Along with purchasing a reputable anti-virus solution, the next bit of advice given by cybersecurity experts is to back-up your data. This advice is given freely whether warranted or unwarranted but with little in the way of how to effectively do so. However, for the most part, it is warranted and can be the difference between expensive data recovery costs and loss of earnings due to extended periods of downtime from a ransomware attack, as an example. This also applies to those using cloud services like Amazon’s AWS and yet again while business owners are all but screamed at about the importance of backups, little advice is available to make informed decisions regarding the best path to take.
The Easy Solution
While information is hard to come by on how to effectively implement an aws s3 backup policy that won’t destroy a company’s budget, software solutions are available that do exactly that. Easily backup data stored within an Amazon cloud offering. Amazon itself offers backup service along with its initial offering, however, for those lacking the technical knowledge restoring a backup can be quite a process. Other third-party solutions offer native integration with both public and private Amazon clouds and simplify the entire process. Costing for such a service is incredibly competitive especially when one considers the costs associated with breaching data privacy laws and data recovery staff time.
Another Reason to Backup AWS S3 Data
For the most part, recent ransomware incidents that have turned massive Fortune 500 companies into victims used ransomware variants that would target network resources, like network-connected drives and servers. This has proved incredibly successful with the gangs extorted millions form companies. What of the data stored in a cloud, is that susceptible to been targeted and subsequently encrypted by ransomware?
Unfortunately, in 2020, these questions were answered in the affirmative. A security firm proved it was indeed possible to encrypt data within a compromised cloud. This was done by making a copy of each file within the S3 bucket and then encrypting the copy and deleting the original. The attacker then has the encryption key denying access to the data unless a ransom is paid. It is important to note that if two-factor authentication is enabled then the attack would fail. However, given poor adoption rates of two-factor authentication when an optional choice many users have not enabled the added level of security. Other security firms have confirmed that such an attack is possible.
Conclusion
Using ransomware and tactics employed by those who operate the malware may be seen as a scare tactic. However, the example of ransomware is only one example of malware that can corrupt data and render it useless. Wipers have not being discussed. This pertains to data targeted by an outside force in an attack, we haven’t even begun to describe what a disgruntled employee can do or an accident that renders data, the lifeblood of any organization, useless. Ensuring correct backups are done in conjunction with a good policy will prevent future headaches and help with data recovery crises.
