Why Backups Are the Most Targeted Asset in Modern Cybersecurity Breaches

[johny899]

How many times have you felt the anxiety of potentially losing your backed-up data due to a cyberattack? I felt that same anxiety when I was checking my computer late at night and hoping that my backed-up data was still intact. That experience completely changed my view of security. The point is, are backups the primary avenue that is targeted in cyberattacks today?

Reasons Why Attackers Target Backups​

Honestly, an attacker wants power and influence over the victim. The attacker gains both power and influence when they gain access to a victim's systems, particularly through backup files. By destroying or taking control of backup files, a victim no longer has a straightforward way to recover from an incident. Once this process has been removed, the attacker has ability to manipulate or control the victim.

Based on my observations, attackers most frequently target backups because:

• They often prevent the victim from recovering, which ultimately pressures them to pay
• Backup data is frequently connected to a network and often not adequately protected
• Attackers see backup data as an opportunity to strategically access and then destroy "clean" data

As a result, backup files make for a potentially lucrative target for attackers.

How Attacks Usually Happen​

Most attacks occur over a prolonged period of time. Attackers will usually get access to the system quietly, survey it, and eventually attack the backups last. Why hurry to attack if waiting causes more chaos for their target(s)?

Most hackers will typically:

• Take admin credentials to disable backup jobs
• Delete all cloud snapshots
• Encrypt the backup files when conducting ransomware operations

Have you noticed a lot of breach reports stating, "Backups were ineffective"? This is not a coincidence!

Common Backup Mistakes I Keep Seeing​

The most frequent mistakes that I continue to see with backups (and made them myself) revolve around the fact that the majority of individuals trust their backups. They even do not check to see if they are valid, which the intruders rely heavily on.

Here are some of the most common mistakes made concerning backups:

• No offline or locked (immutable) backups.
• Using the same passwords for multiple accounts/logins.
• No testing of restore operations (which surprises me each time).

While these solutions may not sound very glamorous, they are important!

So, Are Backups the Main Target?​

So, do backups constitute a primary target for hackers? Short answer: Yes! One-hundred percent. Backups, as part of today's modern breaches, are one of the first things that attackers will target. They realize that a victim's broken backup will create an immediate panic and thus additional confusion and stress for the victim.