There is no doubt that ransomware and other forms of cyberattack present a massive, 跨行业急迫问题. Ransomware in particular has increased almost 13% since 2021—an increase as big as the past 5 years combined—and was present in almost 70% of malware breaches in 2022.1
尽管组织对这种风险有一般的了解, there are still some misconceptions that exist related to backup and recovery shortcuts that can supposedly be taken to avoid disastrous outcomes. However, the truth is that data typically cannot be recovered from a ransomware attack if they are not being stored properly. There are 4 common false beliefs that should be dispelled to better protect organizations and their data.
陷阱1:支付赎金
在加密勒索软件攻击的情况下, the action to take might sound simple: Pay the ransom and get back the data. But the reality is that paying a ransom rarely helps an enterprise recover data in a useable or sustainable manner. Studies show that 58% of enterprises that have been targeted by ransomware and responded by paying ransoms were not able to resume operations with the recovered data.2 换句话说, there are less than a coin-flip’s odds of restoring operations, 这是非常凄凉的. And of those organizations that are able to restore operations from ransomed data, more than half experience persistent issues with corrupted data moving forward.
这是最近一个支付赎金可能出错的例子, look no further than the ransomware attack on the Colonial Pipeline in 2021, which caused a 6-day shutdown and gas shortages across the East Coast of the United States.3 Colonial Pipeline paid the ransom but had to use its old backups anyway. 网络威胁组织与校园恶霸类似. If you give them your lunch money once, they are likely to keep bothering you. Worse still, they could sell their ransomware to another criminal group that could also decide to target you.
网络威胁组织与校园恶霸类似. If you give them your lunch money once, they are likely to keep bothering you.
陷阱#2:依赖单一备份源
All too often, well-meaning security professionals believe they can set and forget automatic backups—but this is not the case. Enterprises should not rely on only 1 backup source or on cloud backups, since unforeseen circumstances can take them out of commission. For example, recall the record-breaking heatwave in the United Kingdom in July 2022.4 The heat was enough to take down Google and Oracle data centers and disrupt a variety of cloud services.
Furthermore, it is important to note that attacks also affect backups. According to a recent report, 68% of attacks affected some or all backup repositories.5 Cybercriminals know that effective backups eliminate their ability to receive a ransom. So, 如果他们能检索到网络数据, 他们几乎肯定也在攻击备份存储库. The only real way to protect against such outcomes is to follow the 3-2-1 rule6 并做好离线备份.
陷阱#3:只保留一个备份
仅仅将数据备份到多个位置是不够的. 理想的风险降低需要实践3-2-1规则, which mandates that 3 copies of data exist on 2 different media, 其中一个是异地加密的. While the 3-2-1 rule calls for 3 data copies, keeping backups over time can help. On average, it takes an organization 207 days to identify a breach.7 This means that an attack happens long before most organizations are even aware that their security has been compromised.
Given this, 一旦发现攻击, an enterprise might have to go back more than 6 months to find an uncorrupted backup from which it can restore its operations. 如果在多个位置有多个备份, an organization can count on at least 1 of them remaining clean and not corrupted, sparing the enterprise from potentially devastating consequences.
Pitfall #4: Employees Failing to Play an Active Role in Data Backup
In 2021, 82%的违规行为涉及人为错误, highlighting that “people continue to play a very large role in incidents and breaches alike.”8 It is always up to management to ensure that employees understand their critical roles in keeping data secure and following cybersecurity protocols, 但这在最近几年变得更加困难. As workforces have become more distributed and many teams continue to work from home or through a hybrid model, 保持最强的安全带来了重大挑战. 更糟糕的是, 员工通常不认为自己是潜在的目标, nor are they taking precautionary measures when working remotely.9
来弥补这个安全漏洞, employees must be given the tools and resources to back up their own data in a secure manner, 例如加密存储设备, 特别是如果他们不在现场工作. Management should also communicate the risk involved with falling short on security practices and the responsibility each team member has to uphold their part. 最后,必须更好地集成安全和IT团队. If security teams are separate from the team responsible for backups, problems can easily arise (e.g.(备份数据未能正确隔离). 这可能导致数据受损或损坏, which, in turn, 可能会阻止正确的数据恢复.
网络攻击风险持续增加,但知识就是力量. Taking the time now to properly store data puts enterprises in a position to protect them when attacks strike—and emerge without business interruption.
Endnotes
1 Verizon, 2022年数据泄露调查报告, USA, 2022
2 Townsend, K.; “It Doesn’t Pay to Pay: Study Finds Eighty Percent of Ransomware Victims Attacked Again,” SecurityWeek, 8 June 2022
3 Staff, D.; “Colonial Pipeline Ransomware Attack: Lessons for Technologists,” Dice, 23 May 2022
4 Veeam, 2022年勒索软件趋势报告, USA, 2022
5 Ibid.
6 Markley, K.; “How to Develop and Execute a Rigorous Data Backup and Recovery Strategy,” ISACA® 产业新闻,2022年4月18日
7 IBM, 2022年数据泄露报告的成本, USA, 2022
8 Solomon, H.; “Verizon报告称,人为错误是导致数据泄露的首要原因,” 加拿大IT世界, 24 May 2022
9 Apricorn, 年度全球IT安全调查2022, USA, 2022
Kurt Markley
Is the US managing director at Apricorn and has more than 20 years of experience in encryption and cybersecurity. 他曾与许多制造业组织合作过, government, finance and healthcare industries to help strengthen their data protection.