Immutability to combat ransomware in 2023

By Tunde Abagun, Channel Sales Manager at Nutanix Sub-Saharan Africa

Johannesburg, 20 Apr 2023
Tunde Abagun, Channel Sales Manager at Nutanix Sub-Saharan Africa.
Tunde Abagun, Channel Sales Manager at Nutanix Sub-Saharan Africa.

Data is the lifeblood of today's enterprises and an extremely lucrative target for attackers. Ransomware, which essentially holds data "hostage" by encrypting it until the company pays a ransom, is increasingly common and becoming more advanced daily.

Ransomware is projected to cost its victims around $265 billion annually by 2031. Businesses will face a new attack every two seconds as perpetrators progressively refine their malware payloads and related extortion activities. The data clearly suggests it is not a question of if but when a business is attacked by ransomware.

Shared storage has been an affluent target for cyber criminals to hijack valuable customer, financial or sensitive information and extort payment in return for access to the data. Improving business defences is a top priority for local organisations actively seeking storage security strategies against malicious cyber attacks.

Some estimates say a ransomware attack occurs every 11 seconds. These attacks can cripple any company, causing unexpected downtime and wreaking havoc on an enterprise's operations, production, customer service and future reputation.

Integrated approach

Recovering from a ransomware attack can cost a lot of time, effort and money. Simply having a backup of company data is no longer sufficient, as attackers can infiltrate those as well. Furthermore, ransomware attacks cannot be detected by anti-virus software or firewalls. Hardly surprising that successful attacks can cause tremendous losses, including lost productivity costs, forensic investigation costs, data restoration costs from backup and the costs of hiring emergency consultants and crisis managers. And that is not even the reputational and financial damage that comes from having to pay legislative fines.

Businesses need a cyber security and ransomware protection plan integrated with the storage system to detect, prevent, recover and analyse cyber attacks. This will ensure that structured and unstructured data is protected, no matter where the data resides.

But in addition to practising such a defence-in-depth strategy, many local IT professionals are beginning to see the need for immutable backups. They provide a much-needed last line of defence from ransomware and other attacks. Furthermore, it is an intelligent way to maintain a successful strategy for business continuity and disaster recovery.

Defining immutability

Immutable can be defined as something that is not capable of or susceptible to change. An immutable backup is a copy of business data that, once saved, cannot be modified, overwritten, encrypted, deleted or altered in any way, even by the applications, users, administrators or the systems that generated the data.

Immutability helps defend against many typical causes of data corruption or deletion, from malicious viruses and ransomware to administrative errors to intentional sabotage and software bugs. Traditional mutable backups can be subject to encryption or other tampering after the fact, presenting a severe vulnerability in any enterprise's IT ecosystem.

While every business, regardless of size or industry sector, can benefit from immutable backups, these are especially critical for companies that must comply with strict data protection mandates, such as healthcare or financial organisations. Law enforcement agencies also often use immutable backups to protect evidential video and audio data.

Getting immutability right

Many immutable backups copy data bits to the cloud when users create them. When the data is in the cloud, users can flag the system to lock down the data for a set amount of time or indefinitely. Once locked down, the data can be read many times but not written again, even by system administrators.

The cloud is the most common medium for immutable backups because it is typically air-gapped from a company's primary storage medium, often an on-site data centre. The cloud is also preferred because it can be accessed virtually anywhere, making a recovery quick and painless. Compare that with the challenges of recovery from physical tape media that could take days to be retrieved from an archive across the country.

A system for immutable backups will keep a predefined number of set points, essentially an archive of immutable backups. This means the business will always have the most recent clean copy of its data in case of an attack or other unplanned events.

Beyond traditional approaches

While conventional protection measures such as file permissions or access control lists are an essential part of any data security strategy, they can be sidestepped by advanced threat actors.

Immutable backups help keep companies immune to ransomware and many other attacks. While attackers may try to hold an organisation’s data hostage, the effect is nullified when the business can simply recover its data via an immutable backup without paying the ransom.


Editorial contacts

Samantha Bouttell
Anti-Clockwise Consulting
(+27) 11 314 2533