Ransomware Backup Strategy: How to Protect Your Business From Unpredicted Attacks

Ransomware is a constantly evolving threat to businesses. Cybercriminals are always looking for new ways to breach your defenses and seize control of your valuable data and systems until they're paid. 

The ever-changing nature of this risk means your security procedures need to be equally agile and multifaceted. Among the most important elements to include in a strong plan of defense is a backup plan, which could provide a vital lifeline should you come under attack. 

Reasons to have a ransomware backup strategy 

The most compelling reason to have a ransomware backup strategy is to give yourself the best possible chance of being able to restore data when you become the victim of an attack. 

Paying the ransom fraudsters are asking for can be a dangerous course of action, for two main reasons: 

• There's no guarantee you'll regain full access to your data and systems once you've paid 
• Agreeing to criminals' demands could make you an easy target for future attacks 

If you have access to clean, reliable and regularly updated backups, you can restore essential data in the event of a ransomware breach and keep your business running without having to hand over money to the attackers. 

It's never been more important to use backups and other measures that mitigate the dangers of ransomware. The 2022 Data Breach Investigations Report from Verizon revealed a 13% increase in ransomware incidents - more than in the last five years combined. 

Research from IBM showed similarly concerning trends, with the proportion of breaches caused by ransomware increasing by 41% in the last year. The average cost of this type of attack is now more than $4.5 million. 

Who is a target for ransomware? 

Any business that relies on computer systems, digital data and access to the internet should consider itself a target for ransomware. Assuming that you will be the victim of an attack at some point is a safer and more sensible strategy than hoping you won't be. 

However, there are certain risk factors that could increase your risk of a breach, including the industry you operate in. 

Data gathered by Trellix, based on attacks recorded between July and September 2021, showed that more than half of ransomware incidents occurred in one of three industries: banking, utilities and retail. 

While businesses in these sectors need to be particularly vigilant, the researchers stressed that all companies should consider themselves vulnerable to attack, whatever industry they're in. 

"Despite the financial, utilities and retail sectors accounting for nearly 60% of all ransomware detections, no business or industry is safe from attack, and these findings should act as a reminder of this." - Fabien Rech, vice-president EMEA, Trellix 

Other organizations and business departments that can be particularly appealing prospects to cybercriminals include: 

• Academic institutions with small IT and security teams, limited budgets and high rates of community file-sharing  
• Healthcare bodies using outdated computing hardware and software 
• HR departments with access to sensitive personnel data and financial records 
• Government agencies that would face intense public and political scrutiny should they suffer a breach 

4 ransomware backup strategies 

1. Make regular backups 

There's little value in having backups that aren't secure and therefore have their own vulnerabilities to targeted ransomware attacks.  

One of the ways to keep your data safe and fit for purpose is by maintaining a consistent backup frequency, which helps to ensure you're not relying on the same backups for too long. You could also consider creating separate, dedicated backups for your most critical systems. 

2. Create air gaps 

A crucial advantage for businesses in the ongoing battle against cybercriminals is the ever-growing range of tactics available to keep your data safe. 

One effective method is creating air gaps, which means you store backups in a location that’s fully isolated from other computers, networks and systems you rely on to run your business. 

In the past, the most common way to do this would have been to back up data to physical media such as optical disks and portable hard drives. Now, however, it's more common for businesses to use cloud storage that can't be accessed through standard networking protocols, creating a secure location that hackers can't access. 

3. Stick to the 3-2-1 rule 

The 3-2-1 rule states that you should always have: 

• Three copies of your data 
• Two different media types used for backups 
• One backup stored off-site 

This provides multiple layers of protection, helping to ensure that if one data copy, media type or location is compromised, there's always somewhere else you can turn to regain access. 

Sticking to the 3-2-1 rule could require you to use a combination of storage types, such as cloud, disk, tape and NAS. 

4. Maintain clear backup policies 

All of the best practices outlined above - as well as other methods you have found useful in your efforts to back up data securely - should be clearly recorded in your policies. 

Make this information easily available to key members of your IT team, as well as anyone else who might need it to ensure the organization as a whole is maintaining the best possible ransomware protection strategy. 

How to choose a ransomware backup protection provider 

If you're looking to raise your game when it comes to detecting ransomware attacks, shielding your business against them and backing up data to mitigate risk, it's important to choose the right protection provider for your needs. 

Firstly, you should be clear about exactly what you want from any security partner you decide to work with. These expectations will be dictated by factors such as the size of your business, the industry you operate in and the risks you have to contend with.  

Large enterprises in sectors that face a unique set of security challenges - such as the aforementioned financial services, utilities and retail - will need to look for specialist providers with the skills and resources to meet their requirements. 

When assessing potential suppliers, be sure to ask for evidence of the work they've done and results they've delivered for businesses similar to yours in the past. 

It's also crucial to find out what services and solutions are available to help you maintain backup protection best practices, such as data encryption, air gapping, regular testing and immutable storage. 

Once you feel confident about a prospective partner's essential provisions, take some time to examine extra features and benefits that distinguish certain suppliers from their competitors. 

This combination of fundamental backup protection practices and additional 'nice-to-haves' - which must be relevant to your business - could be key to finding the right provider for you.