It’s estimated that a ransomware attack occurs every 11 seconds – and that rate is expected to reach every two seconds by 2031. According to the 2023 Veeam Data Protection Trends Report, 76% of organizations suffered at least one ransomware attack last year. And 60% were hit two, three, four times or more. You can track the latest occurrences online, in fact.

This means organizations need a robust backup strategy that can outsmart bad actors, in addition to the cybersecurity tools they rely on for mitigation and remediation. And these days, that strategy must include immutability.

Cybercriminals are After Your Backups

Backups have become a bigger target as ransomware attackers try to shut down all of a victim’s recovery options. In fact, 94% of attackers tried to destroy backup repositories, according to Veeam’s ransomware trends report. Of those organizations surveyed, 72% reported they’d had partial or complete attacks on their backups and 36% of their data was unrecoverable. Ransomware Zenis,  for example, initially observed in 2018, was among the first to deliberately delete an organization’s backups, going as far as overwriting its backup files three times to ensure that victims have no recourse for data recovery.

Backups are big business for bad actors, and successful attacks on them can have dire consequences for companies. It’s no wonder Gartner has predicted in its 2022 Hype Cycle for Storage and Data Protection Technologies that by 2025, 60% of enterprises will require storage products to have integrated ransomware defense mechanisms – up from 10% in 2022.

Immutable backup storage is essential to cyber resilience, but not all immutability is created equal. The goal of backups is to facilitate data recovery and support business operations. When an incident occurs, the focus must be on getting the business back online as quickly as possible. That said, 58% of backups fail, leaving data unprotected. Just having backups alone isn’t enough. You need a data protection strategy that includes an immutable backup solution for cyber resilience.

Immutable data storage enables organizations to store data such that once it’s written, there’s no way to change, erase or tamper with it. Immutability safeguards data from ransomware and malware as well as from intentional or accidental insider threats. This is table stakes in the ransomware battle due to its effectiveness in preventing erasure or modification, which is typical in ransomware attacks that try to encrypt data.

It would be best if you thought about exfiltration attacks that aim to remove data and publish it to reveal sensitive data, often on the dark web. A real-world example: GoTo, the owner of LastPass, confirmed that bad actors stole customers’ encrypted backups and encryption keys in a November 2022 breach. Safeguarding your immutable backup repository granting precise access rights, enabling backup encryption, and securing the key is essential.

Five Must-Have Attributes of True Immutability

In your storage strategy, cover these five essential elements.

Spoiler alert: NAS snapshots/file system, dedupe appliances, and tape all fall short. However, object storage is uniquely positioned to offer a comprehensive implementation of immutability.

• No overwrites, ever: Ransomware often encrypts data in place, to maximize speed and remain under the radar. Most object storage designs provide intrinsic immutability, meaning data is never overwritten. An object must be retrieved before another version of the object can be stored.
• Support for S3 object locking APIs: Several years back, a significant improvement to S3 emerged: API-level immutability via S3 Object Locking APIs. The main reason for its popularity is that solution providers and app developers have adopted it for use in key enterprise apps like Veeam Data Platform. The latest version of that software also supports direct-to-object storage backups and an extended Smart Object Storage API (SOSAPI). The most recent API-level immutability helps safeguard organizations from accidental or intentional attempts to overwrite data by either a user or an app issuing S3 commands against a data set. This is sometimes the case with ransomware.
• Locked the very second data is stored: If you configure this right, your object-locked data is immutable the second you store it. There’s no window like there is with a snapshot, where things are mutable until you take the snapshot, making it immutable.
• Compliance mode for extra fortification: When an object is placed in compliance mode, neither the object nor its lock configuration can be altered or deleted by any user, including the account’s root user, until the specified retention period expires.
• Configurable retention policies: Placing a retention period on an object version allows you to specify a fixed period during which it remains locked.

Configurable data retention policies guarantee that immutability persists for a designated time frame, in line with business rules or to allow varied policies for different sets of data.

It’s also a best practice to have immutable backups online for fast restore when needed.

Defeat the Data Thieves

Ransomware is a nonstop reality in today’s digital environment. What’s more, backups are a target for bad actors; they don’t want their victims to have any possibility of recovery without paying their ransom.

Immutability is a must-have for building cyber resilience, but not all “immutable” solutions provide the same level of protection. Some forms of immutability leave a window of exposure. Make sure your immutability strategy checks all five boxes discussed here. If even one aspect is missing, your solution is not delivering the protection your data deserves.