Home
Join

16 Replies

  • The location I work at (which is a subsidiary of the main company) has already been doing nightly tape backups of the main systems since the early 00's. It's not up-to-the minute, but it's consistently tested and works well enough to recover quickly from just about any situation that's likely in this area short of total destruction of my hometown, which would honestly put IT recovery at the bottom of the to-do list. Even in that case, there are off-site backups, but they're not daily. 

    We did somewhat recently move the physical secondary systems to a separate building from our primary datacenter here. I don't know that it was directly related to elevated risks, but more of just a general best practice that we've needed to get to for a while. Unfortunately, that site doesn't have it's own internet connection yet, it's got a dedicated fiber running from our primary building, so if the primary goes down, only that building comes back up. It's a work in progress :p

    Our headquarters location for the parent company does need an overhaul of the backup and disaster recovery system, which there is an active project for, but I'm not on it, nor do I want to be, haha! 

    Spice (4) flagReport
    Was this post helpful? thumb_up thumb_down
  • Our worry with ransomware is less on recovery due to both air gapped and immutable AWS backups. We are far more concerned with data being leaked.

    Spice (10) flagReport
    Was this post helpful? thumb_up thumb_down
  • We added <redacted> to our backup plans. It was initially because of the uptick in ransomware lately and the recent surge in zero days.

    Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down
  • In regards to backups, I think the real question isn't "Have you added more backups?", but should be "Have you actually tested your backups?"

    With that in mind, remember that backups definitely are NOT a preventative control, so I don't see them as fighting any type of cyber threat. If you have to use your backups, your preventative controls have failed.

    While I strongly recommend making sure your backups are sufficient (and functional) in the event that you will need them, you should also focus on preventative controls, namely patching vulnerable software / systems and conducting Security Awareness Training on your users. These are the two largest attack-vectors on your network.

    Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down
  • jonahzona wrote:

    In regards to backups, I think the real question isn't "Have you added more backups?", but should be "Have you actually tested your backups?"

    With that in mind, remember that backups definitely are NOT a preventative control, so I don't see them as fighting any type of cyber threat. If you have to use your backups, your preventative controls have failed.

    While I strongly recommend making sure your backups are sufficient (and functional) in the event that you will need them, you should also focus on preventative controls, namely patching vulnerable software / systems and conducting Security Awareness Training on your users. These are the two largest attack-vectors on your network.

    The additional question is will your backups survive a ransomware attack.  

    Ransomware can be in your system for months before launching an attack which means its in your backups. Many strains also purposely seek and and destroy backups before launching the main attack.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • molan wrote:

    The additional question is will your backups survive a ransomware attack.  

    Ransomware can be in your system for months before launching an attack which means its in your backups. Many strains also purposely seek and and destroy backups before launching the main attack.

    molan​ Yes, you are right about that. It's just my opinion that because the poll references the Shields Up program, I think would better serve the community if it was along the lines of what are you doing in light of increased cybersecurity threats instead of implying that the proper way to respond to those is just by taking more backups.

    Please don't misunderstand me, Gorfmaster1​ will attest to the fact that I obsess over our backups. Ransomware will certainly work to destroy those backups once it gets into the network, and could lie dormant for weeks or even months before unleashing it's ugly head, so having proper backups, monitoring daily, and testing regularly is essential.

    But something else to keep in mind is Data Exfiltration. All the backups in the world can't save you from malicious actors exfiltrating your data and posting it on the dark web for anyone to peruse. Ransomware almost universally now includes data exfiltration. Only if you also put your efforts into prevention and detection will you keep from being a victim of something so heinous.

    The Shields Up initiative is about security as a whole; backups are only a part of an overall security strategy. Ultimately, you want to prevent the intrusion. If you fail to prevent it, you want to detect it as soon as possible in order to mitigate the damage. If you have to resort to your backups, ensure that they are functional and available. Just remember that while backups can save your bacon if the crap hits the fan, a little user training and patching that pesky Exchange server might have prevented it in the first place,

    Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down
  • Whilst I haven't created or altered the way we do backups, in the last week I have tested and the backups on a couple of my servers and carried out a complete restore on one of them.

    Was this post helpful? thumb_up thumb_down
  • Sorry if I offend, but you should already have a backup system in place for this scenario.

    Was this post helpful? thumb_up thumb_down
  • Why wouldn't I already be doing everything I can to mitigate risks regardless of the perceived level of risk?

    Was this post helpful? thumb_up thumb_down
  • I am no expert, however, one additional item some may not be aware of is Immutable Storage. You can have your data backed up to an additional location that's different than your regular offsite storage. Once there, the data cannot be changed. Those backups are usually for no more than four weeks and not meant for regular restores\recovery. If backups get encrypted, then the networked devices are hit, the Immutable Storage should still be untouched. 

    Was this post helpful? thumb_up thumb_down
  • Our following blog post contains some best practices and additional measures in regards to security. Hope it helps: https://vox.veritas.com/t5/Protection/Hackers-are-in-now-what/ba-p/893570

    Veritas Netbackup IT Analytics (FORMERLY APTARE), can help to close some gaps, too.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • We do daily backups but since they have not been test (maybe a DB here or file there), I'm not really sure if everything can be restored. We weren't even doing full server backups until last year. Now we are taking full server backups of key servers.

    Was this post helpful? thumb_up thumb_down
  • Our backups are already setup with ransomware attacks in mind. So are we do anything additional? no. 

    Was this post helpful? thumb_up thumb_down
  • I'm pretty sure that if you're already doing it right...there is no reason to change anything.

    Was this post helpful? thumb_up thumb_down
  • Validating and testing backups is always best practice.  This CISA alert is more for business owners who are not providing their admins with the resources necessary to follow best practices.

    Was this post helpful? thumb_up thumb_down
  • We are constantly looking for ways to both protect data from a disaster, ensure we can recover, and ensure data isn't being leaked. Data being backed up has been practiced to the upmost criticality for years but lately we have an uptick in customer requests to do more DLP and similar.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down

Read these next...