If there is one word that can sum up the current state of cyber threats, it has to be “thriving”. Cyberattacks of all kinds are on the rise. Instances of ransomware alone have doubled during the first half of this year.
What does this mean for your business? Strengthening your cyber defenses has never been more important. Not only are you more likely to experience a security breach in the future, but it’s also possible that your cyber insurance provider may drop your coverage at the time of renewal.
That’s right. Businesses are facing far more exhaustive renewal applications today, and many are getting outright rejected. That is on top of the rising insurance premiums, with an increase of 20% to 50% on average across all industries.
The reason is simple. Insurance providers are bleeding money due to the rising frequency and costs of cyber threats. As a result, we are seeing a strong push for tighter security requirements. One of the leading requirements involves backup solutions, with a particular emphasis on Segregated Backups. Let’s see what that means for your business.
The Importance of Backup Solutions
At the most basic level, backup refers to an extra copy of anything that you can use if the original is damaged or lost. Just as you can keep an extra print of critical documents, you can keep an extra copy of the data on your digital devices.
In practice, this means setting up your digital systems to regularly create a backup copy of all the data on your devices. This can include your web and database servers, workstations, and the other critical infrastructure of your organization.
With the right software solution, the entire process of backing up your data can be automated. This way, even if an attacker bypasses all of your security protocols, you can still restore your systems to a backup version that was working smoothly.
The Benefits of Backing Up Your Data
Now that you have a basic understanding of what backups are for, let’s consider what makes them so powerful.
Take the typical ransomware as an example. As soon as your device is infected, the malicious program slowly starts encrypting all the critical files on your device. It does that silently in the background until everything is encrypted. Upon completion, the ransomware program locks all those encrypted files with a password.
When this happens, your data is immediately lost to you since you do not have the password to the files the thieves have now encrypted. The only way to access your data is by paying a ransom to the attackers and getting the password from them. Or is it?
With an automated backup solution in place, you can instantly roll your system back to an earlier version and get your files decrypted immediately. In case the infection is still on the system, your engineers can take everything offline while they work on neutralizing the threat. In the meantime, your systems that do not require an internet connection will still operate smoothly.
Of course, cyber threats are not the only danger to your data. Data corruption, device damage, theft, and loss are all realistic scenarios. But with a backup system in place, you can minimize losses and downtimes in many cases.
However, it is still possible to lose your data despite having a backup plan in place. Let’s see how a segregated backup protocol can prevent that.
Understanding the Need for Segregated Backups
The most basic form of backup involves creating a copy of all your data in a dedicated folder on your computer. As you can see, that makes your device a single point of failure, leaving you at a much higher risk of data loss despite the backup.
Consider the following scenarios to see what we mean:
- The hard drives in your workstations and servers could fail, which means all the data on them will be lost. Even the best hard drives have an annualized failure rate close to 1%.
- Sometimes specific sectors of the hard drive go bad, which results in data loss. Your backup could get lost in this scenario.
- Malware could infect every single file on your devices, which means even the backup can get compromised.
- Ransomware could easily encrypt the backup files. The attackers can also simply wipe the drive clean to hurt your business.
- Finally, we can’t ignore the risks of physical damage. Accidents are common. Not to mention the non-zero probability of attackers gaining physical access to your devices.
Despite the diversity, each of those scenarios involves a common end result: your data will be lost and your business will suffer.
Segregated Backups to the Rescue
This is where segregated backups come in. Instead of storing your backups in a single place, you can replicate them across multiple resources. The goal is to add redundancy to your backup plan, eliminating the threat of a single point of failure.
A relatively simple yet powerful segregated backup strategy involves backups on the original device, an external hard drive, and cloud storage. This way if the original device gets compromised, you can use the cloud storage to retrieve a backup copy. Even if the attackers get their hands on your cloud storage credentials, you can still use the external drive to restore your systems.
To take things one step further, you can use cold storage as a final layer of protection. Any device that is connected to a network can be compromised. With cold storage, you can keep a copy of your backups in an external device that’s never connected to the internet or any other network. You only use it to restore your systems if everything else fails.
Understanding the Push for Segregated Backups by Cyber Liability Insurance Providers
Each hour of business downtime incurs losses that the insurance provider will have to cover. That is on top of the additional liabilities that come from a security breach.
As a result, cyber liability insurers are only approving policies for businesses that have strong cybersecurity measures in place. Since segregated backups can dramatically reduce the costs of a breach, it’s naturally given emphasis in the list of new renewal requirements.
Think of it this way: auto insurers try to stay away from reckless drivers. They do not want to take more risks than their systems have accounted for. In fact, consequences for not wearing a seatbelt are coded into the legal system itself.
In the same vein, cyber liability insurers are managing their risk by avoiding clients that commit the cybersecurity equivalent of not wearing a seatbelt.
Now that you understand the WHAT and the WHY, I can share the HOW. If you have a cyber liability insurance renewal coming up, then be sure to take a look at our blog series which lists the security measures required before renewals. If you are thinking of researching insurance policies, you will definitely need to ensure the security measures are in place at your organization. I have provided several links to this blog series at the bottom of this article.
If you do not already have segregated backups in place, I encourage you to speak with your IT provider. If you do not currently have an IT provider, we will be happy to answer any questions you may have. Contact us here to set up a quick phone call with one of our Senior Technology Consultants.
In fact, for the FIRST SEVEN companies that contact us after 12/3/2021, we would like to offer a FREE Strategic IT Assessment.
Visit here to claim this assessment:
Again, please do not hesitate to contact us with any questions or concerns you may have.
For more information on our company and the solutions we offer, visit www.optistartech.com.
Check out our INSIGHTS page for more cyber security tips and articles!
Cyber Liability Insurance Renewal Blog Series: