How cloud backup can help schools protect their data from ransomware threat

In my previous blog, I talked about the increase in targeted ransomware attacks against schools, colleges, and universities, as attackers exploit weaknesses exposed by the shift to online learning and the increasing use of cloud in the education sector.

These ransomware attacks on education institutions pose a real threat to data, particularly data stored in commonly used cloud environments, such as Microsoft Office 365. As I warned in my previous blog, there is still a widespread misconception that Microsoft is responsible for the protection of your data in its cloud. This is not the case.

Of course, there is a certain level of security in place, but Microsoft’s responsibility is for the availability of the service, not the protection of the data. Microsoft even advises customers to use a third-party backup and recovery provider.

This risk to data in the cloud means schools, colleges and universities must have proper backup and recovery capabilities in place. Indeed, the National Cyber Security Centre (NCSC) has written to school leaders and governors with advice recommending data is backed up and to test recovery of it.

One key point about any backup is that it needs to be ‘air gapped’ so that if your main environment is compromised the attackers can’t get from there to your backup environment and infect or disable it.

Last September, a school in South Wales was hit by a ransomware attack with a £1 million demand. The attacker was able to create a domain admin account and encrypt one of the on-premises backup servers. Fortunately, the school was able to recover and restore its data without having to pay a ransom because it also had a separate backup offsite that wasn’t connected and therefore wasn’t accessible to the attackers.

On-premises versus cloud backup

What is the best way to achieve an airtight seal for your backup environment?

For most of us, the cumbersome and time-consuming days of daily offsite tape backups are long gone. Instead, a lot of the leading virtual backup solutions on the market today encourage customers to back up Office 365 into their existing on-premises backup environment. However, there are some serious flaws with this approach.

Firstly, there are lots of hidden costs when you factor in the TCO of infrastructure requirements over two or three years, such as multiple high-spec Intel servers with multiple CPU cores and plenty of RAM, Windows Server licenses, SSD volumes, SAS/SATA data storage, high-speed networking cards and replacement servers.

More seriously, all your eggs are effectively in one basket. If your on-premises infrastructure is ever affected by ransomware or a disaster recovery event, you run the risk of losing access to everything – as nearly happened to the South Wales school in the example above.

Attackers can target the backup software by encrypting config files, deleting registry keys, and disabling the de-dupe indexes and hash files so the backup data cannot be accessed. There are even cases where replicated backups have also been taken out because they were running on the same Windows domain.

That’s why an airtight cloud backup is the best way to protect the data in your Office 365 environment. If the worst does happen, all your Office 365 data is protected and safeguarded and can’t be affected by anything that’s going on in your on-premises environment. And because Cloud-to-Cloud Backup is software-as-a-service (SaaS), you just log in, configure, and then you’re ready to go.

Cloud backup can also easily restore your whole mailbox or individual emails, contacts, and other items back to point-in-time recovery. It audits and tracks what content was backed up every time it runs an incremental backup to make it easy to put your email back to exactly how it was for the date you want it restored back to.

Organisations, particularly those in the education sector, must take the ransomware threat to their cloud environments and the data stored in them seriously. Act now to put a robust backup and recovery plan in place and test it, otherwise, you risk being at the mercy of the ransomware demands of cybercriminals.