Threat actors aren\u2019t fools; they understand the mitigation steps taken by today\u2019s brightest IT organizations and look for ways to circumvent security controls to locate, exfiltrate, and delete backups to leave the victim organization with paying the ransom as their only option.<\/p>\n
But the good guys have been diligently evolving as well. Last year, Gartner put out the Hype Cycle for Storage and Data Protection Technologies, 2022<\/a>, coining a since-repeated phrase that denotes having backup storage that is resilient to cyberattack: cyberstorage<\/em>.<\/p>\n According to Gartner, cyberstorage \u201cprotects storage system data against ransomware attacks through early detection and blocking of attacks, and aids in recovery through analytics to pinpoint when an attack started. The solutions can be pure software, a dedicated appliance or fully integrated with the data storage solution<\/em>.\u201d<\/p>\n In short, Gartner says, \u201cCyberstorage provides active defense against cyberattack on unstructured data<\/em>.\u201d They paint a picture of the technology timeline in the Hype Cycle shown below:<\/p>\n And while the Hype Cycle report is looking for storage-vendor specific solutions that may take as many as 10 years to come to fruition, as with any cybersecurity need, there are many ways to achieve the same end goal \u2013 and in a much shorter period than 10 years!<\/p>\n 4 white-label posters to help you educate your end-users on how not to get hit by ransomware.<\/p>\n<\/div>\n Let\u2019s break cyberstorage down into a few specific goals to help find ways to achieve cyberstorage practically while the industry attempts to catch up and create some form of a unified solution:<\/p>\n 1) Early Detection and Blocking of Attacks<\/strong> \u2013 I believe that Gartner has it in mind that this \u201cdetection\u201d and \u201cblocking\u201d is done as part of the storage system. But the preventative and protective layers of your cybersecurity strategy should be most effective well before an attacker ever gets to the point where they are trying to encrypt or delete backups, right?<\/p>\n Most cybersecurity practitioners put the emphasis on the most common initial attack vector of most ransomware attacks \u2013 phishing<\/a> \u2013 putting a layered strategy in place to keep malicious email from ever reaching an inbox. But a bit more than 1 in 9 attacks actually see the inside of an inbox<\/a> \u2013 making it critical that your \u201cearly detection and blocking\u201d of attacks includes endpoint protection that stops both known and unknown threats.<\/p>\n And by \u201cendpoint\u201d, I don\u2019t just mean workstations and laptops; I mean every system on the network. Part of Gartner\u2019s definition of cyberstorage<\/em> includes pinpointing when an attack started, so that meaningful recovery actions can be taken that won\u2019t include infected systems and data within the backups used. This means your endpoint protection<\/a> needs to be on any system that can be used as an asset for the attacker. Additionally, it must provide an ability to detect malicious or suspicious code, regardless of the obfuscation method(s) used and whether the code is run or lies dormant. The goal here is to find the malicious code before it does any harm.<\/p>\n 2) Keeping Backups Inaccessible to Attackers Through Cloud and Hybrid-Cloud Storage<\/strong> \u2013 According to the Gartner report, by 2026 \u201clarge enterprises will triple their unstructured data capacity stored as file or object storage on-premises, at the edge or in the public cloud, compared to 2022.\u201d Note that on-prem is still mentioned here. The somewhat old, but still pretty relevant, \u201c3-2-1 Backup Rule<\/a>\u201d states that there should be one copy (the \u201c1\u201d in \u201c3-2-1\u201d) of the data held offsite. This is generally held today to mean stored in the cloud.<\/p>\n Given that attackers are seeking out backups as part of ransomware attacks, it makes sense that organizations should take steps to ensure there is a copy of backups that is seemingly out of reach of an attacker by keeping it off-premises (with the cloud being the obvious choice). Of course, I\u2019m assuming that you\u2019re using a modern backup solution that supports cloud-based backups.<\/p>\n 3) Making Backups Immutable<\/strong> \u2013 There\u2019s an extension to the \u201c3-2-1 Backup Rule<\/a>\u201d that states that one of your copies should be immutable<\/em> (that is, it can\u2019t be modified or deleted). The term \u201cImmutable Data Vault\u201d can also be found in Gartner\u2019s Hype Curve above, demonstrating that this additional security measure \u2013 while not the ultimate answer to stopping attacks \u2013 plays a role in achieving a state of cyberstorage<\/em>. (It\u2019s likely \u2013 from Gartner\u2019s perspective \u2013 that this technology will simply become a feature in a much larger \u201csecure storage\u201d offering in the future. But, for now, it\u2019s a capability offered by many cloud storage providers today that you can take advantage of.)<\/p>\n If you\u2019ve been in IT for a while, you know that Gartner doesn\u2019t always get their industry trending right. But this cyberstorage concept just makes sense. While cybercriminals have been changing their ransomware tactics to increase the pressure to pay a ransom, the \u201cget out of jail free\u201d card has always been \u2013 and will continue to be \u2013 the presence of viable, undisturbed backups that can recover an environment quickly.<\/p>\n But beyond ransomware attacks specifically, additional benefits also exist. Endpoint protection<\/a> based on deep learning can help to stop every kind of cyberattack and not just those that seek to delete your backups and encrypt your data. Cloud-based backups increase the recovery options from just on-prem to also include a cloud-based virtual environment. Immutable backups<\/a> imply a high data durability standard \u2013 meaning you can rely on the backed-up data when it comes time to recover.<\/p>\n![\"Figure_1_Hype_Cycle_for_Storage_and_Data_Protection_Technologies_2022\"](\"\/wp-content\/uploads\/2023\/03\/Figure_1_Hype_Cycle_for_Storage_and_Data_Protection_Technologies_2022.png\")
<\/p>\n![\"Poster](\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2020\/06\/Ransomware-Awareness-Poster-Pack-2.png\")
<\/div>\n![\"CTA\"](\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/38530902-54cb-489c-9f02-772612f0072d.png\")
<\/a><\/span><\/span>\n<\/div>\n<\/div>\n![\"CTA\"](\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/4a146d91-d63d-4e82-9aab-1f5f0c43f780.png\")
<\/a><\/span><\/span><\/div>\nWhy Attempt to Achieve Cyberstorage?<\/h3>\n