Going offline to beat cyber-crime

Carlos Sandoval Castro at IBM explains why offline storage is crucial in the fight against ransomware

 

The use of ransomware to hold organisation’s data hostage and demand payments for its restoration isn’t new. But over the years the techniques and attack approaches utilised by cyber-criminals have become increasingly sophisticated. Now criminals are turning to technologies like artificial intelligence (AI) to increase the effectiveness of their attacks and enhance the social engineering tactics used to target victims.

 

According to the latest State of Ransomware report from Sophos, 59% of organisations experienced an attack in the last year. Of these, 63% received a ransom demand for $1 million USD or more. With the UK’s National Cyber Security Centre (NCSC) predicting the global ransomware threat is set to rise over the next two years thanks to AI, organisations should prepare for the fact that cyber-attacks are going to increase in both volume and impact.

 

To mitigate this threat, organisations will need to take a multi-faceted approach to ransomware defence; one that includes implementing storage and backup strategies designed to withstand criminal attempts to disrupt or destroy their critical data.

 

The new and improved 3-2-1-1-0 rule

Taking steps to plan, prevent, and protect data against a cyber-attack is essential and most organisations are familiar with the 3-2-1 data backup best practice. The 3-2-1 rule states that in order to maximise protection, organisations should hold three copies of their data on two different types of media – with one copy being held offsite.

 

As a result of spikes in ransomware over time, organisations learned the hard lesson that it is even better to have a fourth copy of data that is immutable. In recent years, this 3-2-1-1 rule has been updated to reflect the realities of today’s cloud-powered and hyper-connected enterprises.

 

The new and improved 3-2-1-1-0 rule stipulates that organisations should now hold at least three copies of data in addition to the original data. Once again, two different backup media types should be used; these could include disk, tape, cloud storage, or solid-state drives (SSDs). The important thing here is that at least one copy needs to be held offsite – and one copy will need to be kept offline.

 

Finally, and crucially, organisations must ensure their original backup contains zero errors – something that is vital for ensuring that the original standard copy restores properly.

 

Offline storage: the key piece of the puzzle

Protecting company data from sabotage and cyber-attacks is a critical task for storage managers who need to ensure that data is inaccessible to attack and destruction.

 

Even AI-powered storage designed to accommodate the specific unstructured data storage needs of AI applications will be vulnerable to the evolving methods cyber-attackers use to penetrate an organisation’s defences. For this reason, offline storage is a must-have for guaranteeing a physical separation from the organisation’s live environment.

 

Because offline storage isn’t physically connected to an organisation’s network, it’s isolated from the infiltration impact of cyber-attacks. Consequently, essential data remains inaccessible to cybercriminals. Known as ‘air gapping’, it’s a strategy that enables organisations to keep their important information safe.

 

When it comes to offline storage, there are a variety of options available to organisations. Tape technologies are a highly effective form of offline storage that’s ideal for air gap security strategies. Backup data is stored on tape cartridges that are stored either in a tape library or an offsite vaulting service, with a physical air gap between the tape and the network. Even simple tech as a USB stick is offline storage, albeit on a much smaller scale.

 

HDD-based object storage systems offer an alternative way to facilitate a physical air gap while speeding up recovery times. However, since these require a network connection to facilitate data ingestion, they will require additional safeguards to assure isolation, unlike tape-based solutions.

 

Offline is making a comeback

Alongside providing the air-gapped backup protection against hackers and malware that organisations need, offline storage offers a number of additional benefits. For organisations that want to mitigate the impact of a complete network failure and bolster their business-as-usual capabilities, having a physical copy of systems and data held offline makes a lot of sense in today’s high-risk world. But that’s not all.

 

Data stored offsite in a physical location is much easier to monitor and keep track of. Unlike data held on multiple servers and networks, all information updates, changes, and deletions can be comprehensively controlled. It’s also much easier to recover. Should a catastrophic event occur, there’s no guarantee that data stored in the cloud will be recovered in its entirety. 

 

Similarly, there’s a very real chance that the cyberthreat or issue that initially triggered a downtime event will also render data unusable. However, if an organisation has a reliable offline storage solution that is continuously updated and is ready to go the second a disaster occurs, the risk can be mitigated, ensuring that data remains accessible and usable even in the face of a disaster.

 

Finally, and crucially for organisations for whom data sovereignty and confidentiality is a top priority, no other third party has access to their offline storage – something that makes it a much more appealing option compared to the cloud.

 

With all these benefits, it’s understandable why offline storage is popular, despite years of everyone wanting to be online every minute of every day. Sometimes, maintaining a little distance is a good thing. 

 

---

 

Carlos Sandoval Castro is IBM Worldwide Tape Offering Manager, the LTO Program

 

Main image courtesy of iStockPhoto.com and HinelineDesign