- Recent Marks & Spencer attacks reveal defects in current business backup strategies
- Hyperbunker pushes offline storage while criticisms question the cost and practice
- Data diodes create unidirectional channels, keeping the businesses disconnected from networks
The great British retailer Marks & Spencer (M&S) was recently struck by a ransomware attack which disrupted internal systems and would have locked the employees of the critical files.
The incident is part of a wider trend in cybercriminals targeting large organizations with ransomware attacks and the payment request to restore access.
This hack could have been prevented if the backups were isolated, thus preventing attackers from encrypting or deleting M&S data, but this “allowable” approach brings its own financial charges.
Data diodes and physical isolation as protection against the last object
Hyperbunker, an infolab spin-off based on Zagreb, promotes its offline safe based on diodes as a backup against such violations.
This system writes backups using data of data diodes, a method that creates a strictly unidirectional “data-in” channel.
Backups are stored on SSDs or disc readers in a chassis-bar, entirely disconnected from external networks.
This idea, familiar in nuclear installations and military facilities, has rarely been observed in data protection for daily companies.
The company insists that its safe remains invisible in network infrastructure and therefore inaccessible for pirates.
“You see servers and readers shipped [to InfoLAB] From all over Europe, companies have blocked from their own data. And why does this happen if they have perfect cyber-protection tools? »The investor and advisor Matt Peterman said Blocksands.
“Sometimes this is due to a failure of equipment, and often due to ransomware. And in these cases of ransomware, nino [Nino Eškić, InfoLAB’s CEO] could do very little except suggesting to negotiate through brokers. This frustration is what prompted him to design offline protection that really preserves the most critical data. »»
Hyperbunker claims that its patented optical isolation and its “button logic”, introduced in October 2024, avoid vulnerabilities linked to network protocols or handshake that have afflicted previous systems based on diodes.
Despite its promise, the concept raises concerns because traditional backgrounds have collapsed or has been bypassed in the past.
This happened in cases involving capital health, community health systems, VEEAM customers and NHS.
Offline storage is not a magic shield, although Hyperbunker says “the only vulnerability is the physical flight of the device”.
Distribution of units and encryption of stored data can reduce the risk, but this multiplies logistical and financial requests.
Companies already juggling down several backup solutions could hesitate to invest in a “backup of backups”.
Although the device is marketed as a simple, removing dependence on complex protocol stacks, its effectiveness depends on careful manipulation and secure locations.
Companies weighing this approach must examine whether the costs, logistics and physical flight potential prevail over the offered protection.
