If organizations do not effectively maintain regular backups of systems, configurations, and information, they are not likely to have the ability to recover from a system failure, unplanned outage, or disaster event.
A configuration backup strategy is a core component of business contingency capabilities. Additionally, there is little chance to recover from a ransomware attack, independent of paying the requested bounty, without effective and reliable backups being in place.
With legislation for multiple jurisdictions requiring the payment of requested ransom to be reported, it is critical for organizations to prevent falling victim to ransomware. The backups required to downplay ransomware attacks are the focus of pitfall #49 in my eBook, Security Program Pitfalls and Prescription to Avoid Them.
Backup copies of information, software, and system configurations should be made at appropriate, recurring intervals. Backups should also be made prior to the physical movement or relocation of critical systems or system components. Backups should be tested regularly to ensure their fitness for use in accordance with an agreed upon backup restoration process. Testing the restoration of data from backups is important. It does not matter how many backups you have if they cannot be used to effectively recover the data they contain.
A formal definition of the level of backups required for systems should be documented and approved. This should include the scope of data to be backed up, the type of backups (e.g., full, incremental, transactional, etc.), the frequency of backups, and the duration of backup retention.
A configuration backup strategy may be the only option your organization has to recover after a system failure, hard drive failure, or database corruption. If you have an operational system or application that “can never be down”, you will need to have a backup strategy in place to support that system or application. For instance, taking a weekly backup on a Saturday for a database that fails on the following Friday, could mean your organization loses up to six days of “must have” data.
To mitigate this risk, many organizations perform full weekly backups and daily or nightly incremental backups. The operational risk in this scenario is hours of potential data loss versus days of data loss. Find the balance that is most appropriate for your organization and operational requirements. Keep in mind that data recovery requirements may be different for systems with differing operational impacts to your organization.