It’s no surprise that security issues are top priorities for today’s businesses in just about every industry. One glance at business media will likely lead to news of the latest cyber attack. Regardless of how long you have been in the security game, there is always something new coming out and new to learn. This article focuses on many of the securityrelated issues we IT professionals deal with on a daily basis and the latest strategies to overcome these issues.

Top Reasons for Data Loss and Extended Outage

While cybercrime and widely publicized ransomware attacks are certainly security concerns, many organizations struggle with a host of other security-related and data-related issues that lead to data loss.

According to Veeam Software, an information technology company that develops backup, disaster recovery, and modern data protection software for virtual, physical, and multi-cloud infrastructures, the top reasons businesses reported for not being able to recover data were:

Failing to Follow the 3-2-1 Rule

This well-known rule says organizations should have three different copies of data, two different forms of media, and one off-site copy; Veeam Software modifies this rule by specifying that at least one copy must now be immutable and that backups have been tested with zero errors by the application stakeholders.

Unfortunately, bad actors know that they must target backup solutions in order to successfully attack an organization, and cyber attacks are now sophisticated enough to do so. As a result, companies without an ultra-resilient backup strategy and established recovery testing protocols are at greater risk for data loss. Top data and security providers are frequently vulnerable themselves. To achieve ultra-resilient backups companies need to apply immutable solutions to multiple copies of backups in the backup copy chain.

According to the Allianz Risk Barometer, “cyber perils are the biggest concern for companies globally in 2022.” In fact, cyber incidents topped this survey for only the second time in its history with 44 percent of respondents selecting this concern.

321_veeam_graphic

How Do I Know That A Virtual Desktop Will Be Secure?

Losing Encryption Keys

Another cause of potential data loss is the loss of the encryption key for backups, which can be deleted if the primary infrastructure is wiped out. Security professionals must have that key physically copied and stored in a safe location.

Relaxing Permission and Privileged Accounts

An excess of privileges on an account beyond what is necessary for employees to perform their duties can lead to unnecessary breaches of additional resources. Using privileged accounts to do everyday tasks like logging into email can open up a wider attack vector for attackers to steal credentials. It’s recommended that a separate account is used fromeveryday login for tasks that require elevated privilege access.

Assuming Restoration Process Will Work

Organizations must test the restoration of backups on a regular basis; beyond storage corruption, there are many factors to check to ensure a restoration process will meet necessary requirements on the day it is needed. Ransomware recovery is not the time to find out that backups do not recover the way you or your application stakeholders need. Be sure your disaster recovery solution can spin up an isolated environment where you can regularly test and verify the recoverability of your backups with the application stakeholders.

Building Before Restoration

Building a replica site and powering off virtual machines can lead to the fastest and most efficient recovery after an incident. Since the machines are powered off they are often missed in attacks that replicate through the network. If a secondary site is not possible, consideration and planning around recovery to the cloud in case of disaster can be the next best option.

Skipping Multi-Level Authentication (MLA)

While there will always be pitfalls, even with MLA protocols in place, establishing multiple layers of protection can minimize vulnerabilities and successful attacks. Using MLAs wherever possible, coupled with a prioritized business continuity plan, will be an excellent line of defense.y your offer is so great it's worth filling out a form for.

Failing to Understand Restoration Task Order (Business Continuity)

Even before initiating backup protocols, it’s important for companies to identify what areas must be restored first. Servers have defined tiers, with Tier 0 needing continuous updating, Tier 1 following close behind, and so forth.

Determining what needs to be restored first in order for business to continue functioning is called Business Continuity. There are generally a sub set of items that need to be restored first for infrastructure to communicate followed by business critical applications. Understanding what these key applications are, making a plan for order of operations, and testing that plan will make all the difference in how long your business will be down.

Limitations of Cyber Insurance

While many cyber insurance companies have popped up in recent years to offer some level of protection, the high potential cost of cyber losses requires that these policies are extremely specific in what they cover.

For example, policyholders must often ensure that they have done everything possible including having backup solutions to protect themselves in order to successfully collect on a claim. Usually, if ransoms must be paid to obtain an encryption key, these insurance companies require that the victim organization pay the ransom first and then file the claim. Unfortunately, this results in, at minimum, a cash flow issue, and at maximum, paying a ransom that is deemed unclaimable later.

According to Cybercrime Magazine, global ransomware damage costs were expected to reach $20 billion last year with one ransomware attack every 11 seconds.

Top Lines of Defense

Cybercrime is on the rise and bad actors are becoming more sophisticated every day. According to Cybercrime Magazine, global ransomware damage costs were expected to reach $20 billion last year with one ransomware attack every 11 seconds.

Today’s businesses must realize bad actors have infinite opportunities to break into a network infrastructure and only need one to be successful to cause a great deal of damage. At the same time, good actors have only one opportunity to block attacks and must be correct 100 percent of the time.

Successful phishing attacks are still common, growing in sophistication daily. Security Magazine reported that volumes of phishing emails that seek user credentials, create donor scams related to the war in Ukraine, and impersonate the IRA are particularly on the rise. Although many organizations provide extensive warnings and employee training related to phishing, it’s easy for a professional to accidentally click on a bad link, setting off ransomware damage.

Finally, coding knowledge is becoming more and more widespread with students in elementary schools becoming well-versed in these skills. As a result, inadvertent or unintentional actions can cause additional security breaches and problems today.

Organizations must assume that it’s only a matter of time before they become a target of either intentional or unintentional security violations. Taking as many precautions now as well as instituting best-of-breed protections can minimize risk.

Three-Pronged Approach to Ransomware Backup Solutions

Having a secure, restorable backup is a company’s last line of defense if ransomware is successful, a network is breached, and data is destroyed. Veeam Software experts suggest a three-part approach:

#1 Protect with immutable backups.

While many companies do adhere to the 3-2-1 rule, offsite backups generally still have a network connection. Bad actors who successfully break into a network are likely to be able to alter data, and ransomware often procreates through the network itself. It can be helpful to have a solution that offers multiple layers of backups in an ultra-resilient configuration, meaning multiple layers of immutability. The solution should also offer retention policies to help meet compliance at an archival level so that the system is as affordable as possible. The administrative route should be removed to ensure that offsite backups cannot be altered.

#2 Detect, monitor, and alert with visibility.

Constant monitoring and early detection ensures that organizations receive alerts in time to take action. Finding a monitoring solution that can detect signs of ransomware or other cyber attacks like high CPU usage, changes on virtual machines, and high network traffic allows flagging problems before an entire network is compromised. Without such capabilities, recovery time can be significantly lengthened and greater reputation lost to the company.

#3 Test and verify for reliable, rapid recovery.

Finally, it’s critical that recoverability is tested. Not only is it important for backups to be able to be successfully and rapidly restored, but tested by the proper stakeholders. Without verification in testing from application owners critical application functionality could be missing without notice, causing delays in restoration and possible data-loss. . If applications are not functioning to business level after a disaster then business continuity has not been met, meaning productivity and reputation will be negatively affected.




Desktop-as-a-Service: An Innately Secure Environment

Besides implementing an immutable and recoverable backup solution, companies can also use virtual desktop interface (VDI) on premises or through a desktop-as-a-service (DaaS) solution provider to reduce vulnerabilities.

Since these solutions centralize the operating system, software, applications and data, it’s easier to institute and upgrade effective protections in one location. In a more conventional IT environment with hundreds of individual desktops, these precautions must be taken on each individually connected machine.

VDI and DaaS environments are browser based. As long as MLA and authentication protocols are tightly managed, security risks are significantly reduced, and business continuity is available from anywhere and at any time.

Benefits of DaaS include: Shifting of Responsibility.

Companies that choose a DaaS partner relieve themselves of a significant number of security-related tasks. The solution provider is now responsible for ensuring cloud-based security.

Access to Expertise. Because cloud-based security within a DaaS system is a core competency for third-party providers, they are motivated to stay up-to-date on the most advanced technologies and best practices. Clients then benefit from this expertise.

Predictable Cost. Businesses no longer need to invest in infrastructure, additional IT staff, or licensing. Instead, they can plan for an affordable, predictably, monthly subscription cost.

Nearly Perfect Availability. DaaS providers prioritize providing near-constant access with uptime statistics upwards of 99.99 percent. That means more reliable business continuity for client companies whose employees can access company systems and data any time and from any place.

Refocus on Core Competencies. Companies who partner with third-party solution providers can free up precious IT resources to focus on core competencies of their own business instead of worrying about managing VDI solutions and related security issues.

Seven Reasons for a Microsoft 365 Backup

Veeam Software releases an annual data protection report, which is based on a survey that contains over 150 questions posed to a wide variety of industry executives. One question was addressed (Why data was lost in a Microsoft 365 environment)[https://www.veeam.com/wp-whybackup- office-365-data.html], and these seven reasons surfaced.

  1. Accidental Deletion. Employees frequently accidentally delete files, and cannot retrieve their information.
  2. Retention Policy Confusion. Systems may have gaps in terms of retention policies and actual practices, depending on specific compliance or regulatory requirements for particular pieces of data.
  3. Internal Security Threats. Disgruntled employees who have access to data or systems legitimately have the power to cause a great deal of damage. Rogue administrators who have elevated access to a company’s information can cause significant data loss.  External Security Threats. These are caused by what are commonly known as cybercriminals who manage to break into a network system, launching ransomware or other damaging programs.
  4. Legal or Compliance Issues. As more companies move systems and data to the cloud, compliance and regulations issues are still being hammered out. As a result, it’s important to be able to meet those evolving requirements with archival data for audits or retention policies.
  5. Managing and Migrating Hybrid Deployments. As companies manage data, they must separate privileges from the primary data to the backup versions so that one individual cannot delete both sides of the data. In addition, those who are running hybrid systems,both on-premises and cloud-based data; both sides must be backed up.
  6. Teams Data Structure. Since Teams is not a self-contained application but actually an abstraction layer, shared files move among many backend data entities. It’s important to have a tool that can track down the data and restore if necessary.
  7. Teams Data Structure. Since Teams is not a self-contained application but actually an abstraction layer, shared files move among many backend data entities. It’s important to have a tool that can track down the data and restore if necessary.

Conclusion

As security continues to be a hot topic and threat actors continue to develop sophisticated attacks, we, as IT professionals, need to prepare and create just as sophisticated counter attacks. This is not a job that can be taken on by just one person or team but addressed as a company at all levels. Proper application owners and stakeholders need to be brought on for disaster recovery testing. Business continuity plans need to be built around business goals and management needs to be informed of the realistic expectations given current resources. There is no magic bullet when it comes to defense in security but taking a close look at everything covered in this white paper is a great start to securing a business.

Simplify and future-proof your technology footprint with Evolve IP

Microsoft_logo partner_cisco_logo_120 VMware_by_Broadcom_Gray-Black_logo partner_citrix_logo_sized partner_zerto_logo_120 veeam-logo dubber-logo

It's nearly impossible to stay on top of every change in technology. Partner with Evolve IP and gain the combined experience of hundreds of technologists, all acting as an extension of your IT team. Helping you do more with less.

Featured By
 Frost and Sullivan Logo Gartner Logo Inc 5000 Logo Fox Business Logo
Certified By
Hitrust Logo AICPA Logo