The purpose for backing up system servers is obvious: If anything goes wrong with the network, the backup provides data restoration. But backups themselves are not immune from calamity. In particular, ransomware can infect the backup just as easily as the system network, and it can do so in several different ways. Additionally, the problem of ransomware is growing from year to year, both in number of attacks and the sophistication in which the attacks are deployed.
According to the 2022 SonicWall Cyber Threat Report, the global volume of ransomware increased 105% year over year in 2021 and a whopping 232% since 2019, with attacks in the U.S. last year alone increasing by 98%. Researchers recorded over 623 million ransomware attacks worldwide.
– 09.07.2022 embroker.com
It is hard to imagine anything worse than having your data backup rescue plan fail. But this is not the worst-case scenario for a business. The worst-case scenario is to realize that you no longer have your data… but the cybercriminals now have it instead.
What prevents this situation? An encrypted backup does.
How Encryption Works
Data encryption is the process of converting information from a readable format into an unreadable format with the use of an encryption key. In this way, encryption is a reversible system: it translates between the original data and the ciphertext. There are two kinds of encryption. Symmetric encryption is a character-to-character cipher code with a secret key. Encryption keys can be shorter or longer – 128-bit, 192-bit, and 256-bit keys are standard. Asymmetric encryption is a little different, using instead a two-key system. Asymmetric is usually used when the encryption/decryption needs to be done between two separate endpoints.
Backups that are Encrypted
Having your data backed up may help you recover from a cyber crime event, but it was never meant to be a safeguard against a cyber crime event. This is why the industry has defined the “3-2-1 rule” for data backups (the rule which states that there should be three copies of data: two backup copies, and at least one copy should be offline or at an “air gapped” location). But, should all these efforts fail and the data is still breached, encryption ensures that the data will be of no use to anyone who steals it.
Encrypted Backups and Cyber Insurance
Most cyber insurance providers are looking for a company’s backups to be encrypted in order for them to offer an affordable policy. Customer data, vendor data, and proprietary data could fall into criminal hands without it, which puts the insurance company at risk to cover damages to customers and investors and other third parties, not to mention the litigation costs if the company gets sued over it.
If the insurer can determine that the company’s data is well-encrypted, then they can have confidence that would-be criminals would merely land themselves a data trove filled with encrypted gibberish. The potential risk associated with a breach would be greatly reduced.
So, make sure your backup hardware and software include encryption capabilities, and use it. It’s smart, and it can save a lot of added heartache during and after a data breach crisis. If you need help finding a good solution for your business, call Secure Networkers at 281-651-2254 or reach out to us by email with your questions. We will be glad to help.