Doron Youngerwood

Locking Down Backups: Strengthening Security Posture Against Cyber Threats

  • March 12, 2025
  • 5 min read

About Continuity™

StorageGuard - by Continuity™ - is the ONLY Security Posture Management solution for Storage & Backups, helping to ensure these systems are securely configured, and compliant with industry & security standards.

Read more

Backup security is no longer just about ensuring data availability—it has become a frontline defense against attackers who increasingly view backup systems as high-value targets.  

While backup systems are essential for disaster recovery and business continuity, they can also become prime targets for attackers if not adequately secured. Ransomware operators, in particular, aim to compromise backups to prevent organizations from restoring data.  

  • According to IDC research, more than half of all ransomware attacks included attempts to compromise backup systems. Even more concerning, these attempts succeeded 60 percent of the time. 
  • UnitedHealth’s failed Backup strategy – the ransomware attack on UnitedHealth in Feb 2024 highlighted failures like outdated and poorly segmented IT systems, a lack of multifactor authentication, and a failure to isolate backup systems from the primary system – which meant the hacker was able to disable both. 
  • Backup repositories are targeted in 96% of attacks, with bad actors successfully affecting the backup repositories in 76% of cases, according to Veeam Ransomware Trends Report 2024 

Johnson Controls disclosed a massive ransomware attack. The ransom note sent by Dark Angels, the ransomware group, included the following details: “Files are encrypted. Backups are deleted” 

Security Posture Management (SPM) for backup systems addresses this challenge by continuously monitoring and reinforcing security measures, ensuring that backup environments remain resilient against emerging threats. 

Modern backup solutions come equipped with security and anti-ransomware features designed to protect critical data. These capabilities include: 

  • Immutable Backups: Prevents backup data from being modified or deleted by ransomware. 
  • Multi-Factor Authentication (MFA): Adds an extra layer of security for backup access control. 
  • Role-Based Access Control (RBAC): Restricts access to backup environments based on user roles. 
  • Encryption: Ensures data is secure both in transit and at rest. 
  • Anomaly Detection: Identifies suspicious backup activities that may indicate a cyberattack. 
  • Air-Gapped and Offline Backups: Maintains backup copies in isolated environments, inaccessible to attackers. 

While these features enhance security, they do not address the ongoing need for proactive configuration management and compliance monitoring. This is where Security Posture Management solutions fill the gap. 

Despite having built-in security features, backup systems remain susceptible to misconfigurations, vulnerabilities, and compliance issues.  

Backup vendors provide a comprehensive set of features to keep data secure. It may be configured correctly on day one, however from day two, systems often suffer from configuration drifts that generate non-compliance and vulnerabilities that can be exploited by cybercriminals. How do you ensure that your backup system and other components are configured according to security best practices, and are not vulnerable? 

Security Posture Management (SPM) solutions help organizations continuously monitor, assess, and improve the security of their backup infrastructure. Key areas where SPM provides value include: 

  1. Ensuring Backup Infrastructure Configurations are Hardened and Non-Vulnerable 
    Backup systems require robust configurations to prevent unauthorized access and potential breaches. SPM solutions assess configuration settings, identify weaknesses, and provide remediation recommendations to enhance security. 
  1. Detecting Security Misconfigurations and Best Practice Violations 
    Misconfigured backup environments can create security gaps that attackers exploit. SPM continuously scans backup configurations to ensure they adhere to industry best practices, reducing the risk of exploitation. 
  1. Detecting Security Advisories and CVE Vulnerabilities 
    Backup software and infrastructure components are not immune to vulnerabilities. SPM solutions track security advisories and Common Vulnerabilities and Exposures (CVEs), alerting administrators to known threats that need patching or mitigation. 
  1. Detecting Non-Compliance with Industry Standards 
    Organizations must comply with industry regulations such as NIST, ISO 27001, GDPR, and HIPAA. SPM solutions help verify that backup systems align with these compliance requirements, preventing regulatory violations and potential fines. 
  1. Configuration Drift Detection from an Established Configuration Baseline 
    Over time, backup infrastructure configurations may change due to software updates, administrative changes, or security policies. SPM solutions track and alert organizations to any deviations from a pre-established baseline, ensuring that security controls remain intact. 

Backup systems are a crucial component of an organization’s cybersecurity strategy, but they are not inherently secure by default. While they come with built-in security features, gaps remain in terms of configuration management, compliance monitoring, and vulnerability detection.  

Solutions like StorageGuard addresses these gaps by continuously evaluating and enforcing best practices, ensuring that backup systems remain resilient against cyber threats. Organizations that implement StorageGuard for their backup environments significantly reduce the risk of ransomware attacks, data breaches, and compliance failures, ultimately strengthening their overall security posture. 

StorageGuard verifies that your backup systems – from the likes of Dell, Rubrik, Cohesity, Veritas Commvault, and IBM – are hardened, configured according to industry and vendor security best practices, and are not vulnerable. This includes: 

  • Verifying that anti-ransomware features are enabled and configured correctly (e.g., ransomware detection, ransomware isolation, anomaly detection, user behavioral analysis, and AV scanning)  
  • Verifying that snapshots, replicas, images, and backup sets which are required for recovery from ransomware – are secure, immutable isolated and generally protected  
  • Verifying that ransomware protection best practices published by storage and backup vendors are implemented  
  • Validating that data volumes, exports and shares are configured with restricted access and privileges, and according to security best practices  
  • Allowing you to choose the standard sets you wish to comply with, and automating compliance reporting, highlighting gaps, prioritizing risks, and facilitating automated remediation. 

Talk To An Expert

It’s time to automate the secure configuration of your storage & backup systems.

One Power-Packed Virtual Panel. Eight Cybersecurity Experts. Join us on April 3

Register
We use cookies to enable website functionality, understand the performance of our site, provide social media features, and serve more relevant content to you.
We may also place cookies on our and our partners’ behalf to help us deliver more targeted ads and assess the performance of these campaigns. You may review our
Privacy Policy I Agree