Recover from Hacks with a Secure Backup System

Recover from Hacks with a Secure Backup System

By Bill Yates

A member of the Dell Expert Network explained to attendees at MSP Expo 2023 why implementing secure data backups have become mandatory is this day and age.

In "Surviving a Cyber Attack and Keeping Critical Data Safe," Kevin McDonough, advisory systems engineer at Dell Expert Network, told attendees the key steps that can be taken to protect your most critical data and avoid costly repercussions.

"All the adversarial groups are starting to work together," McDonough said. "If they want in, they're going to get in," he said.

Even paying the ransom doesn't guarantee you can rebuild, McDonough said. You might get your data back if you pay up, but it will be in bad shape, he said. "They only have to be successful once and they win," he said.

The increase in available computing power has allowed bad actors to increase the pace of attacks they're issuing. If they have the resources, there's really nothing you can do to stop them. "Brute force attacks are becoming more common," he said.

The best you can do to protect your company is to implement a secure backup system that will allow you to recover from any hack, he said. First you detect the problem, then you isolate it, and then you implement recovery operations, he said. "Isolation tied with immutable is how we get invulnerable," McDonough said.

What day of the week do most cyberattacks occur? On Mondays, McDonough said. Why" Because Microsoft issues patches on Tuesday, and everyone knows it, he said.

Hackers have developed multiple ways of attacking your business, he said. Three big issues that concern McDonough now include:

  • Insider-based credentials. If someone gets hold of manager credentials, your most valuable data is at risk. "If they can see it, they can destroy it," McDonough said.
  • Zero Day exploits.  Unpatched vulnerabilities are disseminated quickly among hackers ."They get past your ID and protocols tools each time because there is no signature," he said.
  • Dwell time. Hackers like to sit inside your system and watch what happens. "They understand your entire backup structure," he said, "and they know which things you're replicating."

Obtaining your last clean data set depends upon knowing exactly when the attack occurred, McDonough said. "With a cyber event, you don't know exactly when the attack occurred or started," he said. "The amount of dwell time you see is quite phenomenal."

He said hackers were inside Sony for nearly two months in 2014 before the attack was discovered. Obtaining command and control is their goal, he said. To prevent that from happening, McDonough said to:

  • Create a functional air-gap network.
  • Leave no trace in production as to where data is copied
  • Pass data to backup in malware-free containers
  • Employ advanced immutability and NTP protections
  • Orchestrate all your backup maneuvers from the vault side.

A little resiliency goes a long way, he said. Data in the vault should represent about 25% of your company's complete data set, he said.  On the production side, backup measures are invisible, he said.  Keep production away from backup. "We like to make sure the vault is physically isolated," he said.

"Disaster recovery and cyber recovery are not the same thing," he said. Also, cyber restoration does not equal cyber recovery, he said. Data restoration doesn't involve accessing clean backups, he said. You can't depend upon disaster recovery techniques after a cyberattack, because your backups will likely be taken down too, he said.

Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Communications Correspondent

Related Articles

Mutare Brings Together Cybersecurity Community to Raise Vishing Awareness

By: Greg Tavarez    3/28/2023

Mutare is collaborating with government agencies, business coalitions and private industry in an educational campaign to raise awareness of the risks …

Read More

Only 15% of Organizations Deemed Mature Enough to Defend Against Cybersecurity Risks

By: Greg Tavarez    3/28/2023

Fifteen percent of organizations globally have the maturity level of readiness needed to be resilient against today's modern cybersecurity risks, acco…

Read More

Opti9 Offerings Strengthen Veeam Customers' Security Stacks

By: Greg Tavarez    3/28/2023

Opti9 introduced its standalone offerings for Veeam, which are managed services for Veeam Software and its AI-based ransomware detection and remediati…

Read More

How Businesses are Navigating Migrations and Marketplace Shifts

By: Alex Passett    3/28/2023

Westcon-Comstor recently published a report that explored challenges found amongst shifting subscription and recurring revenue models for businesses.

Read More

Cybersecurity Essentials: BSA Expands Managed Security Solutions

By: Alex Passett    3/24/2023

Bridge Security Advisors (BSA) has announced an addition to its Essential Security Solution (ESS): the Managed Security Solution (MSS) offering.

Read More