In the wake of the high-profile ransomware attack on UnitedHealth, which shook the healthcare industry earlier this year, the importance of securing backups has never been more evident. The incident prompted significant scrutiny, congressional hearings, and a hard look at cybersecurity strategies across various sectors. To gain insights into how organisations can bolster their backup security, I sat down with Gregory Thompson, a cybersecurity consultant with over two decades of experience in the field.
Gregory was candid about the lessons the UnitedHealth breach taught the industry, and he shared five critical tips to secure your backups. As he recounted his experiences, it was clear that these strategies are vital for protecting an organisation’s data from the ever-evolving threat landscape.
1. Network Segmentation and Air-Gapped Backup
“The UnitedHealth attack was a textbook example of what happens when backups aren’t properly sequestered,” Gregory began. “Network segmentation is crucial. It’s about dividing your network into smaller sections, which means that even if one segment is compromised, the malware can’t spread to others.”
He explained that air-gapped backups—copies of your data stored offline or in a completely separate network—are critical. “This ensures that even if your primary network is hit, you have untouched backups to fall back on,” he said. “It’s like having a lifeboat that’s not attached to the ship.”
2. Multi-Factor Authentication (MFA)
“MFA is a must,” Gregory stressed. “The lack of it was a significant weakness in the UnitedHealth case. Hackers exploited stolen credentials to gain access to their systems.”
He advised that MFA should be implemented across all backup systems. “By requiring multiple forms of verification, even if an attacker gets hold of a password, they’d still need another form of authentication to gain access,” he explained. “It’s an extra layer of security that can’t be overlooked.”
3. Restricting Administrative Access
“The more people with admin access, the bigger the target you paint on your back,” Gregory pointed out. “Only those who absolutely need it should have administrative privileges.”
He recommended applying IP Access Control Lists (ACLs) to administrative interfaces and setting up a two-person rule for critical backup changes. “These measures significantly reduce the risk of unauthorised access,” he added. “It’s about tightening the reins on who can do what.”
4. Immutable Backup
“One of the most effective ways to safeguard your data is through immutable backups,” Gregory remarked. “These are backups that can’t be altered or deleted.”
He highlighted the importance of having at least one backup stored on immutable storage. “This ensures that, no matter what, your data remains intact and unchangeable by malicious actors,” he explained. “It’s like having a time capsule that ransomware can’t touch.”
5. Secure Configuration Baseline
“A secure configuration baseline is your foundation,” Gregory stated. “It’s about setting a standard for your backup and storage environment.”
He suggested regular audits to verify that backup systems comply with security best practices, such as multifactor authentication, immutability, and restricted access. “These audits help identify any deviations from the baseline, ensuring your systems are always aligned with the latest security protocols,” he said.
Gregory also mentioned the importance of adhering to guidelines set forth by standards like NIST, ISO, and HIPAA. “It’s not just about meeting a checklist,” he clarified. “It’s about creating a resilient infrastructure that can withstand and recover from attacks.”
As our conversation drew to a close, Gregory emphasised that these strategies are not just reactive measures but proactive steps to fortify an organisation’s defences. “The landscape is constantly changing,” he concluded. “We need to stay ahead of the curve and ensure our backups are not just a safety net but an impenetrable fortress.”
In light of the UnitedHealth breach, these insights serve as a crucial reminder for organisations to revisit their backup security strategies. By implementing these tips, businesses can better protect their data and maintain their operational integrity in the face of cyber threats.
Fallon Foss