Most organizations are bewildered at the mention of this latest cybersecurity requirement. When the term immutable backup comes up, we often hear, “’What is it,’ ‘Why would I need it?’, and ‘How can it help me?’”
The truth is, like most preventative investments, it could feel like you’re spending money on something you’ll never use. And we’ve all been there, it’s hard to justify spending that money when your budget is already tight. That’s why we’ve compiled some information for you on the subject of immutable backups, so you can rest easy knowing that you’re investing in more than just a buzzword, but a resource that will give you peace of mind. First we'll define what immutable backups are and then we'll give you 5 reasons why you need to consider them for your incident response strategy.
What are Immutable Backups?
Immutable backups play an important role in your disaster recovery plan; recovering from a security breach. Essentially, should you ever need to restore your environment/ reset your environment to rid yourself of the infection, you would implement your disaster recovery plan and restore your environment from data backups. The problem with standard backups is that you risk reinfecting your environment if the malware has been present for a while. Andy, cyber criminals have caught on and are now infecting your backups...they will do anything to get their ransom.
This is where immutable backups can help. These backups cannot be altered, encrypted, tampered with, modified, deleted, or removed [1]. All of which are common tactics for hackers. Should your organization get attacked, this will ensure that you have an unaltered copy of your data. Oh, and it’s indestructible too. The same cannot be said for your standard backups. As mentioned earlier, hackers love to hold your data ransom and delete, alter and/or infect your backups, to trap you.
Reason 1.
Hackers are Becoming more Sophisticated, and Your Data is in Danger
Cyber criminals are deploying more sophisticated attacks than ever. And they’ve realized that companies are avoiding paying the ransom because they’ve got their backups to lean on. Now that they know to target your backups as well, you need to make sure your backups cannot be tampered with or altered in any way.
Think of Ryuk and Emotet, and other forms of metamorphic and polymorphic malware. Ransomware attacks have become the most prolific and successful cyber-attacks because they lean on your team to get through. Believe it or not, a single click on the wrong link could bring your business to its knees. Even with the best defenses imaginable, an employee that does not recognize a phishing attempt is all it takes to invite polymorphic and metamorphic malware into your environment. We hope this never happens to you and enrolling in security awareness training for your team is absolutely recommended. But if it does happen, you’re going to need that unaltered snapshot of your data to get your environment up and running again.
Reason 2.
No Chance of Malware, Ransomware, etc.
Because immutable backups CANNOT be altered, you know your data is secure. Hackers have no access to your data. The worst thing that could happen after a breach is restoring data that has been altered or infected by malicious malware. What do you do then? Build the environment from the ground up...who’s got the time and money for that! Immutable backups cannot be altered or encrypted by a cyber-criminal, and they’re also indestructible. Should you have to flush your environment to avoid paying the ransom, you can rest easy knowing that you can restore everything back to how it was...and then re-evaluate your cybersecurity posture.
Reason 3.
Your Cybersecurity Insurance Will Require Immutable Backups
We’ve been seeing it more often; standard backups are no longer making the cut in disaster recovery plans. While we’ve heard from cybersecurity insurance brokers that immutability is not yet a box you have to check for a cyber insurance policy, we know this will be the baseline soon. If you have immutable backups today, you may qualify for reduced cyber insurance premiums.
It all has to do with risk. Immutable backups alone may not be enough to prevent a ransomware attack, but immutable backups can ensure that you’re able to restore your entire environment should you be forced to pay a ransom or lose everything. This is an especially good investment if you have privileged patient or customer data.
Reason 4.
Rebuilding Your Entire Data Center Environment is REALLY Expensive
If your data center is infiltrated and all your data compromised, your options are limited. You could pay the ransom and cross your fingers that these cyber criminals will never hit you again, or you can start from scratch. Rebuilding your data center from the ground up can come with a hefty price tag. You don’t want to get caught in this ‘woulda coulda’ scenario. If you invest now in immutable backups, restoring your environment to its pre-attack state gives you a viable option to paying the ransom.
But keep in mind, having un-compromised data is only a piece of the puzzle, you need to make sure you find a solution that will allow you to get back up and running quickly. Downtime can be a business killer.
We’ve seen situations where companies are breached, have immutable backups, but the recovery time is so long that it derails their business. They lose LESS money by just paying the ransom than by waiting for a full restore. Talk about the worst-case scenario!
Reason 5.
Immutable Backups are an Investment to Give You Peace of Mind
Immutable backups are going to be more expensive than standard backups, UP FRONT. We get it, it’s hard to invest money in something you may never need, but like insurance, you’ll sure be happy you have it should the unthinkable happen.
But consider the cost of paying a ransom to recover your data from cyber criminals, or worse, paying to rebuild your entire environment! We spoke with a Cyber insurance broker at our most recent Security User Group, who said, “the real question is, how much is your business worth?” Because, when these breaches happen, organizations go belly up when they aren’t covered.
Need Help Implementing Immutable Backups into Your Disaster Recovery Plan?
Now that we’ve got a basic idea of what an immutable backup is and why you should invest in it, we can take a deeper dive into vendors that specialize in the arena. In our next blog, we’ll explore some of the immutable backup offerings you can use in your environment. We’ll be digging into Amazon S3, VEEAM, and Cohesity’s immutable backup and AirGap backup solutions, so make sure you subscribe to our blog to get notified when that comes out.
Sources
[1] https://www.cohesity.com/glossary/immutable-backup/