Security Pitfalls of the "New Normal"

Top Reasons for Data Loss and Extended Outage

While cybercrime and widely publicized ransomware attacks are certainly security concerns, many organizations struggle with a host of other security-related and data-related issues that lead to data loss.

According to Veeam Software, an information technology company that develops backup, disaster recovery, and modern data protection software for virtual, physical, and multi-cloud infrastructures, the top reasons businesses reported for not being able to recover data were:

Failing to Follow the 3-2-1 Rule

This well-known rule says organizations should have three different copies of data, two different forms of media, and one off-site copy; Veeam Software modifies this rule by specifying that at least one copy must now be immutable and that backups have been tested with zero errors by the application stakeholders.

Unfortunately, bad actors know that they must target backup solutions in order to successfully attack an organization, and cyber attacks are now sophisticated enough to do so. As a result, companies without an ultra-resilient backup strategy and established recovery testing protocols are at greater risk for data loss. Top data and security providers are frequently vulnerable themselves. To achieve ultra-resilient backups companies need to apply immutable solutions to multiple copies of backups in the backup copy chain.

Losing Encryption Keys

Another cause of potential data loss is the loss of the encryption key for backups, which can be deleted if the primary infrastructure is wiped out. Security professionals must have that key physically copied and stored in a safe location.

Relaxing Permission and Privileged Accounts

An excess of privileges on an account beyond what is necessary for employees to perform their duties can lead to unnecessary breaches of additional resources. Using privileged accounts to do everyday tasks like logging into email can open up a wider attack vector for attackers to steal credentials. It’s recommended that a separate account is used fromeveryday login for tasks that require elevated privilege access.

Assuming Restoration Process Will Work

Organizations must test the restoration of backups on a regular basis; beyond storage corruption, there are many factors to check to ensure a restoration process will meet necessary requirements on the day it is needed. Ransomware recovery is not the time to find out that backups do not recover the way you or your application stakeholders need. Be sure your disaster recovery solution can spin up an isolated environment where you can regularly test and verify the recoverability of your backups with the application stakeholders.

Building Before Restoration

Building a replica site and powering off virtual machines can lead to the fastest and most efficient recovery after an incident. Since the machines are powered off they are often missed in attacks that replicate through the network. If a secondary site is not possible, consideration and planning around recovery to the cloud in case of disaster can be the next best option.

Skipping Multi-Level Authentication (MLA)

While there will always be pitfalls, even with MLA protocols in place, establishing multiple layers of protection can minimize vulnerabilities and successful attacks. Using MLAs wherever possible, coupled with a prioritized business continuity plan, will be an excellent line of defense.y your offer is so great it's worth filling out a form for.

Failing to Understand Restoration Task Order (Business Continuity)

Even before initiating backup protocols, it’s important for companies to identify what areas must be restored first. Servers have defined tiers, with Tier 0 needing continuous updating, Tier 1 following close behind, and so forth.

Determining what needs to be restored first in order for business to continue functioning is called Business Continuity. There are generally a sub set of items that need to be restored first for infrastructure to communicate followed by business critical applications. Understanding what these key applications are, making a plan for order of operations, and testing that plan will make all the difference in how long your business will be down.

Top Lines of Defense

Cybercrime is on the rise and bad actors are becoming more sophisticated every day. According to Cybercrime Magazine, global ransomware damage costs were expected to reach $20 billion last year with one ransomware attack every 11 seconds.

Today’s businesses must realize bad actors have infinite opportunities to break into a network infrastructure and only need one to be successful to cause a great deal of damage. At the same time, good actors have only one opportunity to block attacks and must be correct 100 percent of the time.

Successful phishing attacks are still common, growing in sophistication daily. Security Magazine reported that volumes of phishing emails that seek user credentials, create donor scams related to the war in Ukraine, and impersonate the IRA are particularly on the rise. Although many organizations provide extensive warnings and employee training related to phishing, it’s easy for a professional to accidentally click on a bad link, setting off ransomware damage.

Finally, coding knowledge is becoming more and more widespread with students in elementary schools becoming well-versed in these skills. As a result, inadvertent or unintentional actions can cause additional security breaches and problems today.

Organizations must assume that it’s only a matter of time before they become a target of either intentional or unintentional security violations. Taking as many precautions now as well as instituting best-of-breed protections can minimize risk.

Three-Pronged Approach to Ransomware Backup Solutions

Having a secure, restorable backup is a company’s last line of defense if ransomware is successful, a network is breached, and data is destroyed. Veeam Software experts suggest a three-part approach:

Desktop-as-a-Service: An Innately Secure Environment

Besides implementing an immutable and recoverable backup solution, companies can also use virtual desktop interface (VDI) on premises or through a desktop-as-a-service (DaaS) solution provider to reduce vulnerabilities.

Since these solutions centralize the operating system, software, applications and data, it’s easier to institute and upgrade effective protections in one location. In a more conventional IT environment with hundreds of individual desktops, these precautions must be taken on each individually connected machine.

VDI and DaaS environments are browser based. As long as MLA and authentication protocols are tightly managed, security risks are significantly reduced, and business continuity is available from anywhere and at any time.

Benefits of DaaS include: Shifting of Responsibility.

Companies that choose a DaaS partner relieve themselves of a significant number of security-related tasks. The solution provider is now responsible for ensuring cloud-based security.

Access to Expertise. Because cloud-based security within a DaaS system is a core competency for third-party providers, they are motivated to stay up-to-date on the most advanced technologies and best practices. Clients then benefit from this expertise.

Predictable Cost. Businesses no longer need to invest in infrastructure, additional IT staff, or licensing. Instead, they can plan for an affordable, predictably, monthly subscription cost.

Nearly Perfect Availability. DaaS providers prioritize providing near-constant access with uptime statistics upwards of 99.99 percent. That means more reliable business continuity for client companies whose employees can access company systems and data any time and from any place.

Refocus on Core Competencies. Companies who partner with third-party solution providers can free up precious IT resources to focus on core competencies of their own business instead of worrying about managing VDI solutions and related security issues.

Seven Reasons for a Microsoft 365 Backup

Veeam Software releases an annual data protection report, which is based on a survey that contains over 150 questions posed to a wide variety of industry executives. One question was addressed (Why data was lost in a Microsoft 365 environment)[https://www.veeam.com/wp-whybackup- office-365-data.html], and these seven reasons surfaced.

1. Accidental Deletion. Employees frequently accidentally delete files, and cannot retrieve their information.
2. Retention Policy Confusion. Systems may have gaps in terms of retention policies and actual practices, depending on specific compliance or regulatory requirements for particular pieces of data.
3. Internal Security Threats. Disgruntled employees who have access to data or systems legitimately have the power to cause a great deal of damage. Rogue administrators who have elevated access to a company’s information can cause significant data loss.  External Security Threats. These are caused by what are commonly known as cybercriminals who manage to break into a network system, launching ransomware or other damaging programs.
4. Legal or Compliance Issues. As more companies move systems and data to the cloud, compliance and regulations issues are still being hammered out. As a result, it’s important to be able to meet those evolving requirements with archival data for audits or retention policies.
5. Managing and Migrating Hybrid Deployments. As companies manage data, they must separate privileges from the primary data to the backup versions so that one individual cannot delete both sides of the data. In addition, those who are running hybrid systems,both on-premises and cloud-based data; both sides must be backed up.
6. Teams Data Structure. Since Teams is not a self-contained application but actually an abstraction layer, shared files move among many backend data entities. It’s important to have a tool that can track down the data and restore if necessary.
7. Teams Data Structure. Since Teams is not a self-contained application but actually an abstraction layer, shared files move among many backend data entities. It’s important to have a tool that can track down the data and restore if necessary.