Full Report
A cybercriminal has disrupted your company’s technical systems and they communicate their demands of $2.3M, which was the median ransom demand in 2024.1 If you don’t have strong backup plans for your data and network, you’re at the mercy of […] The post The Most Effective Preparations to Withstand Ransom-Based Cyberattacks appeared first on Lumen Blog.
Analysis Summary
# Best Practices: Ransomware and DDoS Resilience through Data Backup and Network Redundancy
## Overview
These practices address the critical need for robust data backup and network redundancy strategies to mitigate the impact of ransomware attacks (which often target backups) and Distributed Denial-of-Service (DDoS) attacks, ensuring business continuity even when systems are compromised or inaccessible.
## Key Recommendations
### Immediate Actions
1. **Identify and Document Essential Data Tiers:** Immediately categorize all company data into tiers based on criticality. Essential data *must* include all sensitive data (PII, health records, financials) and data feeding critical business tasks (e.g., IoT sensor data, key sales contacts).
2. **Establish Initial 3-2-1 Backup Placement:** Begin reviewing current backup locations to ensure at least three copies of essential data exist, utilizing at least two distinct storage media types, with one copy located offsite.
3. **Verify Immediate Data Accessibility:** Ensure that at least one copy of essential data resides on a storage solution (like NAS) that is immediately accessible to facilitate rapid recovery following an incident.
### Short-term Improvements (1-3 months)
1. **Implement Immutability for Critical Backups:** Configure one copy of essential data backups to be immutable (non-editable/non-deletable) to protect against mass deletion or encryption by ransomware.
2. **Determine and Automate Backup Frequency:** Based on the criticality and RTO/RPO analysis of essential data, implement automated backup schedules (e.g., continuous, hourly, or daily) to minimize data loss exposure.
3. **Test Data Restoration Procedures:** For all critical data tiers, conduct a full restoration test from at least one non-primary backup location to validate recovery time objectives (RTOs) and data integrity.
4. **Implement Flexible Network Bandwidth Scaling:** Investigate and configure on-demand network services (like Internet On-Demand or Ethernet On-Demand) to allow for flexible scaling of bandwidth specifically for executing large data backups without sustaining high permanent costs.
### Long-term Strategy (3+ months)
1. **Formalize Business Impact Analysis (BIA):** Conduct a formal Cyber Risk Quantification analysis to assign monetary value to downtime for different data loss scenarios, using the results to budget for optimal backup frequency and network resources (ROI justification).
2. **Document and Practice Incident Response (IR) for Backup Compromise:** Develop and regularly drill IR plans specifically addressing scenarios where primary and secondary backup systems are compromised, focusing on the recovery process using immutable or geographically diverse storage.
3. **Establish Network Redundancy for DDoS Resilience:** Implement layered network defenses, including robust DDoS mitigation services, to ensure legitimate traffic can remain active even if an attack attempts to overwhelm the network.
## Implementation Guidance
### For Small Organizations
- **Focus on the Core 3-2-1:** Prioritize meeting the 3-2-1 rule manually or with simple cloud/external drive combinations for essential data first.
- **Use Cloud Provider Immutability:** Leverage built-in 'Object Lock' or similar immutability features offered by major cloud storage providers for the immutable copy.
- **External Partner Support:** Rely on managed service providers (MSPs) for configuring secure offsite backups, as internal bandwidth scaling solutions may be overkill initially.
### For Medium Organizations
- **Tiered Backup Policies:** Formally implement differentiated backup frequencies based on data criticality tiers established in the immediate actions.
- **Adopt On-Demand Networking for Backups:** Implement consumption-based networking solutions (like **Lumen Internet On-Demand**) to manage the bandwidth spikes associated with scheduled, large-scale backups without requiring permanent high-capacity links.
- **Test Cross-Platform Restoration:** Ensure restoration capabilities between different storage media types (e.g., on-premises to cloud) are fully functional and documented.
### For Large Enterprises
- **Automated Policy Enforcement:** Utilize enterprise backup management tools to automatically enforce 3-2-1 rules, immutability locks, and adherence to defined SLAs for RTO/RPO across disparate geographical locations.
- **Advanced Network Load Balancing:** Deploy advanced solutions like **Lumen Wavelength Solutions** for high-speed, dedicated, point-to-point connectivity required for massive data replication/backup operations.
- **Cyber Risk Quantification Integration:** Integrate the financial impact modeling from BIAs directly into the budget approval process for capacity upgrades and backup service subscriptions, demonstrating ROI (e.g., anticipating the 297% ROI projected for DDoS mitigation).
## Configuration Examples
| Component | Best Practice Configuration Guidance |
| :--- | :--- |
| **Data Copies** | Maintain **3 copies** of essential data. |
| **Storage Media** | Use a minimum of **2 distinct media types** (e.g., high-speed NAS and long-term immutable cloud storage). |
| **Immutability** | Configure the immutable backup copy with a retention lock preventing *any modification or deletion* for a defined period. |
| **Offsite Location** | Ensure the offsite copy resides in a distinct geographic or logical zone from the primary LAN/data center. |
| **Backup Network Use** | Utilize on-demand bandwidth services where bandwidth ramps up for backup completion and then scales down to lower cost profiles. |
## Compliance Alignment
- **NIST CSF:** Addresses Recovery (RC) and Protect (PR) functions through resilient backup and network design.
- **ISO 27001:** Supports controls related to availability, continuity management, and protection of information backups.
- **CIS Controls:** Supports controls related to data recovery, Configuration Management, and addressing specific attack vectors like advanced persistent threats that seek to destroy backups.
## Common Pitfalls to Avoid
- **Treating Backups as Optional:** Assuming traditional data retention policies suffice; backups *must* be specifically designed for rapid recovery following a cyber incident (i.e., protecting them from the attacker).
- **Haphazard Backup Approach:** Failing to define data tiers, leading to over-backing up low-value data or under-protecting critical assets.
- **Single Point of Failure in Storage:** Storing all three copies of data on the same storage vendor or infrastructure system, which an attacker could potentially compromise simultaneously.
- **Ignoring Network Capacity:** Having great backups but insufficient network bandwidth to restore terabytes/petabytes of data in an acceptable timeframe.
## Resources
- **Lumen Data Protect:** Explore comprehensive and flexible data backup services for implementation assistance.
- **Cyber Risk Quantification Modeling:** Utilize methodologies similar to Cyber Risk Quantification for establishing data backup budgets based on quantifiable risk reduction.
- **Networking On-Demand Services:** Investigate flexible networking tools like Lumen Internet On-Demand or Ethernet On-Demand to optimize backup operational costs.