The acceleration of ransomware threats on federal agencies has added new urgency to modernize backup and recovery capabilities, according to security experts in a new report.
That’s supported by findings from a recent ransomware study where 30% of federal IT leaders reported their agencies have experienced ransomware attacks within the past three years.
However, agency executives can take advantage of modern enterprise data systems that align with the National Institute of Standards and Technology (NIST) National Risk Management Framework, says the report, produced by FedScoop and underwritten by Veritas Technologies.
“Requirements are critical to how to protect [resources] within a risk management framework,” says Mike Malaret, director of sales engineering for the defense and intelligence communities at Veritas.
“By ensuring that our products meet the requirements out of the box, we make it less risky for our government customers to actually choose their costs,” he elaborates.
Data recovery can be complex for agencies, which are measured by how quickly they restore operations following a ransomware incident. But if agencies are to strengthen their networks, cyber defense is only one part of the solution to mitigate threat risks.
The challenge with current ransomware attacks is that threat actors target backup data ahead of blocking users from their primary systems, leaving agencies little choice but to gamble on paying off their attackers.
Given this evolution of threats, there are inherent advantages to adopting data management systems that are engineered specifically to protect against losses in mission services and reduce risks to national security in ways that future-proof an agency’s IT investments, the report explains.
While the pace of attacks has federal agency officials concerned, the study also suggests greater challenges – only about 34% of federal IT executives in the survey said their agency would be able to recover all of their critical data within 12 hours of a ransomware attack, said the FedScoop study, underwritten by Veritas
Modernizing backup and recovery with cloud-based platforms would allow agencies to improve backup and recovery practices by capturing insights from data to develop comprehensive data protection strategies, asserts the report.
The first step toward building that strategy is to discover what data your agency has and where it lives, said Rick Bryant, national healthcare architect at Veritas. “Knowing what’s important, where it’s located, and who has access to it is paramount to being able to effectively protect it,” he explained.
The report gives several recommendations for agencies to better secure backup data, such as:
- Tier data based on its relative value or how often it has been accessed
- Make multiple copies of data backed up in multiple locations
- Invest in backup controls that protect data in both on-premise workloads and cloud environments
- Look for modern security and access features such as application whitelisting to strengthen control over what systems are allowed to interact with the data center
It’s critical for agencies to have a response plan in place before ransomware and malware attacks inevitably occur – and that speaks to Veritas’ unique value proposition, says to Bryant. “We can help [agencies] by protecting those backup workloads, we can help them recover at scale and we can help them address their number one concern, which is budget overruns.”
Read more about improving backup and recovery for data to mitigate cyber risks.
This article was produced by FedScoop and sponsored by Veritas Technologies.