Time for AI: Standard backups are no longer enough
New ransomware variants destroy backup data before they encrypt production data. Therefore, companies need intelligent security solutions in combination with secured data that cannot be changed.
In some ways, the competition between cybercriminals and security experts resembles the famous race between hare and hedgehog. At first, hackers primarily encrypted production data. Companies fought back with solutions that allowed data to be restored quickly via backups.
Then the attackers shifted to destroying or encrypting backups. IT countered with immutable backups. Now the criminals are pulling data and threatening to publish it on the dark web. As a result, companies are once again faced with the question of how to adequately secure their data.
AI instead of traditional tools
Many conventional or legacy tools only detect attacks using known virus signatures, IP addresses or attack patterns. However, they often cannot detect and defend against new types of attacks from unknown sources.
To defend against current attacks, companies should therefore also deploy next-gen data management solutions with built-in artificial intelligence and machine learning (AI/ML) capabilities. These technologies can be used to trigger alerts that can notify the IT data admin when the backup data changes or ingest rates fall outside the norm based on historical trends -- all of which could indicate an attack has taken place. The capabilities can also indicate, for example, when a user accesses large amounts of sensitive data at unusual times. Integration with security orchestration, automation and response (SOAR) platforms can then be used to trigger defensive measures or further authentication via an additional factor.
Companies should complement this with integrated data security and data governance solution. They can then use AI/ML systems to classify their data to identify sensitive information - including personal data. Only when it is known what sensitive data is stored where can it be determined who has access to it to protect it from attack. Data classification with predefined guidelines, such as for the DSGVO, makes compliance easier.
Despite all precautions, a data theft or ransomware attack can be successful. In this case, companies need the ability to restore data quickly. But the backups must not have been altered beforehand, for example through unwanted encryption or deletion by an attacker. Therefore, it’s critical that customers embrace next-gen solutions that offer immutable backup snapshots. Immutability helps ensure that no unauthorised user or application can modify the ‘gold’ copy of the backup. Any attempts to modify the ‘gold’ copy will automatically create a zero-cost clone.
If this feature is embedded from the start, the original copy of the data is safer from unwanted manipulation. In addition, it is recommended to activate DataLock in the backup policy. The snapshot is then provided with a time-limited lock that even the security officer cannot delete.
For even greater security, look for solutions that provide data on the frequency of files accessed, and the number of files that are modified, added to, or removed by a particular user or application.
There is also the option to store an isolated copy in an externally managed data vault. This makes data even more resistant to ransomware attacks. In addition to immutability, this gives companies another way to protect themselves from attackers who want to encrypt data.
Last but not least, in the event that you are attacked, recovering quickly is the name of the game. Therefore, look for next-gen data management solutions that offer instant mass restore capabilities so that you can minimise downtime while keeping your brand intact and your customers happy.
Relying on traditional backups as insurance is no longer enough. Modern systems offer AI/ML solutions to detect and defend against even novel attacks. Should they still succeed, immutable backups can help enable fast and reliable data recovery.