Imagine a scenario that has become a reality for many IT managers: it is the middle of the night and the alarm systems are signalling a critical incident. All the company’s servers have been encrypted, and the screens show only one thing – a ransom demand.
This is not an excerpt from a movie, but a real threat that, according to the data, costs companies an average of $4.88 million per incident and last year affected as many as 75% of businesses worldwide.
At a time when ransomware has become ubiquitous, having any kind of backup is no longer sufficient protection. The difference between a quick recovery and a business-paralysing disaster lies in a mature and informed data protection strategy.
The key is not the backup itself, but its intelligent architecture.
Two indicators are the foundation of any such strategy: RPO (Recovery Point Objective) and RTO (Recovery Time Objective). The RPO defines the maximum acceptable level of data loss, measured in time. If a company makes copies every hour, its RPO is 60 minutes – that’s how much of the latest data it can irretrievably lose.
The RTO, on the other hand, defines how quickly systems must recover from a disaster. These two parameters are the business compass that sets the direction for technology decisions, from the frequency of backup to the type of media used.
The choice of technology is a direct consequence of the objectives adopted. A full backup, although the easiest to restore, is resource intensive and, in the case of large volumes of data, significantly increases restore times. Therefore, companies often turn to more efficient solutions.
Incremental backup saves only the data that has changed since the last arbitrary copy, which saves space and time but complicates the recovery process. The compromise is differential backup, which copies all changes since the last full copy, offering a balanced approach between speed of creation and ease of recovery.
Equally important is the choice of where to store copies. Local solutions such as external hard drives or NAS systems work well for smaller organisations, but are physically vulnerable and often do not offer sufficient scalability.
The public cloud has revolutionised the market, giving almost unlimited space and geographical dispersion of data, which is key in Disaster Recovery strategies. Nevertheless, for long-term, low-cost, regulatory-compliant data archiving, tape media still has its place.
However, even the best combination of the above methods can be rendered useless when advanced ransomware first infects and encrypts production systems and then destroys or encrypts the connected backup repositories. It is this attack vector that makes the concept of immutability increasingly important.
The unmodifiable backups, which operate on the WORM (Write-Once-Read-Many) model, once saved cannot be modified or deleted in any way before a defined period of time has elapsed.
Even if attackers gain full administrator privileges across the infrastructure, they will not be able to compromise the integrity of such a backup. This creates a last, sure line of defence, ensuring that the company will always have a clean, intact copy of the data ready for restoration.
Introducing immutability mechanisms into a backup strategy is ceasing to be an option and is becoming a necessity. Specialised appliances and cloud solutions are already available on the market that offer this functionality in an affordable way, minimising the complexity of implementation.
With the rising tide of cyber attacks, investing in a strategy that not only creates copies but also guarantees their invulnerability is one of the most important decisions a modern organisation can make.
