or granular control you need when recovering from something like a targeted ransomware attack. (Read more on Microsoft’s backup capabilities and gaps, here.) They also don’t cover onsite or third-party workloads, making them a partial solution at best.
In their SLA, Microsoft explicitly urges customers to use third party backup and recovery solutions, recommending customers “regularly backup your Content and Data that you store on the services or store using Third-Party Apps and Services.”
With ransomware attacks on the rise, we heartily suggest you take their advice.
Need help formulating a robust backup strategy that balances best practices with business needs? Get in touch!