We all know that backups are an essential part of an organisation's cyber strategy and making regular backups is the most effective way to recover from a destructive ransomware attack, where an attacker's aim is to destroy or erase a victim's data.
The guidance advises there are two main ways to backup:
- by saving copies to physically disconnected backup storage that you are entirely responsible for managing
- by saving copies to a cloud-based backup service that handles some of this responsibility for you
As cloud-based backup services won’t necessarily be resistant to ransomware attacks by default, these principles set out the functions a service should offer, so that it can be considered resistant to destruction by ransomware.
Principle 1. Backups should be resilient to destructive actions
Principle 2. A backup system should be configured so that it isn’t possible to deny all customer access
Principle 3. The service allows a customer to restore from a backup version, even if later versions become corrupted
Principle 4. Robust key management for data-at-rest protection is in use
Principle 5. Alerts are triggered if significant changes are made, or privileged actions are attempted
The full guidance can be read here: Principles for ransomware resistant cloud backups.DPE have published further backup guidance here: October is Cyber Security Awareness Month: 24. Backups
The Data Protection Education Knowledge Bank has an Information and Cyber Security Checklist available which covers backups (viewable with a valid DPE subscription):