Page 49 - Cyber Defense eMagazine December 2023
P. 49
With ransomware attacks running rampant, law firms’ IT and security teams must encourage and
enhance backup protocols when it comes to protecting the organization’s valuable data. Arguably,
backups are the most important security control—when data is lost forever, many firms never recover.
Thus, ensuring backups are redundant, immutable, recoverable, and have controls within and around
them is essential for firms to protect themselves from catastrophic loss.
What is Immutability and How to Achieve it?
When it comes to data backups, being “immutable” means that data in storage is incapable of being
changed, encrypted, or deleted. The only way it should be modifiable is by a two-key simultaneous lock
turn (think of the dramatic nuclear bomb launch we may see in movies) and the expiration of a designated
retention period, such as a timed lock on a safe.
Immutability for law firms is essential as they are frequently targeted by ransomware actors, and
immutable backups are a requirement of many cyber insurance carriers. It is important to note that not
all immutability is created equal; and redundancy and recoverability are essential components as well.
Should a threat actor infiltrate a network and break controls around one data repository, it’s critical that
there be several others, all immutable and preferably of different types and differing manufacturers to
hedge bets, to add additional layers of insurance against total loss.
How Secure Are Law Firm Backups?
Alarmingly, 38% of law firms confirmed their backup copies are either not immutable or they are unsure
whether they are, and only 24% reported having multiple immutable copies of all data. As previously
mentioned, not all immutability is created the same, and sometimes law firms are not correctly reporting
whether their backups are immutable.
Storage snapshots emerge as the most common form of backup at nearly double most other backup
methods. While this may not be the only method of backup for some firms, it is the most often used as it
is most convenient; but it cannot be relied upon to be immutable. To my knowledge, only Pure snapshots
offer immutability to the standards of cybersecurity professionals. Currently, only 9% of firms report using
Pure snapshots for their shared storage, and all of those are likely not enabling immutable snapshots of
all data. Since most firms use non-immutable local and remote storage, there are likely gaps surrounding
immutability to truly safeguard organizations from targeted backup attacks.
Lastly, many firms have components of backup infrastructure as part of the Active Directory domain. This
is another Achilles’ Heel in firms’ backup resilience strategy—no backup servers, proxies, or targets
should be domain-joined, as any attacker that can penetrate the network can then access company data
in storage.
Cyber Defense eMagazine – December 2023 Edition 49
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.