Cloud Backup: The Only Answer to Today’s Hackers
Axcient SVP of Product, Ben Nowacky, had the pleasure of being a guest on the Net Concepts podcast with President and host, Aaron Wagner. The two discussed the importance of cloud backup, current attack strategies and risks, and the perspective necessary to protect data. Tune in for the entire episode here.
Are you ready to be hacked?
When COVID-19 hit the U.S. in early 2020, hackers came together and said they would slow their activity. Not surprisingly, they did the opposite and over 41% of cyber insurance claims in 2020 came from ransomware attacks. Well-intentioned businesses spend hundreds of thousands of dollars on ransom payments, only to find that the data is not released, or it is both released, and sold on the dark web. As you may have guessed, hackers are not to be trusted.
With more complex, sophisticated, and targeted attacks taking place daily, businesses can no longer risk the ‘it won’t happen to me’ attitude. It’s not a matter of if, but when you get attacked and what you will do about it. As Ben says, “You can’t treat this as if you’re going to stop it. You need to treat it as if it’s going to happen. And what can you do to either elongate the time when it does happen, or notice it quickly when it does happen.”
Today’s attack strategies: the good, the bad, and the ugly
Ben and Aaron discussed some of the current trends in hacking, emphasizing the need to be ready for an attack, rather than waiting for one.
Accidental data loss
Not all data disruption occurs at the hands of some shadowy figure with malicious intent. Often times it’s a mistake that goes unnoticed for longer than a default backup system allows recovery. A deleted folder, an innocent attempt to free up space, or an off-boarding process that deletes users too quickly. Human error is the number one reason businesses need comprehensive backup, with unlimited storage and retention, to provide recovery no matter what, and no matter when.
Internal bad actors
Unfortunately, bad actors are everywhere these days – including within your own company. Maybe a disgruntled employee shares or deletes data on their way out, someone with a vendetta could physically attack your equipment with a sledge hammer (yep, it’s happened!), or somebody is compromised by an outside bribe to share data from the inside. Ben says, “Don’t be paranoid, but be realistic. Everyone doesn’t have the best of intentions all the time.”
Social engineered attacks
Whether you’re a TikTok superstar or you’ve never dipped your toe in social media, you’re still susceptible to attack. Hackers are using our interconnected social maps and the wealth of data collected through apps and websites to gain inside information for credible looking ransom attacks, and access to more targets. Aaron explains, “The more information they can collect about you, a friend, a family member, an old colleague… the more of a model they can draw of you. And if you or someone related to you is the target, it makes it easier for them to go after you in a targeted way.”
For example, if you receive an email from what looks like a close friend of yours, you wouldn’t think twice about clicking the link. Similarly, if a lower level employee receives an email from who appears to be their CEO, they would also click before a thorough review. Emotional responses used in social engineering are incredibly effective and widely used in phishing scams. Ben points out the underlying issue, “If you can compromise somebody’s identity, then what can you trust really? If you can’t trust who someone says they are, then everything breaks down after that.”
Additionally, any applications installed on your personal device that you use for business can create a bridge from the mobile device to the corporate network. Ben says, “Your corporate network can be highly secure, but that doesn’t protect against someone’s device that downloaded an app, that can now get access to the corporate network and plant ransomware.” With many using their devices interchangeably between work and personal use, this leaves a huge door open for hackers.
How much are you willing to risk?
As you create your disaster recovery plan, think like a hacker. For them, it’s all about ROI. What’s the least amount of work they can do to gain the most data, or create the largest disruption? As an MSP, you’ve got an especially large target on your back. Not only do you hold your own business data, but you also hold the data of all of your clients. To a hacker, that aggregated data is a jackpot.
As you probably know by now, Microsoft 365 does not backup your data – and that is a ton of data. Additionally, they and many other products offer simplified access with single sign-on (SSO) entry. Without backup, you’re basically luring a hacker into your system by dangling a wealth of data only protected to a single point. The hacking ROI is huge, and it could be fatal for your business.
Aaron and Net Concepts attack these susceptibilities head on. Aaron says, “I lead by doing, not by telling. I have to do all the things that I’m trying to get my customers to do. If I do that, a wider set of my clients are protected and I’m setting an example.” The security message has to push down from MSP to client. Of course, you need to focus on reducing dwell time, implementing multi-factor authentication (MFA), and requiring password managers, but those are just some of the layers necessary for full protection.
A layered security approach puts as many layers as possible between your business and the hacker. You want so many layers that it takes so long to get in, that the ROI is diminished to the point the hacker retreats. As you examine your business continuity solutions, you have to ask yourself, “how much risk am I willing to take?” Aaron answers that question saying, “For me, it’s zero.”
Net Concepts and their clients utilize the Axcient x360 Platform to protect their data with layers of backup that prepare you for the worst. With features like Axcient AirGap that actually trick hackers into thinking they’ve gotten your data, unlimited storage and retention, and Chain-Free technology, your data is safe so your business keeps running. Ben expands on Axcient’s commitment to our Partners, “Everything we do as a company, from every standpoint – from ransomware protection to backup, to disaster recovery to proactive remediation, and the services we provide – it’s all about helping cure data loss.”
About the Author:
Liz Mellem // Technical Copywriter, Axcient
Liz Mellem has been a freelance copywriter for over three years in the technology, education, and alternative medicine industries. She produces content, sales collateral, and email marketing campaigns that contribute to digital marketing strategies for sales growth and brand awareness. In her free time, Liz enjoys reading, exploring Austin, and Netflix with her cat, Harlem.