Operational Resilience: Backup Strategies for Crisis Management in the Age of Ransomware

Abstract

Increasing digitalization of systems bring about the grand challenge of keeping these systems secure from malicious prying eyes, and thus highlighting the need for increased Cybersecurity practices. Ransomware is among the most prevalent cybersecurity threats in our current digital era. The attacks are mainly done by advanced persistent threats (ATPs) to increase the impact done to organizations worldwide. Ransomware encrypt data using advanced cryptographic measures and lock users out of their systems to ask for a ransom that is typically paid through bitcoins. ATPs also exfiltrate sensitive data and utilize double and triple extortion methods where they either blackmail the organization with the public release or selling of their data, or they go to the customers to blackmail them, so they pressure the organization into paying the ransom. Defense against Ransomware is possible but in many cases, by the time, ransomware is detected the malicious actors already have strong access into the systems and data. All is not lost however as organizations can bring back their systems and data if there are backup & recovery policies that have been established prior. This thesis systematically explores the ransomware topic scoped on backups & recovery to identify how ransomware attack backups, what are the best practices for backups & recovery, and the corresponding challenges for organizations to produce policy recommendations. To this end, three methods are used. The methods are: semi-systematic literature review, qualitative content analysis, and semi-structured interviews. A triangulation of these methods over cybersecurity frameworks, expert knowledge and backup software provider reports establish essential insights. The main recommendations made are that organizations must ensure that they regularly must create redundant, airgapped, offline, and offsite backups that are stored in multiple storage media. Furthermore organizations must establish proper cyber hygiene practices in order to protect their backups. Lastly, organizations must ensure that they can test and maintain resilient backup & recovery policies through establishing responsibility and accountability of different stakeholders, streamlining their IT environments, and having a cybersecurity-enabling approach to organizational IT governance. The research is a rigorous and comprehensive overview of the backup & recovery topic against ransomware and is academically relevant as it fills research gaps on: how ransomware attacks target backups & recovery specifically, what the best practices offered by the most credible cybersecurity frameworks are, and why organizations still fail in setting up proper backup & recovery practices. The EPA relevance is characterized through navigating a branch of the grand challenge of cybersecurity, namely ransomware. This is a grand challenge as there are a plethora of stakeholders on an organizational level who have different opinions and views on the topic at hand where organizations are comprised of teams in different countries, subject to different regulations, etc. Therefore it is essential in this complex environment to see what could be made as policy recommendations for organizations of all levels against the treat of ransomware with respect to backup & recovery practices.