With  ransomware  attacks  running  rampant,  law  firms’  IT  and  security  teams  must  encourage  and
            enhance  backup  protocols  when  it  comes  to  protecting  the  organization’s  valuable  data.  Arguably,
            backups are the most important security control—when data is lost forever, many firms never recover.
            Thus, ensuring backups are redundant, immutable, recoverable, and have controls within and around
            them is essential for firms to protect themselves from catastrophic loss.



            What is Immutability and How to Achieve it?

            When it comes to data backups, being “immutable” means that data in storage is incapable of being
            changed, encrypted, or deleted. The only way it should be modifiable is by a two-key simultaneous lock
            turn (think of the dramatic nuclear bomb launch we may see in movies) and the expiration of a designated
            retention period, such as a timed lock on a safe.

            Immutability  for  law  firms  is  essential  as  they  are  frequently  targeted  by  ransomware  actors,  and
            immutable backups are a requirement of many cyber insurance carriers. It is important to note that not
            all immutability is created equal; and redundancy and recoverability are essential components as well.
            Should a threat actor infiltrate a network and break controls around one data repository, it’s critical that
            there be several others, all immutable and preferably of different types and differing manufacturers to
            hedge bets, to add additional layers of insurance against total loss.



            How Secure Are Law Firm Backups?

            Alarmingly, 38% of law firms confirmed their backup copies are either not immutable or they are unsure
            whether they are, and only 24% reported having multiple immutable copies of all data. As previously
            mentioned, not all immutability is created the same, and sometimes law firms are not correctly reporting
            whether their backups are immutable.

            Storage snapshots emerge as the most common form of backup at nearly double most other backup
            methods. While this may not be the only method of backup for some firms, it is the most often used as it
            is most convenient; but it cannot be relied upon to be immutable. To my knowledge, only Pure snapshots
            offer immutability to the standards of cybersecurity professionals. Currently, only 9% of firms report using
            Pure snapshots for their shared storage, and all of those are likely not enabling immutable snapshots of
            all data. Since most firms use non-immutable local and remote storage, there are likely gaps surrounding
            immutability to truly safeguard organizations from targeted backup attacks.

            Lastly, many firms have components of backup infrastructure as part of the Active Directory domain. This
            is another Achilles’ Heel in firms’ backup resilience strategy—no backup servers, proxies, or targets
            should be domain-joined, as any attacker that can penetrate the network can then access company data
            in storage.









            Cyber Defense eMagazine – December 2023 Edition                                                                                                                                                                                                          49
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.