09 Nov 2020
Isn’t it strange how software corporations sell us X, but what we think they’ve sold us is gold-plated X with knobs on?
With Microsoft’s OneDrive, for example, as explored in a previous post, what businesses often think they’re getting is backup for their precious data. But what they’re really getting is cloud storage that may see their deleted files gone forever after no more than a few days, just as they encounter an issue that requires them to get those files back. And with no backup anywhere in sight!
As if this weren’t worrisome enough, what businesses also often think they’re getting with OneDrive – but aren’t – is magical, cloud-conferred immunity to ransomware. In fact, OneDrive is vulnerable to ransomware in several ways, just as files stored on a local PC or server are. This can potentially leave your data locked and inaccessible with – again – no backup source for you to retrieve and restore it from.
So, if you get data backup, does this dual nightmare go away? No, because the wrong choice of backup can itself be vulnerable to ransomware too!
Here’s what you need to know…
A successful ransomware attack – whether on OneDrive or your backup service - can result in huge costs for your business.
And if you think only large corporations are targeted, think again. According to this article in cybersecurity publication CSO Online, 48% of all UK organisations were hit by ransomware in the last year.
In fact, there are around 65,000 attempts to hack SMEs in the UK every day - around 4,500 of which are successful.
Ultimately, this rampant ransomware can damage a business’s operational capability to the point where it cannot recover - and it simply goes under.
So, what part does OneDrive potentially play in the ransomware attackers’ game plan?
There are at least three ways in which ransomware can infect OneDrive.
Again, data backup theoretically renders these attacks toothless, because you can simply access your data from the backup source, and restore it back into your systems.
But when the backup service itself is infected by ransomware, that whole strategy falls apart. So what do you need to look for to guarantee a ransomware-resilient backup service?
When it comes to cloud backup solutions, the three bulwarks against ransomware are configuration, immutability, and point-in-time restore.
Configuration relates to the backup service’s own security and access rules setup – making sure all the doors and windows are properly secured, if you will. Attackers exploit misconfigurations to gain access privileges, permanently delete the backups, and then launch their ransomware attack.
Effective configuration controls will help ensure your business isn’t robbed of its backup data exactly when it needs it most!
Some backups can be tricked by ransomware into accepting encryption as a legitimate modification of data.
Pretty soon, this leaves you with locked-up data in your business and locked-up data in your backup.
Check that your backup service offers ‘immutable storage’, as this prevents backed-up data being deleted or altered in any way throughout its retention lifetime - and stops ransomware in its tracks.
This is about being able to retrieve backed-up data from a precise point in time before a ransomware (or other) incident occurred.
It also enables the backup system to revert to the latest unaffected files should a misconfiguration (see above) permit a ransomware attack within the backup system itself.
Look out for the three features above, and you’ll be doing the best you possibly can to protect your backup data from the same evil that’s just locked your OneDrive files!
But on that point, there are anti-ransomware measures you can put in place within and around OneDrive too.
But ask yourself this: if all that failed or proved unworkable, would your backup – and your business - withstand an attack?