A staggering rise in ransomware attacks such as that experienced by Change Healthcare in February has resulted in costly repercussions.
The attack caused significant disruption, impacting pharmacies, hospitals, and other healthcare providers who rely on Change Healthcare’s systems for processing claims and receiving payments.
The Blackcat/Alphv ransomware group responsible reportedly received a $22 million ransom from Change Healthcare’s owners, UnitedHealth, making the attack a huge financial success for the group, but financially crippling for UnitedHealth.
Despite recovery efforts, sensitive patient data including diagnoses, treatments, and medical images were exposed during the attack, affecting a substantial portion of the U.S. population.
Further reports indicate that ransomware incidents have surged. A report from Cybereason found that almost three-quarters of organisations (73%) reported at least one ransomware attack with the total number of attacks up a third compared to the previous year's report. Almost half of the organisations (49%) polled also paid a ransom to prevent revenue losses and another 41% paid the ransom to quicken the recovery process.
As cybercriminals enhance their tactics, techniques and procedures, secure and encrypted backups are a crucial safeguard. Backups can help protect against potential data lockout and the financial devastation associated with paying ransoms while ensuring organisations can recover swiftly from attacks.
Despite this, recent research from Apricorn's annual survey reveals worrying findings with many businesses still struggling to fully recover their data following a breach and exposing flaws in their backup processes.
Failure to implement a comprehensive backup strategy can leave businesses exposed and vulnerable – in a position where paying a ransom demand may feel like the only way out.
The Apricorn survey also found that although 50% of organisations who experienced a breach were able to fully restore their data, a significant portion, 25%, could only partially recover.
Even more worryingly, 8% admitted to being completely unsuccessful, citing a lack of robust backup procedures.
These findings underscore the urgent need for organisations to enhance their backup strategies to guarantee full recovery in the event of an attack.
Over-reliance on cloud providers
The Government’s Cyber Security Breaches Survey 2024 revealed that 71% of businesses are relying solely on their cloud service providers (CSPs) for backup. This dependency on a single solution is a risky strategy.
Although the cloud is often marketed as a foolproof option, its security can be compromised, particularly when hackers target administrative access or exploit cloud vulnerabilities.
Organisations need to diversify their backup methods and avoid putting all their eggs in one basket by adopting the "3-2-1 rule" when designing backup strategies.
This means having at least three copies of data, stored on two different media types, with one copy offsite. One copy should be offline, for example on an encrypted removable hard drive, ensuring that in the event of a breach or failure, organisations have a secure, isolated copy of their critical data.
Organisations must realise that cloud storage alone is not enough; a comprehensive backup strategy involves multiple layers of protection, ensuring that data is stored in different locations, formats, and media.
Automation and Diversification
There is, however, some positive news. The Apricorn survey found a surge in the use of automated backup systems with 30% of IT decision makers now using automated backup to save data to both central and personal repositories, a significant rise from 19% in 2023.
This shift suggests that businesses are increasingly recognising the importance of regular, automated backups to ensure critical data is saved without relying on manual processes, which can be prone to human error.
Similarly, 27% of respondents have automated their backup to central repositories, up from 14% last year, while 16% are now automating backups to personal repositories, compared to 11% in 2023.
These trends are encouraging, showing that organisations are moving toward best practices, including the use of multiple backup locations.
Organisations that fail to recover data after a breach often suffer extended downtime, which, as highlighted, can have devastating financial implications. Additionally, the loss of sensitive data may lead to regulatory fines, lawsuits, and lasting damage to the organisation's reputation.
As seen in recent breaches, those who lack a comprehensive, regularly tested backup strategy are far more likely to experience prolonged recovery times, increased costs, and more severe long-term impacts on their business.
The consequences of inadequate backup processes go beyond operational downtime, however. According to the Apricorn survey, 46% of IT security decision makers now consider backup policies a critical factor for meeting cyber insurance compliance, a substantial increase from 28% in 2023. Insurers are becoming more stringent in their requirements for coverage, often demanding proof of robust backup strategies. Failing to meet these criteria can leave organisations exposed, both financially and reputationally.
Moving forward: What are the best practices for backup strategies?
To mitigate these risks, organisations must embrace best practices when it comes to backup and recovery. This should include:
- Automating backups: Human error is a significant factor in failed backups and automation will ensure that backups occur regularly without reliance on manual processes.
- Diverse backup methods: Using multiple forms of backup, including both on-site and off-site solutions, such as encrypted removable hard drives and cloud storage is critical.
- Testing backups regularly: It’s not enough to have a backup; it must be tested to confirm that it works when needed. Regular testing ensures the integrity of the data and identifies potential failures in the process.
- Follow the 3-2-1 rule: Ensure you have three copies of your data, stored on two different media, with one copy offsite and isolated from the network.
The need for robust backup strategies is essential and while many organisations are making progress, significant gaps remain. Businesses that fail to prioritise and improve their backup processes may find themselves unable to recover when, not if, the next breach occurs.