Skip to content

Impacts of Ransomware Attacks on Storage & Backup Security: A CISO Point of View

One thing is clear: the “business value” of data continues to grow, making it an organization’s primary piece of intellectual property. From a cyber risk perspective, attacks on data are the most prominent threat to organizations. Regulators, cyber insurance firms, and auditors are paying much closer attention to the integrity, resilience, and recoverability of organization data – as well as the IT infrastructure & systems that store the data. What impact does this have on the security of storage & backup systems?

Just a few years ago, almost no CISO thought that storage & backups were important. However, ransomware has pushed backup and recovery back onto the IT and corporate agenda. Cybercriminals, such as Conti, Hive and REvil, are targeting storage and backup systems, to prevent recovery. Some ransomwares – Locky and Crypto, for example – now bypass production systems altogether, and directly target backups. This has forced organizations to look again at potential holes in their safety nets, by reviewing their storage, backup, and data recovery strategies.

To get insights on new storage, backup, and data protection methods, 8 CISOs were interviewed. From their responses, it is clear that CISOs are concerned about the rise of ransomware – not only of the proliferation of attacks but also of their sophistication. Without a sound storage, backup, and data recovery strategy, organizations have little chance of surviving a ransomware attack, even if they end up paying the ransom.

Meanwhile, storage & backup vendors provide excellent tools for managing availability and performance of their infrastructure, but the implementation and monitoring of security features and configurations is the responsibility of an organization’s security department. To improve cyber resiliency, organizations can consider implementing air-gapped data copies, storage snapshots & replication, immutable storage & vault, and storage security posture management.

To ensure success, organizations should define comprehensive security baselines for all components of storage and backup systems, use automation to reduce exposure to risk, apply much stricter controls and more comprehensive testing of storage and backup security, and include all aspects of storage and backup management. Additionally, organizations should refer to NIST Special Publication 800-209; Security Guidelines for Storage Infrastructure for a comprehensive set of recommendations for the secure deployment, configuration, and operation of storage & backup systems.

By understanding the implications of data growth and the importance of storage & backup security, organizations can develop effective strategies to protect their data and remain resilient against cyber threats.


Leave a Reply

Your email address will not be published. Required fields are marked *