Cybersecurity protects backup data.
Backup security was never much on the radar until cybercriminals started to raise their ransom demands. They found that their victims could sometimes ignore their requests as they had good backups to fall back on. That led to a revised ransomware strategy that involved backups. Suddenly the security of backups moved front and center. Here […]
Backup security was never much on the radar until cybercriminals started to raise their ransom demands.
They found that their victims could sometimes ignore their requests as they had good backups to fall back on. That led to a revised ransomware strategy that involved backups. Suddenly the security of backups moved front and center.
Here are some of the top trends in the backup security market:
Doron Pinhas, CTO at Continuity Software and co-author of NIST Special Publication: “Security Guidelines for Storage Infrastructure,” said that modern data-targeted attacks explicitly focus on storage and backup systems.
“By destroying backup copies in addition to encrypting and locking data, cybercriminals put much more effective pressure on victims to pay the ransom,” said Pinhas.
Many ransomware victims found that when they turned to their backups to recover their data, they were recovering infected files within the backup copies. Result: They remained in the grip of a ransomware attack and still could not access their data.
“By infecting backup media, cybercriminals can ensure attacked environments will remain compromised even after the organization restores them to the last known good configuration,” said Pinhas.
Cybercriminals are getting picky. As well as infecting files in general, they want to find the most sensitive, confidential, and valuable data.
Intellectual property or databases of key customers are a couple of examples. Such repositories are often the most protected.
Hackers might try for months to infiltrate these data sources without success. But another attack vector often bears fruit – via the backups.
“Realizing that storage and backup system security often lags, cybercriminals steal data directly off the backup media (and, in particular cloud- and offsite-backup),” said Pinhas with Continuity Software.
“It is often much faster, evades data loss prevention solutions, and takes advantage of backup mechanisms, which often enjoy high-level of trust by other components of the data center. Thus backup systems can be manipulated to exfiltrate otherwise hard to reach data.”
Accordingly, awareness is slowly rising that lax security in storage and backup systems must be stamped out.
Pinhas with Continuity Software recommends:
“Test your backup solutions and continuously scan all storage and backup systems for security misconfigurations and vulnerabilities,” said Pinhas.
Multi-cloud environments are becoming the norm.
As a result, management can get complex due to there being so many consoles to check. This can lead to sloppiness and misconfigurations.
“Invest in backup solutions that address data protection requirements in the data center, public cloud and edge environments, and favor solutions that offer a single pane of glass to manage these distributed environments,” said Gartner analyst Michael Hoeck.
“Choose products that offer a secure and granular recovery testing experience.”
Hoeck also recommends the selection of “backup tools that provide a comprehensive solution for ransomware anomaly and malware detection as well as expedited recovery capabilities from ransomware attacks.”
Yes, immutable copies are important by creating second copies of backups through write once, read many (WORM) software and immutable snapshots. But that is not enough.
Systems are also appearing, said Hoeck, that can spot ransomware attacks by monitoring behavioral anomalies of protected data and are adding malware detection provided by partnering with security vendors or by developing these capabilities in house.
Jesper Tohmo, CTO and co-founder of ShardSecure, noted that the traditional practice of storing backups on tapes, provided an added a layer of protection since physical access to the tapes was necessary to access data.
This is known as an air gap. It is a smart strategy that is still used widely. However, many have moved to cheap storage in the cloud provided by AWS and others and no longer have that kind of protection.
“Even with encryption of cloud-based backups, a complete dataset will be available and vulnerable to attackers in the backup location,” said Tohmo.
“One alternative is to use a solution that microshards that distribute data to multiple customer-owned locations. This kind of microsharding solution allows customers to protect their data in the cloud and achieve a quick recovery if needed.”
Drew Robb is a contributing writer for Datamation, Enterprise Storage Forum, eSecurity Planet, Channel Insider, and eWeek. He has been reporting on all areas of IT for more than 25 years. He has a degree from the University of Strathclyde UK (USUK), and lives in the Tampa Bay area of Florida.
Enterprise Storage Forum offers practical information on data storage and protection from several different perspectives: hardware, software, on-premises services and cloud services. It also includes storage security and deep looks into various storage technologies, including object storage and modern parallel file systems. ESF is an ideal website for enterprise storage admins, CTOs and storage architects to reference in order to stay informed about the latest products, services and trends in the storage industry.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
