E-3-2-1 Data Protection Strategy is my proposal in the evolutionary cyber arms race between the cyber security community and cyber criminals. Every once in a while, an evolution in adversarial thinking forces cyber security experts to reconsider and update a successful data protection strategy. With the introduction of Maze Ransomware, the 3-2-1 Data Protection Strategy is no longer sufficient to protect organizational data from extortion by a committed cyber criminal.
Although the existing 3-2-1 Data Protection Strategy is applicable for older ransomware like Ryuk, Maze Ransomware operators now exfiltrate critical business data before encrypting your files. This double extortion racket forces organizations into a position to either pay the ransomware or face exposure of data and being non-compliant with regulations, such as General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Therefore, it’s time to include data encryption as a recognizable strategy along with 3-2-1. I am proposing that encryption be our first focus in a data protection strategy.
COOP is Not Enough for Data Protection – Think COOP Compliance
The 3-2-1 Data Protection Strategy is a Continuity of Operations (COOP) strategy; ensure businesses can recover from a ransomware attack or data loss. However, this strategy does not account for recent innovations by cyber criminals. The E-3-2-1 Data Protection Strategy extends COOP to ensure compliance with data protection requirements.
- (E) All data, including backups, should be encrypted
- (3) You should have a minimum of three backup copies of your data
- (2) Data should be stored in a minimum of two storage devices; Network Attached Storage (NAS), detachable storage and cloud storage offer excellent options
- (1) At least one backup should be stored off site
When storing backup data, a detached or disconnected storage device should be used to ensure that cyber criminals cannot encrypt all of your backups; leaving you in compliance but out of luck.
We all know that data encryption is a best practice and recommended by the cyber security community to protect data from being leaked; now it’s time to respect the innovation cyber criminals have integrated into their malware. Maze Ransomware will not be the last ransomware using double extortion. Criminals have seen the benefits of exfiltrating critical business data with the threat to expose. As a cyber security expert, we may say 3-2-1 Data Protection; however, we must be providing an E-3-2-1 Data Protection Strategy. It’s time for some information security innovation in this cyber arms race.