Kirsten Stoner On Improving Resilience Against Attacks On Backup Servers

The threat of ransomware looms larger today than ever before, with 85% of organizations having suffered at least one ransomware attack in the past 12 months. But while organizations are increasingly trying to bolster their defenses against attacks on their production environments, cybercriminals are adapting their attacks to target backup servers. In fact, 93% of ransomware attacks explicitly target backups.

“It’s definitely a concern for most organizations,” says Kirsten Stoner, Technologist on the Product Strategy team at Veeam. “But what’s great is now there are more resilient storage options than ever—think about immutability, and air-gapped, offline storage options. Utilizing those storage technologies is really going to help protect those backups.”

Veeam is a global market leader in the backup and recovery space, holding the highest market share in EMEA (Europe, the Middle East, and Africa) and the third-largest share worldwide. Veeam offers a range of backup solutions to fit multiple business use cases, with the newest addition to their portfolio being the Veeam Data Cloud—an all-in-one storage, cloud backup, and ransomware recovery solution for Microsoft Azure and Microsoft 365.

In her current role at Veeam, Kirsten is responsible for analyzing technology and industry trends in order to strategize global campaign initiatives, deliver technical content that informs customers of key product updates and other industry knowledge, and inform the company on how best to protect their customers’ backups from security threats.

In an exclusive interview with Expert Insights at the 2024 RSA Conference in San Fransisco, Kirsten discusses the importance of sharing intelligence within the cybersecurity community, how backup vendors can better support their customers through the evolution of ransomware attacks against backup servers, and the key steps organizations should take to secure their backups.

You can listen to our full conversation with Kirsten on the Expert Insights Podcast.

Note: This interview has been edited for clarity.

Could you please introduce yourself and tell us a bit about your security background, and your current role at Veeam?

I’m Kirsten Stoner, I’m a technologist on the product strategy team at Veeam. I’ve been at Veeam now for about 10 years, so it’s been quite the journey to see how much Veeam has grown in terms of its product innovations and what we’ve been offering our customers. For anybody who’s familiar with Veeam, you know that, in the past, we used to be focused on virtual machine backup only, but it’s grown so much to cover physical machines, cloud machines, and containers now. It’s been quite the evolution.

And when we think about security, within all the different cybersecurity frameworks, there’s always a place for backup. So, even when I started at Veeam 10 years ago, security was still very top of mind then as well. So, my role involves staying up to date on how to protect our customers’ backups from security threats.

Veeam has been making waves in the data protection and ransomware recovery space with the recent launch of Veeam Data Cloud and industry data on cyber resilience. We’ll talk about the product launch later on, but first I want to know— how important is it for security vendors to share their threat intelligence with the wider cybersecurity community?

I think it’s very important, because cyberattacks happen all the time. And a lot of times when organizations experience one attack, they can experience multiple attacks. So, doing the proper investigation, and finding out what security gaps they might have within their infrastructure is very important. And then also sharing that information with the community can really help other organizations implement the proper strategies to protect their data.

Even at this event here this week, I’ve attended some of the sessions and, whether it be learning about bot attacks or learning about how different file extensions can be indicators of ransomware, you can take that information back to your organization and look for those file extensions, look out for those bots, monitor for that suspicious activity and things like that.

So, sharing the knowledge is very important. And that’s across the tech community in general.

That being said, what trends are you seeing at Veeam in the cyber resilience space?  

What we’re seeing is a level of paranoia. You hear about cyberattacks all the time in the news, and everybody’s paranoid about how they’re going to get in, how they can protect their data, and how they can make sure that they can recover their data if it’s compromised. They’re looking for the highest level of protection.

We’re also seeing the rise of Internet of Things and cloud computing, so making sure that security strategies extend across the organization [is also a key trend]. Everybody’s using a cell phone and accessing their email on their cell phone, so how are organizations protecting that and making sure that threat actors aren’t going to be able to get on [a user’s] phone and access that data? Make sure that you have things like MFA set up or another authentication protocol, so that you have to [verify in] multiple ways to sign into your organization’s applications.

And the same thing goes with cloud computing—what you have on-prem for your security strategy really needs to extend to your workloads in the cloud as well.

Those are some of the things that I’ve been seeing in the industry.

Another key theme we’ve been seeing recently is that cybercriminals are continuing to focus their attacks on backups. What steps can organizations take to secure their backups against ransomware attacks?

Veeam produces a ransomware threat report every year, and we’ve seen 93% of respondents say that ransomware has gone after their backup storage. So, that’s definitely a concern for most organizations. What’s great is now there are more resilient storage options than ever—think about immutability, and air-gapped, offline storage options. Utilizing those storage technologies is really going to help protect those backups.

It’s also really important to have multiple copies of data, following that three-two-one rule, which we all should know about: three different copies of data on two different media, with one off-site. At Veeam, we take it one step further and we say one offline, air-gapped, immutable copy with zero recovery errors.

Also, if your backup infrastructure doesn’t need to be connected to the internet, then don’t have it connected to the internet, because then it’s just one last way an attacker can get in. Then use MFA, the rule of least privilege, and different strategies like that to protect the backup storage.

We’ve spoken about it from the organization’s point of view, so looking at it from the other side, is there anything that the backup vendors can be doing to better support their customers in the face of these attacks?

When it comes to security, a lot of time, it’s education as well. Educating your customers and helping them understand the risks and what’s available to them to protect their data is really important. We do a lot of customer calls, helping them and making sure that they’re following the best security practices for their organizations.

One of the features that we have is a security and best practices analyzer. You log into Veeam Backup and Replication, you press a button, and it actually checks product configuration and security best practices. And it will immediately let you know, ‘Hey, you don’t have MFA enabled’ or ‘You’re not sending your backups to an immutable backup storage option’.

Implementing certain features like that just to help customers, make sure they’re following the best practices, and help guide them to configure their product properly, can be really helpful as a backup vendor.

Veeam recently launched the Veeam Data Cloud, an all-in-one storage, cloud backup, and ransomware recovery solution for Microsoft Azure and Microsoft 365. Can you tell us how these components work together to secure an organization’s backups against ransomware attacks?

Within the Veeam Data Cloud, you still have that immutable backup storage option available to you. You can keep all your data in the cloud; you don’t have to worry about sending it on-site to on-premises storage, you can store it in Azure. And you’re still going to be able to monitor your backups; you’re going to be able to see who’s making changes, who’s performing restores, set up least privilege access and role-based access controls, and things like that.

And you’ll be able to have all that in a single view, so you know that your backups are finishing successfully, they’re going to an immutable backup storage option, you can see who’s making any type of changes or configuration changes, and also who’s performing restores. Because sometimes when a threat actor gets in, they might delete all your backups, change your backup jobs, or perform a redirected restore. And if you don’t have that visibility there, you’re not going to know that’s happening. So, you’re still going to have all those controls within that platform, so that you can monitor the whole backup environment.

What benefits do you think the platform is going to bring for IT professionals in the SMB community?

I was in a session the other day and they were talking about how a lot of economies run on small- and medium-sized businesses across the world. So, it’s very important that the product is easy to use and it’s reliable. A lot of times, SMBs may only have one or two people in their IT department managing all of their backups, maybe managing their help desk, and doing all these different things. So, it’s really important that the product is usable.

And that’s what’s great about the Veeam Data Cloud; you’re still going to get that really easy to use interface that people know and love about Veeam.

It also needs to be flexible as well so that, as your business grows, you can backup that data. The Data Cloud allows you to do that by being able to leverage object storage, which is scalable, durable, and reliable.

It needs to be reliable; you want to make sure that you can recover that data when you need to. So, you’re still going to get those strong features to be able to test recoveries and make sure that that data is available to you.

What are your final words of advice to organizations looking to secure their data—and the backups of their data—against ransomware attacks?

I would say that it’s really important for security teams and backup teams to align and communicate with each other. A lot of the time, there might not be complete alignment or communication; they might be in different sides of the building! So, make sure that you’re communicating with your whole organization about security risks, and educating them.

I would also say, follow the three-two-one rule. Having those multiple backup copies is really important. If one copy of data is compromised, you can take a look at the other copy and still be able to restore it, utilizing immutable, resilient backup storage options as well as MFA and role-based access.

And make sure you’re separating your backup environment from your production environment, so if one environment gets compromised, you can still go to the other environment.

So, all in all, I would say communication across the organization, following the three-two-one rule, using, role-based access controls, and using a resilient storage option, are all pieces of advice I would give.

Thank you to Kirsten Stoner for taking part in this interview. You can find out more about Veeam’s backup, storage, and disaster recovery solutions via their website.

Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions with confidence.

For more interviews with industry experts, visit our podcast page here.