Can Patching and Backup Protect from Ransomware?

Written by

Ransomware is a growing industry. According to Cybersecurity Ventures, it was predicted to cost companies around $5 billion in 2017. In comparison, IDC estimates the worldwide market for endpoint security software is around $10.2 billion. In total, the damage and costs caused by ransomware can be extensive.
 
A good patch management strategy should stop vulnerability problems before they start. Similarly, a strong backup strategy can prevent you having to shell out for ransomware recovery. However, even companies that have good patching and vulnerability plans in place may still be vulnerable.

While backups may save your life, they can be a risk for three reasons: the value of what the backup contains; the typical experience level of its admins; and lack of attention.
 
Backups are valuable
Did you ever think about the fact that the backup system is the most sensitive server in your environment? It’s sensitive because it has everything and it can do everything.
 
Whatever way to you choose to protect your data, this information will be stored in a central place. While some data may be stored offsite and effectively out of reach, most of your current data is immediately available via a few simple commands. That is the job it was built for.
 
However, most backup software also has the ability to run scripts before and after the backup, and those scripts run as a privileged user. Combine that with the ability to backup and restore files, and you have a scary situation. A malicious user that gains backup admin privileges can write a malicious script, back it up, restore it to the appropriate location, then execute the script using a privileged user. 
 
Backup admins are often very junior
Backup is one of those thankless tasks in IT that has to be done, and hopefully never gets used in anger. This typically means it often is delegated to more junior staff to carry out the day-to-day tasks. Yet at the same time, this job would require the password to a privileged account on the backup system and every server in the data center. 
 
Approaches like role based access control can ameliorate some of the potential problems around junior staff having too much control. However, the most sensitive system in your environment is still being handed over to the most junior person you have.
 
Backups don’t get enough attention
Any backup installation will rely on software, which has to be kept up to date. However, business continuity and disaster recovery implementations are – by their very nature – not things you want to change too often. This can make patching those systems less of a priority compared to other work. Couple this with the junior team in place, and it can lead to out of date implementations.
 
Backup products may also use embedded software tools for elements like building a web server. Without a complete overview of how that backup system works, it might contain a vulnerability that can go unpatched. 
 
How to manage backups securely
There are several approaches that can be applied to backup systems in order to make them more secure. For traditional backup servers, hardening the software, hardware and accounts used around the backup application should help prevent easy access to all that critical data.
 
Limiting the range of backup admin powers to specific roles can also help. For example, you may want to split the ability to manage backups away from the ability to restore data; alternatively, one role might run the processes involved but not configure them or the backups themselves. Restores and configuration changes could and should be done by a separate account that requires a separate login with strong two-factor authentication.
 
Alternatively, you can look at outsourcing the backup process entirely. Working with a partner that you trust – and that can prove it follows industry best practices around handling data in segregated environments – can remove some of those problems.
 
With the growth of public cloud services, this approach can cut the costs associated with running backups as well as providing better levels of insight than you can achieve on your own. This “as a service” approach can provide full insight into how data is protected, while making use of industry experts that concentrate on hardening the underlying infrastructure as much as possible.
 
Whatever approach you decide upon, this attention can help remove a big risk around an IT system that can provide complete access to company data. By looking at backup as part of a wider approach to managing data securely wherever it happens to be, you can remove one of the hidden headaches around data protection.

With ransomware in the news and companies facing more attacks on their IT, it’s vital that backup strategies fulfil their critical role in the business without creating other issues over time.

What’s hot on Infosecurity Magazine?