StorageGuard - by Continuity™ - is the ONLY Security Posture Management solution for Storage & Backups, helping to ensure these systems are securely configured, and compliant with industry & security standards.
The ransomware attack on UnitedHealth earlier this year is quickly becoming the healthcare industry’s version of Colonial Pipeline, prompting congressional testimony, lawmaker scrutiny and potential legislation.
Over the past few months, there have been two congressional hearings on the attack — one in the Senate, followed by one in the House — as well as calls from multiple senators for investigations into how the government responded to the incident, not to mention the criticism against UnitedHealth’s CISO, Steven Martin, who joined the company in June 2023.
After paying a ransom of $22 million to prevent the leak of stolen data, UnitedHealth had to perform a complete rebuild on its systems, even after decrypting files.
In his testimony, UnitedHealth’s CEO Andrew Witty identified that the company’s backups weren’t sequestered with network segmentation or infrastructure gapping, so the attackers were able to lock those up too, blocking any recovery path from the initial attack.
Very few CISOs used to pay much attention to their backups. That’s no longer the case today.
Ransomware has pushed backup and recovery back onto the IT and corporate agenda – even before the attack on UnitedHealth earlier this year.
Attackers realize that a successful breach of a backup environment is the single biggest determining factor if an organization will pay the ransom.
Some ransomware groups – BlackCat, Akira, Lockbit, Phobos, and Crypto, for example – have been bypassing production systems altogether, and going straight for the backups.
This has forced organizations to look again at potential holes in their safety nets, by reviewing their backup and recovery strategies.
So, how should IT Infrastructure and Security teams deal with this threat?
In the ransomware attack that hit UnitedHealth, the company admitted that their backups weren’t sequestered with network segmentation or infrastructure gapping, so the attackers were able to lock those up, blocking any recovery path from the initial attack.
Network segmentation is a tactic that can greatly reduce the impact of a ransomware attack. By separating the network into smaller, distinct areas, the spread of malware is minimized if one area is compromised.
The lack of multi-factor authentication (MFA) was at the center of the ransomware attack at UnitedHealth.
The attack was orchestrated by hackers who leveraged stolen credentials to infiltrate the company’s systems lacking MFA.
Solutions like StorageGuard can audit and verify that MFA is implemented and enforced across all backup systems. By ensuring MFA is consistently applied, StorageGuard helps to protect sensitive data from unauthorized access – even if user credentials are compromised.
Lastly, restricting administrative privileges is a vital part of a solid backup security strategy, as these privileges can be a primary target for attackers. This includes:
These recommendations can significantly help reduce the attack surface.
StorageGuard can help you by auditing and enforcing strict controls over administrative access for backup platforms.
By ensuring that only authorized personnel have the necessary privileges and that these privileges are regularly reviewed and adjusted as needed, StorageGuard helps minimize the risk of privilege misuse and potential insider threats.
Ensure at least of one of your backup copies is stored on immutable storage. This will ensure your backup data cannot be altered, deleted, or encrypted by malicious actors, including ransomware. And it guarantees the integrity and availability of backup data for cyber recovery.
As recently mandated by DORA and previously by NIST; establishing a secure configuration baseline for your backup and storage environment, and using tools to detect baseline deviations is critical. It will ensure your backup estate is adhering to the principles laid out in this recommendation section – and much more.
StorageGuard can assist with continuous security posture for your backup and storage environment. StorageGuard automatically verifies that backup platforms are hardened, and protected against tampering and unauthorized access. By auditing the security of your backup systems, StorageGuard guarantees that you can reliably restore your data when needed – without the risk of backup data being compromised.
Auditing includes:
Implementing these strategies and leveraging tools like StorageGuard ensures that backup systems remain secure, reliable, and resilient against evolving cyber threats.
Take the 2-minute Ransomware Resiliency Assessment for Backups, to receive your maturity score and practical recommendations.
It’s time to automate the secure configuration of your storage & backup systems.
On October 29, join Dell-Continuity Webinar: 4 Fundamental Strategies To Secure Your Storage & Backup
Register