Cybercriminals are adapting new technologies and social engineering tactics to target backup data. Here are tips for addressing such evolving vectors.

With digitalization shifting the need for printed documentation towards soft copy storage, digital data loss can happen in an instant. While backups help mitigate these risks, backups themselves have become prime targets for cybercriminals looking to hold the data hostage. 

Backups are essential, but they are not a cybersecurity strategy on their own. They remain vulnerable to cyberattacks, which is why a properly implemented cybersecurity strategy is needed to keep them safe.

Cybercriminals are adapting, and backups are now high-value targets. A prime example is the ransomware attack last year on Kadokawa Corp, which had resulted in 1.5TB of stolen data. With over 250,000 users and a significant stock decline, the incident underscores how backup compromises can lead to severe financial and reputational damage.

Beyond the basics of backup security

Insider threats and compromised credentials pose significant risks to backups. Using stolen credentials, malicious actors can bypass security measures, manipulate or delete backups, and render recovery impossible.

In securing backups against such threats, strengthening access controls, implementing Multi-Factor Authentication (MFA) and identity and access management processes such as Privileged Access Management (PAM) are inter-related essential steps.

Effective backup security starts with enforcing least-privilege access, ensuring that only those who absolutely require backup permissions are granted access. By limiting administrative control, organizations reduce the risk of insider threats and minimise potential attack vectors.

Identity and access management strengthens backup security through: 

Checklist

✓ Zero Trust enforcement: Verifies all users and devices before granting access.

✓ Session monitoring and audit logs: Detects suspicious activity in real time.

✓ MFA requirement for backup access: Blocks unauthorized logins, even if credentials are compromised.

✓ Multilayered authentication approach: Integrates MFA, password-less authentication, and device security checks to verify user identities before granting access.

To further strengthen backup security, add the following measures:

Checklist

✓ Securing privileged credentials through password vaulting and regular rotation prevents attackers from exploiting static or weak passwords to infiltrate backup environments.

✓ Continuous monitoring and auditing of backup access provide real-time visibility into suspicious activity, enabling rapid detection and response to unauthorized access attempts.

✓ Align identity and access management solutions such as PAM with backup and disaster recovery strategies, ensuring security measures evolve alongside advancements in backup technologies. Integrating this with Security Information and Event Management, organizations can gain deeper insights into privileged activity and potential threats.

By doing so, organizations can  protect their critical data, ensuring that backups remain a reliable lifeline against cyber threats.