Common Threats to Backed-Up Data and How to Mitigate Them
Savvy businesses back up their data with the aim of ensuring that, if they lose data on their system, they have a version that they can turn to and employ to keep their business operating. It’s a great strategy – like a motor racing team that keeps a full quota of spare parts in case they need to replace a part mid-race.
But what if that spare part itself was no good? What if it couldn’t be used as a replacement?
The impact of data loss on a business can be far more devastating than the impact of a cracked carburetor on a racing team.
What if your computer crashes? What if you accidentally delete a file? What if there’s a fire in your office? Whatever the cause, without a backup, you could lose all your data.
Data loss can destroy your company. And backups are not impervious to data security threats.
What are some security issues related to backups?
Read on to learn how unprotected backups could leave your business vulnerable.
Common threats to backups
The lifecycle of a backup has three stages:
Data collection, in which you identify what needs to be backed up and copy it to the backup location.
Data storage, in which you store the backed-up data in a suitable backup location and make sure it’s safe from any potential damage, loss, or destruction.
Data retrieval, which involves accessing or retrieving the backed-up data when it is needed for use in disaster recovery or other situations where access to the original data is no longer possible because of data loss.
If you don’t protect your data during the backup lifecycle, it is at risk. But what are those risks?
Here are the seven most common threats to your backed-up data:
Malware (Ransomware, viruses, etc.)
Malware is a type of software that is designed to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Malware can be classified into three major categories: viruses, worms, and Trojan horses.
Hacking (Stolen credentials, backdoors)
One of the biggest threats to your backed-up data is hacking. It can happen through stolen credentials or backdoors in your system.
Social (Phishing, pretexting)
Phishing is a form of social engineering that attempts to collect sensitive data from unsuspecting users, often by sending an email that appears to be from their legitimate source. The goal is to convince the victim to disclose information such as usernames, passwords, and credit card numbers.
Pretexting is the act of creating or assuming a false identity to gain access to restricted areas or obtain confidential information. This can be done through various methods including posing as someone in need of help, making false pretenses about who they are and why they’re calling, or impersonating law enforcement officials.
Misuse (Privilege abuse)
Another common threat to your backed-up data is misused. This can happen in a variety of ways, but the most common is privilege abuse. A user might be given access to an account that they do not need, and then they might use this account to delete or modify the backed-up data. This could be done maliciously or in error.
Physical (Theft, tampering)
This can happen when someone steals the storage device containing your backup files, or accesses the storage system and tampers with the storage device or the data contained within it.
Error (Misconfiguration, misdelivery, loss)
In this instance, we’re mostly considering human error (a wrong key is hit, or backed-up data is configured poorly or sent to the wrong location). We’ve all closed a file without saving it properly. It’s infuriating, isn’t it? Now think about just how bad this would be if it’s your entire database backup that you lose.
Environmental (Power failures, atmospheric conditions)
A threat to backed-up data that is often overlooked is the environment. Power failures, atmospheric conditions, and other natural disasters can lead to an interruption in your company’s backup data storage.
Simple strategies to protect your business against the three main threats to backup data
When devising a backup strategy, a good rule of thumb is to focus on protecting your backups against the threats that are most likely to put your business at risk. According to Verizon‘s 2022 Data Breach Investigations Report, hacking (45%), error (22%), and malware (17%) are the threats that occur most commonly in backup data loss incidents. By mitigating against these, your business could cover up to 84% of its backup risks.
A hacker will attack any weakness in your systems and networks. They will search for gaps to exploit in your backup software, backup files, and the systems on which backup data is stored:
When employing backup software, the software needs access to your files, databases, and networks. If this software is compromised ─ for example, by a hacker stealing the administrator’s credentials or by using vulnerabilities in connections ─ your backup data is exposed, and so is the rest of your system.
Hackers will target backup files because they are easy to locate (they have the extension .bak).
Passwords are prime targets for hackers, and this makes your remote systems vulnerable ─ especially as remote access tends to be less protected. Even a remote monitoring and management (RMM) system could be vulnerable to attack if not properly protected.
One of the best ways to protect your backed-up data is to encrypt it. If you don’t use backup encryption, a hacker will be able to use the data it accesses.
Best practices to mitigate hacking threats
How do you protect against hackers? There is no single tactic that does the job, but the best practices you should employ include:
Using multi-factor authentication (MFA) to access your backup data software.
Making sure that any backup appliance you use cannot be directly connected via a simple LAN connection.
Using SSH authentication instead of using passwords for remote access systems.
If using standalone products in backup administration (for example, an RMM), ensure that it also has MFA.
Always storing backups in a safe location. Remember the 3-2-1 approach: make three copies of your data, store each in two distinct types of storage solution, and store at least one copy remotely.
To err is human. To err when backing up data could spell disaster:
Accidental deletion of backup files may not be malicious, but it has the same effect as a hacker deliberately deleting your .bak files.
Another common error is accidental decommissioning or removal of backup storage. This is most common in businesses in which multiple sysadmins are not aware of what their colleagues are doing.
It’s common for servers and applications to be added or removed from a networked system. If the backup software or entries are mistakenly deleted during this process, the servers or applications will no longer be backed up.
You always backup your data if making any changes to your system, don’t you? But what about when you are upgrading your backup system? Poor processes risk making your backup data unreadable or deleting it completely.
Best practices to mitigate threats from errors
So, how do you protect against such errors? Here are our tips:
Maintain multiple copies of backups, with multiple point-in-time recovery points.
Limit who can access and delete your backup files ─ the fewer people who have this level of access, the lower your risk.
Always keep a separate copy of your latest backup to a cloud-based server or another server in your organization.
Back up your backups! Especially the catalogs or indexes that your backup software uses.
Malware and ransomware
Malware and ransomware, typically installed when a user clicks on a link or downloads a file from a phishing email, are among the biggest threats to your backups. They spread silently through an infiltrated system, and can quickly access your backup files and applications.
Best practices to mitigate threats from malware and ransomware
Here is what you can do to protect your backup files against this threat:
Scan, scan, and scan! Ensure that your system is proactively scanning for malware and ransomware and that your scanning software is continually updated for the latest malware and ransomware threats.
Keep your backups in a secure, remote location. Maintaining your latest backup in a secure location away from your local systems and backups will help to ensure that if your system is compromised you will have an uncompromised backup available to restore your systems quickly.
Once again ─ don’t skimp on the number of backups you maintain. The more the better!
The bottom line – protect your backups!
Losing your corporate data is a nightmare. But it happens to businesses every day ─ either because they didn’t back up their data or because something happened to their hardware and the data was lost in the process.
It’s crucial that you protect your backups from the most common threats to them.
At Millennium Tech, we specialize in helping small and medium enterprises secure their data against data loss to ensure that they recover quickly, protect their reputation, and continue to operate fully as soon as possible after any data loss incident.
Contact us today to ensure your company is fully protected.