Resistant Cloud Backups
The NCSC has recently published an article about creating resistant cloud backups as a way to be more resistant to the effects of destructive ransomware.
We all know that backups are an essential part of an organisation's cyber strategy and making regular backups is the most effective way to recover from a destructive ransomware attack, where an attacker's aim is to destroy or erase a victim's data.
The guidance advises there are two main ways to backup:
As cloud-based backup services won’t necessarily be resistant to ransomware attacks by default, these principles set out the functions a service should offer, so that it can be considered resistant to destruction by ransomware.
DPE have published further backup guidance here: October is Cyber Security Awareness Month: 24. Backups
The Data Protection Education Knowledge Bank has an Information and Cyber Security Checklist available which covers backups (viewable with a valid DPE subscription):
We all know that backups are an essential part of an organisation's cyber strategy and making regular backups is the most effective way to recover from a destructive ransomware attack, where an attacker's aim is to destroy or erase a victim's data.
The guidance advises there are two main ways to backup:
- by saving copies to physically disconnected backup storage that you are entirely responsible for managing
- by saving copies to a cloud-based backup service that handles some of this responsibility for you
As cloud-based backup services won’t necessarily be resistant to ransomware attacks by default, these principles set out the functions a service should offer, so that it can be considered resistant to destruction by ransomware.
Principle 1. Backups should be resilient to destructive actions
Principle 2. A backup system should be configured so that it isn’t possible to deny all customer access
Principle 3. The service allows a customer to restore from a backup version, even if later versions become corrupted
Principle 4. Robust key management for data-at-rest protection is in use
Principle 5. Alerts are triggered if significant changes are made, or privileged actions are attempted
The full guidance can be read here: Principles for ransomware resistant cloud backups.DPE have published further backup guidance here: October is Cyber Security Awareness Month: 24. Backups
The Data Protection Education Knowledge Bank has an Information and Cyber Security Checklist available which covers backups (viewable with a valid DPE subscription):