TelecomTV TelecomTV
  • News
  • Videos
  • Channels
  • Events
  • Network Partners
  • Industry Insights
  • Directory
  • Newsletters
  • Digital Platforms and Services
  • Open RAN
  • Cloud Native Telco
  • Telcos and Public Cloud
  • The Green Network
  • Private Networks
  • Open Telco Infra
  • 5G Evolution
  • Access Evolution
  • Edgenomics
  • Network Automation
  • 6G Research and Innovation
  • Security
  • More Topics
  • Network Partners
  • Industry Insights
  • Directory
  • Newsletters
  • |
  • About
  • Contact
  • |
  • Connect with us
  • Digital Platforms and Services
  • Open RAN
  • Cloud Native Telco
  • Telcos and Public Cloud
  • The Green Network
  • Private Networks
  • Open Telco Infra
  • 5G Evolution
  • Access Evolution
  • Edgenomics
  • Network Automation
  • 6G Research & Innovation
  • Security
  • Connect with TelecomTV
  • About
  • Privacy
  • Help
  • Contact
  • Sign In Register Subscribe
    • Subscribe
    • Sign In
    • Register
  • Search

Security

Security

Are immutable backups the last line of defence against ransomware attacks?

Martyn Warwick
By Martyn Warwick

Oct 29, 2021

  • These is no universal nostrum to prevent a ransomware attack…
  • … they may avoid be impossible to avoid but the impact can be mitigated
  • 'Sleeper Attacks' are a big worry and hard to detect
  • Immutable backups currently provide the best protection, but they are still vulnerable. It’s a work in progress 

All businesses and organisations cross their fingers and hope that they won’t be subject to a ransomware attack - many of them will be, though, and having been hit once doesn’t mean they are immune from further attacks thereafter. To protect networks, systems, equipment and data from an incursion in the first place is the ideal strategy but, as we know with the huge increase in successful attacks this year, cyber-criminals seem to worm their way through even the most sophisticated defences. Should (or perhaps when) that happens, many vendors of security products can provide a check list or a set of golden rules to minimise the effects of the incursion and help ensure that something similar won’t happen again. The hard reality is that whilst it isn’t always possible to avoid a cyberattack, it is possible to mitigate its impact.

In general, the advice is not to pay the ransom on the grounds that stumping-up extortion money is no guarantee that files will be decrypted and released. The second maxim is, report the attack – but many victims don’t. Thirdly, restore files from a recent backup. Then comes the advice to use reputable antivirus software and a state-of-the art firewall. It is also vital to use a trustworthy VPN when accessing public Wi-Fi. All this is good common sense, but it’s predicated on the notion of bolting the stable door when the horse has been stolen, ridden away to the knacker’s yard and rendered into dog meat and glue.

As ransomware attacks have proliferated this year, one of the “best practices” advised for data recovery is the 3,2,1 system whereby an organisation maintains three copies of its data in two entirely separate locations. At least one of the copies must be stored on a different medium to the others, such as in a highly-secure cloud, in object storage where distinct units (objects) are kept in a single storehouse and are not placed in files inside other folders. Object storage combines the pieces of data that make up a file, adds all its relevant metadata to that file, and attaches a custom identifier. Of course, backup data can also be downloaded to good old-fashioned disks or tapes.

Recently, though, there has been considerable publicity about so-called “immutable backups,” which are being billed as the last line of defence against ransomware attacks. The theory is that they can guarantee that data cannot be changed, overwritten or deleted, thus stymieing attempts to insert malware. Immutable backups are based on “write once, read many” (WORM) systems and disciplines that ensure no-one, including big cheeses such as data managers, storage administrators and CIOs, can either overwrite or delete a copy of the data. What’s more, they can’t be accessed externally. Immutable data makes it possible to rollback, restore, and provision data from any point in time or any transaction.

It sounds great, but even immutable backups need to be protected by other data strategies, not least because cyber-criminals are increasingly targeting backup systems via “sleeper attacks” where malware infiltrates a system and then lies doggo until later (sometimes very much later), when it is instructed to begin encryption. Sleeper attacks are particularly difficult to discern and identify, which is why increased emphasis is being placed on detection and prevention strategies. 

Recovery planning after a ransomware attack must address two vital aspects: The recovery time objective (RTO), the maximum amount of time that an organisation can afford to be offline with no access to data and systems; and the recover point objective (RPO), which is the maximum amount of data an organisation can lose and yet remain viable. An average RTO can take days and can cost a lot. The research house Gartner says the average cost of being brought down by a ransomware attack is US$5,600 a minute, or at least $336,000 an hour. Such figures quickly become astronomical, which is why enterprises often pay the ransom demanded and hope for the best.

Given the magnitude of the problem, some organisations actually complain about the potential cost of maintaining an immutable data regime. When data can’t be deleted it must be kept and that can increase the price of storage, but especially now that cloud storage prices are reducing it can surely be no more than a marginal cost increase when compared to the price of the disruption and destruction of an incursion and the payment of extortion money. It is not sensible to penny-pinch under such circumstances.

As things stand, immutable backups combined with other data strategies are the best defence against ransomware, but they are not perfect and breaches will continue to happen even to the best protected.

Related Topics
  • Analysis & Opinion,
  • Enterprise,
  • News,
  • Security,
  • Telecoms Vendors & OEMs

More Like This

Security

T-Systems to offer quantum computing expertise and access to IBM Quantum computational resources

Mar 23, 2023

Digital Platforms and Services

DT, IBM, R&D group fuel Europe’s quantum computing sector

Mar 23, 2023

Open Telco Infra

What’s up with… SoftBank, Nvidia, AT&T, Broadcom, VMware

Mar 22, 2023

Access Evolution

What’s up with… VMO2, CityFibre, Openreach, AT&T, Nokia

Mar 20, 2023

Digital Platforms and Services

Cisco and Telenor Group sign agreement to explore new as-a-service business models and enable a more inclusive internet

Mar 17, 2023

Email Newsletters

Stay up to date with the latest industry developments: sign up to receive TelecomTV's top news and videos plus exclusive subscriber-only content direct to your inbox – including our daily news briefing and weekly wrap.

Subscribe

Top Picks

Highlights of our content from across TelecomTV today

10:43

MWC23 interview: Mari-Noëlle Jégo-Laveissière, deputy CEO of Orange

12:45

MWC23 interview: Abdu Mudesir, Group CTO, Deutsche Telekom

9:26

MWC23 interview: Greg McCall, Chief Networks Officer, BT

TelecomTV
Company
  • About Us
  • Media Kit
  • Contact Us
Our Brands
  • DSP Leaders World Forum
  • Great Telco Debate
  • TelecomTV Events
Get In Touch
[email protected]
+44 (0) 207 448 1070
Connect With Us

  • Privacy
  • Cookies
  • Terms of Use
  • Legal Notices
  • Help

TelecomTV is produced by the team at Decisive Media.

© Decisive Media Limited 2023. All rights reserved. All brands and products are the trademarks of their respective holder(s).