Slideshow Avoiding the 7 biggest threats to data backup

  • March 19 2018, 6:12am EDT
8 Images Total

Backing up data shouldn’t mean back-of-mind security<br/>

“Data is arguably one of, if not the most important, backbone to successful business operations, and if a network is compromised or impacted by some disaster, the backup is the safehouse for company data and operations,” says Rod Mathews, senior vice president and general manager of data protection for Barracuda Networks. “Unfortunately, many folks place data loss prevention and data backup maintenance on the back-burner, and open the doors to a variety of threats beyond the network, including threats that can target backup. Barracuda Networks, email and data security provider, has examined the top threats to data and its backup.”

Many organizations aren’t backing up their data properly <br/>

“According to a recent study, nearly 66 percent of Office 365 administrators use the Recycle Bin as their form of backup,” Mathews says. “This allows ‘backup’ data to be easily accessible for a malicious actor surfing the local desktop. The Recycle Bin is not equipped with the same security features as a backup system, therefore, very insecure.”

Content Continues Below

81 percent of administrators don’t test their backups regularly

“Similar to using a Recycle Bin as data backup, this threat is user based,” Mathews says. “As the safehouse for real-time company data and processes, backup should be online and ready for access in the event of a breach or natural disaster. If backups aren’t being tested, organizations may not be able to fully count on the technology in the wake of a catastrophe.”

Ransomware will not only target you, it will target your backup<br/>

“Given the heightened efforts to better the backup maintenance processes, nefarious actors are kicking their tactics up a notch, targeting backup processes and tools, such as shadow copies (Microsoft OS) or the Time Machine (Mac OS),” Mathews explains. “Even if a victim pays up, the attacker might not decrypt the backup data, or have destroyed the backup in the process.”

Maintaining a backup system in the same network operating environment may be easy, but it isn’t smart<br/>

“If backups are run on the same general-purpose server as the entire network operating environment, defenses can be bolstered and hardened to ensure complete security of your backup - so avoid it,” Mathews stresses. “The same practice applies to on-prem backup options - while this is still the go-to for many organizations, on-premises can be inaccessible in the event of a natural or malicious disaster.”

Content Continues Below

Malware might be lurking on your employees’ frequently visited sites, waiting to strike

“This tactic, known as ‘watering holes,’ features attackers compromising websites in the hopes of distributing malware to a target demographic,” Mathews explains. “For example, a local cafe website may be compromised, with the attackers embedding threats in the downloadable menu, or email alerts regarding a takeout order. Beyond implementation of the proper WAF and email security tools, it’s imperative to conduct training and nurture employee awareness of phishing threats, particularly on frequently visited sites.”

An advanced persistent threat is the long &#39;con&#39; that can pay off, big-time<br/>

“There are too many types of malware to count, so let's focus on the advanced persistent threats (APTs),” Mathews says. “When successful, these attacks allow a criminal to spy on a company for a long period of time. With some research, the attacker can find the data that is most critical to operations. Once an attacker has made that determination, they can copy the data and destroy the original copies on the network. It’s important to track, update and clean your backup.”

Not everyone can implement the same security measures from the office, onto their home networks<br/>

“The modern workforce has embraced the ability to work anywhere, from any device, at anytime,” Mathews notes. “While this is convenient, those mobile devices and external networks are not always secured to the same corporate degree as the office. Mobile devices and wearables are everywhere in the network, and employees continue to resist any effort to apply corporate security to their personal devices. This makes any devices connected to a corporate network an opportune target for an attacker.”