Gareth Griffiths, Chief Technology Officer, BridgeHead Software
The WannaCry ransomware attack crippled thousands of organisations in 150 countries around the globe, most notably the NHS. Of those Trusts affected, many were quick to implement their tried and tested disaster recovery strategies and return to normality within a matter of hours, which is commendable considering the scale and nature of the attack. Others were less fortunate and recovery took days before they were fully operational, suffering huge disruption. This latest cyber attack has prompted us to take a fresh look at data protection, backup and data recovery best practices, particularly when it comes to ransomware.
The age of malware has added a whole new threat to NHS IT systems. We know that ransomware only works if the damage is reversible. As a cyber criminal there’s little point holding data to ransom and demanding payment if the data is irretrievable. And we know that the perpetrators of these attacks chose their victims carefully, targeting organisations that can least afford downtime and, as a result, are more likely to pay the ransom.
Robust data protection is essential in the battle against cyber attacks but, increasingly, we’re seeing that having a single backup strategy is not sufficient and, depending on the storage media, potentially even part of the problem. Historically, there was little risk to backups themselves, yet ransomware adds a new dimension that threatens and attacks not just the data, but also the backups, as was the case with the WannaCry attack.
This led me to write an article for PublicTechnology.net – a leading source of public sector IT technology news and analysis – covering the importance of backup and data recovery strategies following the WannaCry attack.
At BridgeHead, we feel that offline media should supplement online backups and provide the second layer of protection. Backups are best protected when they are maintained offline from production environments to avoid ransomware viruses corrupting backup copies. As such, we recommend an easy to restore from first stage backup with a ‘cascade’ on to tape or similar offline removable media. The final copy doesn’t have to be tape, but it must be safe against malware, secure and offsite.
Reflecting on the WannaCry attack, we urge Trusts to think of an offline backup as being like an insurance policy i.e. “We hope not to have to make a claim, but it’s essential to be covered in the event of a major disaster”. We recommend having a written plan, making sure all IT staff know where the plan is, and practising that plan. You do not want to be working out what to do in the middle of a crisis, that’s how mistakes happen and a crisis becomes a disaster.
If you would like further information or wish to discuss the above, please email me at: firstname.lastname@example.org