infoguard-blog-why-backup-strategy

Why it’s so important to have a solid back-up strategy

In recent weeks, our CSIRT has again observed arise in ransomware attacks. Corporate data needs to be backed up more than ever, but you will learn in the following blog article why backups alone cannot provide adequate protection, and why having a solid data protection strategy is so important.


Every minute counts in a ransomware attack. How should you be reacting? Is your data security guaranteed if you decide not to pay up, or even if you do? While you are considering all the options, your organisation is left paralysed. With every minute that passes, the pressure to make the right decision increases.

Back-up & Recovery

It's your back-up strategy that often decides whether you pay up or not. The thing is that back-ups are necessary but they have to be recoverable. It is pretty difficult to restore a company's infrastructure from just one backup. The more diversified and multi-layered the IT environment is, the greater the challenge. It is also possible that a recovery can only be partially performed, or worse still, the backup does not work at all. If the backup server is acting within the network perimeter during a ransomware attack, it will also be encrypted along with all other systems in the network, rendering them all unusable. This makes keeping processes, technologies and procedures for generating regular copies of data and applications on a separate, secondary device just as important as the recovery itself. Of course, this needs to be kept offline.

Downtime is expensive, and every minute counts

If a company with multiple infrastructures is hit by a ransomware attack, it is unlikely that it will be able to recover quickly, even if the back-up is working perfectly. This downtime results in high costs for the company, or may even lead to the potential failure of the entire company. When our CSIRT is called in to assist with a security incident, our primary goal is to restore the company's ability to act as quickly as possible. To achieve this, we prioritise three key points:

1. The preservation or restoration of the value chain

2. The impact that can be anticipated in the future, e.g. data leaks caused by attackers.

3. Minimising the risk of recurrence; i.e., eliminating all gaps and backdoors

There is always some downtime, as it is unlikely that all services and systems can be decrypted immediately, but this should be kept as brief as possible. Therefore, the integrity of the backups must be regularly checked, and regular test runs should be carried out in a staging environment to recover the server. If done this way, the recovery time in the event of a ransomware attack should not take too long.

Modern Ransomware

Today, modern ransomware is no longer purely encryption programmes, it is much worse than that. In the past, ransomware attacks mainly targeted end users and demanded small amounts of cryptocurrency to release the data. In the meantime, attacks on businesses have become much more lucrative, as they are more likely to pay much higher ransoms. Modern ransomware is lurking in networks and siphoning off even the smallest amounts of data it can manage to spy on. Data is then analysed and used to blackmail companies using encryption, data leaks, or both. If they do not pay up, confidential client data or the company's trade secrets are made public. This can lead to permanent damage a company's reputation and, of course, also increase the pressure on the company affected.

Three pillars of security to fight against ransomware

An appropriate ransomware strategy allows you to reduce the risk of an attack and at the same time mitigate the impact of a successful attack. The following three pillars can significantly increase your security against ransomware:

1. Protection against Ransomware
Proactive ransomware protection, which prevents threats from gaining a foothold in the network, for instance Guardicore Centra.

2. Data backup strategy:
A solid data backup strategy is crucial - not just in the event of a ransomware attack and regardless of the size of your company or industry sector.

Our cyber security experts have compiled a best practice checklist for you. This guide is intended to assist you in reviewing your backup and recovery plan, as well as the broad outlines of your backup architecture and adjusting them where necessary. Download our whitepaper now!
Download Whitepaper Backup & Recovery

3. Creating awareness among staff:
Security awareness is a decisive factor in preventing a ransomware attack from happening in the first place. By creating awareness among your employees on issues such as phishing and ransomware, dangers that arise from careless behaviour or ignorance are reduced. To do this, we offer you targeted e-learning courses from our individual Security Awareness Services.

You can find more information about security awareness, phishing and social engineering on our Know-how Security Awareness website! Check your knowledge now with our security awareness quiz.
Know-how & Security Awareness Quiz

<< >>

Cyber Security , Cyber Risks

Mirjam Burkard
About the author / Mirjam Burkard

InfoGuard AG - Mirjam Burkard, Online Marketing Manager

More articles from Mirjam Burkard


Related articles
Why you should be treating your company data as if it were precious crown jewels
Why you should be treating your company data as if it were precious crown jewels

Company data must be backed up, because losing data can have a serious impact on your company and may even [...]
Handle security incidents efficiently with Incident Response Triage
Handle security incidents efficiently with Incident Response Triage

Preparedness is the key to effectively responding to cyber attacks. Even the best incident response team [...]
Inside Threat and what lies behind it
Inside Threat and what lies behind it

Experts are constantly pointing out that it is insiders who are responsible for almost half of all security [...]

Exciting articles, the latest news and tips & tricks from our experts on all aspects of Cyber Security & Defence.

Blog update subscription
Social Media
infoguard-cyber-security-guide-2