Every plan needs a good backup plan—unfortunately, ransomware operators want to encrypt that too.
As ransomware attackers increasingly target secondary copies of data, cybersecurity insurers are asking not just that you have backups, but that you protect them. Or make them, in a word: immutable.
“Immutable” means unable to be modified—like your dad’s vacation itinerary, or how tweets used to be. While not a perfect solution, immutable backups are an assuring safeguard to security professionals, especially when placed alongside additional controls.
“It’s almost like extra credit,” said Jason Rebholz, CISO at Corvus Insurance. “It’s not necessarily required for getting insurance, but it’s going to be looked upon favorably, because you’re putting in an extra layer of defense against those backups getting deleted.”
Immuta-wha? Immutable storage, by definition, refers to data that exists in a form that cannot be tampered with.
On-site, the unchangeable “write once, read many” setting exists for conventional storage media, including tapes and disks. On-cloud, companies like NetApp, Dell, Microsoft (with Azure), and Google (with Cloud) offer immutability.
A number of ransomware attacks have gone after backup data. Monti ransomware, discovered in late June 2022, used a PowerShell script to pull credentials from Veeam backup software.
Has the IT services company Airiam seen backup attacks? “I would say every ransomware we’ve been involved in probably for the last 24 months,” said Conor Quinlan, CEO of the company, which assists in ransomware recovery.
Wait, wait, wait, backup. Immutability, however, is not invincibility; ransomware threat-actors can still find a hiding place in the most locked-down data, according to John Burke, CTO at Nemertes, who said that attackers can “pre-infect” data with a command signal that initiates at a predetermined time.
Read more here.—BH
Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.
