Protect your business from the impact of ransomware with M365 backup and recovery; keep your business running smoothly and securely by choosing a comprehensive, secure backup.
Ransomware is a clear and present danger for companies worldwide. The costs are staggering: The average ransom payment is around $1.0million, with full recovery costs of an attack around seven times higher than the average ransom. As we see from the ‘State of email security in 2025’ report ransomware attacks are becoming more targeted and disruptive. The most common attack vector for ransomware to enter a business is via email.
The major trend we see with ransomware is threat actors pivoting from an attachment that needs to be opened to hiding the payload behind a link in the email. Our defense against link-based attacks is called LinkLock - where all links are rewritten and scanned for malicious indicators.
The chaos of a ransomware attack is one of the most concerning issues. In the UK, Scattered Spider ransomware attackers recently targeted retailers, including Marks and Spencer (M&S). It took almost two months for M&S to return to normal operations. Among the issues identified as contributing to the delay in recovery was the slow recovery of backups.
Backups are an essential feature of recovery from an attack. However, they must be ransomware-resistant backups. An analysis by the IrishInformation Security Forum (IISF) of attack techniques found that ScatteredSpider identifies and deletes backups as part of the attack, thereby preventing a rapid recovery.
When a ransomware attack happens, a company is faced with a serious situation. Staff must deal with the sudden loss of access to their files and documents. IT teams and the help desk must deal with employees who are unable to continue their work and may feel panicked about the loss of productivity. Upper management must deal with the imminent threat of the release of stolen data, some of which will be sensitive and proprietary. Compliance teams will work to mitigate the impact of their now non-compliant company. The ransom discussion comes swiftly, and the company is placed under enormous pressure to pay.
The rapid recovery of lost files and documents empowers an organization to negotiate effectively. Backups must be designed to rapidly restore files while also being resistant to ransomware.
If you use a Microsoft 365 environment, you may be thinking, “Isn’t the built-in M365 backup enough?” M365 backup is a useful tool. The system covers backup and recovery of OneDrive, SharePoint, and Exchange Online data, within the bounds of Microsoft 365 security. However, it is not enough to handle the chaos that comes with a modern ransomware attack. The M365 backup is limited by the Shared Responsibility Model. This model shifts ownership of data to the company that creates the data. In other words, Microsoft’s primary responsibility is to protect its infrastructure.
Microsoft, in a paper on backup best practices, recommends using third-party backup solutions as a more comprehensive approach to mitigating the impact of ransomware.
Tamper-proof protection against ransomware. Ransomware attackers don’t just target files within the extended network and cloud infrastructure; they also attack backups. By removing the emergency fallback of an organization, they can put increased pressure on the organization to pay the ransom. Backups must be off-site and tamperproof to prevent any manipulation or deletion by malicious actors.
Multi-region storage for compliance and peace of mind. Regulations and company policies typically require that data sovereignty be upheld to reflect the laws of a country. Data sovereignty is an integral part of a robust approach to data management and can be a crucial factor in ensuring privacy and regulatory compliance. Backup services must be able to assure an organization of the geographic residency of the backed-up data to ensure that adherence to those laws is upheld.
Encryption secures data from backup to recovery. Data is at risk if it is not encrypted during transfer and storage. Leaving data unencrypted in a data repository, such as a backup system, puts it at high risk of compromise and exposure. Backup systems must utilize military-grade, standards-based encryption, such as AES 256, to ensure data safety.
Backup must occur simultaneously as data is created. Granular configuration options should offer rapid backup based on point-in-time, item-level, and using self-service restore options. Without synchronous backup, if ransomware strikes, data will be lost.
Microsoft recorded 600 million attacks daily on its customers' Microsoft infrastructures. A backup service must have integrated security, like advanced AI-powered email protection, to prevent targeted attacks.
Data must be restored in minutes for business continuity. The backup restoration process must run silently in the background so as not to interrupt work.
Backups are at risk from compromise and deletion by ransomware attackers. Backed-up data must be tamper-resistant and protected from deletion.
Search must be fast and precise, with policies in place to ensure that data is preserved and meets regulatory compliance. Data sovereignty must be assured.
Data must be encrypted throughout its lifecycle to ensure persistent protection.
An advanced, AI-driven email filter that can be deeply integrated using an API, ensuring that phishing emails are not backed up; this prevents a potential recurrence of a cyberattack. Email filters must be advanced enough to identify evasive phishing tactics, such as QR code phishing (Quishing).
Adversarial AI creates dynamic threats that conventional security cannot handle. AI-powered cybersecurity provides the capabilities needed to protect against dynamic and evolving threats.
Integrated anti-malware technology must have exceptional detection rates to ensure that evasive and emerging ransomware threats are resolved. Ideally, look for solutions that offer a detection rate as close to 100%as possible for phishing and malware.
MSPs require a solution that enables them to minimize management overhead. A single, intuitive console provides control of all customer accounts, backups, and billing. This single-pane-of-glass streamlines the deployment, management, and updating of a backup solution.
Automation helps an MSP optimize the solution functionality and reduce management overhead. A backup solution that handles Entra ID data should automatically protect new accounts added to your Microsoft estate.
Some backup and recovery services set limitations on recovery and charge extra fees. Select a backup and recovery solution that enables large-scale recoveries and migrations at no additional cost.
A backup solution that offers additional support across the entire Microsoft 365 environment, including Azure Blob and Entra ID, can help boost margins.
Choose a backup solution that works with your MSP company by offering 30-day trials to your prospects. An added benefit is a solution that provides co-branding opportunities.
