Ransomware has made major national headlines this year, with attacks on Colonial Pipeline, Kaseya, and JBS Foods wreaking havoc on business operations and reputations. The risk of ransomware seems ever-present, which is why companies must evaluate their disaster recovery plans to ensure data is properly secured and retrievable. While the US government is certainly addressing the threat of ransomware — with President Biden recently signing a national security memorandum on "improving cybersecurity for critical infrastructure control systems" — these matters are most often in the hands of business leaders.
Ransomware security is twofold: Data managers can think in terms of prevention and remediation. Given the number of ransomware attacks and the devastation they cause, we know prevention only works to an extent. The bad guys keep getting in, which demonstrates the need for remediation and recovery.
Below are best practices for data recovery, including industry standards, setting up your recovery practices, and what to do when you need them.
The 3-2-1-1 Rule
You may know of the 3-2-1 backup rule, which encourages data managers to create three copies on two different media with one copy off-site. But today data managers need to go one step further by establishing a gold copy of data: one that is air-gapped in secure, offline storage — hence, the 3-2-1-1 rule. Securing data offline is one of the best strategies for recovery and keeps victims from having to pay a ransom to get their data back. In fact, in a recent White House memo, Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger urged business leaders to regularly back up critical data to offline storage.
Secure offline storage keeps critical data out of the reach of malicious actors to reduce risk, improve security, and optimize storage costs. The data is air-gapped on physical tape and disconnected from the network to prevent access from unauthorized personnel. What's more, it's significantly more cost effective than cloud storage, where data resides on spinning disks.
Creating Your Gold Copy
Now that we've covered the benefits of creating an offline and off-site gold copy, how should you do it? When determining what to store in your gold copy, you should first categorize your business data to discern the most critical information. A gold copy should include data that your organization cannot live without — for example, a company's critical intellectual property.
Now that you've tiered and stored your most critical data off-site and offline, it's important to ensure you can recover your data when the worst-case scenario occurs. Malware can exist in a system for extended periods of time, and you don't want to recover compromised data and reinstall malware onto your systems. Consider solutions that include tools to inspect data prior to restoration.
The last step to creating your gold copy is encrypting the data to ensure confidentiality and privacy. Alongside multifactor authentication, encryption provides the final layer of security on your gold copy.
Using Your Gold Copy
Having a gold copy means you avoid the need to pay ransomware attackers to retrieve your data. When ransomware attackers threaten your business by encrypting and withholding critical business information via unsecure networks, having an offline gold copy helps you get back to business quickly, and it helps companies maintain productivity despite the devastating effects of ransomware.
Data secured in offline storage is largely inactive, therefore it doesn't need to be accessed for day-to-day business operations. But if data managers need to review their gold copy, secure offline storage uses multifactor authentication to control access when retrieving offline data and when recovering from a ransomware attack.
Securing a gold copy of critical data offline is essential in every organization's disaster recovery or continuity plan. While it's becoming increasingly difficult to prevent ransomware attacks on your business, you can protect your data to ensure an effective and safe recovery by implementing secure offline storage strategies. Ransomware might not be preventable, but data remediation strategies can protect the integrity and reputation of your business in the event of a breach.