Ransomware is Evolving – Agencies Must Prioritize Data Backup
By Nick Psaki, Principal Engineer, Office of the CTO, Pure Storage
The threat of ransomware is not new – but we are seeing a renewed focus since the onset of COVID-19. With the majority of the Federal workforce remote, the landscape is changing rapidly and threats are evolving. The Cybersecurity and Infrastructure Security Agency (CISA) – along with other agencies – has released several alerts since the beginning of the pandemic, citing new and emerging threats.
Some of these alerts, for example, share the baseline recommendation that organizations should focus on routinely backing up systems, reinforcing basic cybersecurity awareness and education, and revisiting cyber incident response plans.
As telework continues and bad actors become more sophisticated, agencies must shift their mindset. The threat of a ransomware attack necessitates not only a strong defense, but an equally strong response. There is no guarantee that every ransomware attack can be prevented – and data backup is useful only if it is accessible when it’s needed the most. Agencies need a platform with security built-in, as well as highly responsive backup and recovery measures to prepare for ransomware attacks that target the last line of defense, data backups.
Agencies can help prevent ransomware attacks by keeping their operating system and tech stack up to date and investing in InfoSec training, network security audits, and vulnerability testing. They can also assure access to data and back up files through frequent snapshots and other data-protection methods.
But protecting against a high-impact, low-probability event is difficult in practice. Backups may not work effectively or quickly enough in the event of a real threat. Many systems are not ready to restore large environments in a short timeframe. Failed backups, corrupted data, and slow restores hurt agencies even more. Evolving ransomware attacks that target backup data, backup catalogs, and even storage array snapshots force agencies to go through the reconfiguration of backup solutions before even recovering the data.
Federal IT leaders should consider a data strategy with security built-in. Ransomware attacks place immense strain on existing data-protection infrastructure if it’s built on legacy architectures like disk and tape. Conventional security measures can safeguard agency data from natural or human-made disasters, data corruption, or accidental deletions, but provide less protection against ransomware. A ransomware attack is not a normal recovery event that might involve a few lost files or a corrupted database; potentially all files and databases could be encrypted. The same design that optimizes for data ingestion and space-efficiency creates a significant drag on recovery speed because data needs to be reconstructed after being widely dispersed through deduplication. A modern data platform with protection for backups built-in is essential.
Agencies must evaluate their backup and recovery measures to ensure they’re sufficient. Data backups are often the last line of defense against ransomware attacks. Focusing on recovery performance helps avoid system downtime, and ultimately works to prevent a threat to mission-critical work, or a lapse in essential citizen services.
Two metrics are key here: reliability and speed of backup. Backups should not require constant care and feeding, and they should also be simple and immutable. In this case, immutability ensures backups aren’t compromised by attackers even if admin credentials have been compromised. Advanced protection can also come in the form of automated snapshots that prevent backups from being deleted.
We also must evolve our expectations around backup and restore speeds. Backup storage must recover as fast as possible. It also must be done at scale – a single database might require 10 hours to restore. When you consider the massive amount of data housed within an agency, you are measuring recovery time in months.
Federal agencies doing mission-critical work cannot afford that amount of downtime. Rapid restore is essential if agencies are to protect themselves against the effects of ransomware attacks. Recovery point and recovery time objectives ensure that they can avoid major operational and financial impact, protect critical data, and stay focused on the mission.
Rapid backup and recovery are essential – with a Modern Data Experience as the foundation. A Modern Data Experience is simple. Storage should be easy to set up, manage, and expand, as well as integrate easily with existing backup software. Of course, it must be fast – restoring data and applications quickly enough to actually matter. It should also be seamless. This experience can span any protocol, any tier of service level, and multiple clouds in a single environment. Lastly, it should sustain performance as data volumes increase.
Having consistent, real-time access to data is critical for agencies – and in the event of an attack, they must be able to recover data at scale, as quickly as possible, when systems go down. The backups themselves must be both valid and usable. Modern data protection is fast, simple, and cost-effective. This strategy helps prevent the devastating effects of cyberattacks that could reduce productivity, cost millions, threaten mission-critical work, or create a lapse in essential citizen services.
About the Author
Nick Psaki is the Principal Engineer, Americas – Federal for Pure Storage and based in the Washington, DC area. Nick is Pure Storage’s senior technical resource for Federal customers, providing deep technical knowledge of flash storage system architectures that enable business and technological transformation for government enterprises.
A 30-year veteran of the United States Army, Nick has extensive experience in designing, developing, deploying, and operating information systems for data analysis, sensor integration, and large-scale server virtualization. He was the Intelligence Architectures Chief for the Army G2 (Intelligence), and the Technology and Integration Director for Army G2 Futures directorate. He has served in multiple peacekeeping and combat operations ranging from the Balkans in the 1990s (Operation Able Sentry VI and Operation Joint Endeavor/Joint Guard) to Iraq and Afghanistan in the post-9/11 era. For the past several years, Nick has been focused on ways in which new and emerging technologies can enable a more rapid and cost-efficient analysis of ever-growing bodies of data.
Nick can be reached at nick.psaki@purestorage.com and at our company website: https://www.purestorage.com/solutions/industries/government.html