Sunday, November 26, 2017

When being ONLINE costs you $250,000. A warning thats good for all businesses (and IT people)



Being online is the big trend (obviously).  Everything has to be connected, fast, immediate.



I'm writing this short post to warn people about a common (it turns out) mistake.


Every time I leave on a business trip, I get an emergency call.  Every single time.


I'm in Paris, it's 1:25am, I just got here a few days ago and am still jet lagged, and I get an emergency call from a trusted contact that one of his clients is in trouble.  I have just enjoyed a series of good wines in the hopes of falling asleep and moving into this timezone and now I have to talk a jumper down from the ledge (just kidding, this client was relatively calm).


Well, this "trouble" I have seen 4 times in the last 3 weeks which I'm starting to find alarming.


Ransomeware is the culprit.  The difference is this time, a longer then usual series of mistakes has led to three interconnected companies to being infected.  A real lottery winner in the world of Ransomeware.

The initial ransom requested :  $250,000  (20 bitcoins)


So this is my forth case in three weeks..... what do they all have in common......  Online backups.


- Some have disk to disk live backs


- Some have a large USB key stuck in something somewhere and thats their backup


- Some have online (Internet) backup but only pay to keep one full copy (crappy service in my mind).


In this day and age, the fact that companies are failing at one of the oldest IT issues (a fondamental one) is still surprising me.


Live (always connected) backups usually means no backups when the right failure takes place.


CALL TO ACTION


So if you "think" you have backups, check if they are offline.  Check if they would survive a ransomware attack.


And by check I mean have a "real" security expert validate your backup architecture.


You see, when you have good backups, you don't have to pay large sums of money to criminals to get your data back.


Wow.... what a novel idea.  Backups that work!


This reminds me of a legal case from many years ago between a large and respected (cough cough) IT firm that had screwed up one of their important clients backup.


In the court hearings, the IT service provider actually said the following:  "Our contract stipulates that we take backups and makes no guarantees that we can restore them".   Can you imagine being told that after you've lost all your data.


Trust but verify.


I'm going to bed now, before my wine stops making me happy.



_______________________________________________

Eric Parent is a senior security expert, specialized in coaching senior executives.  He teaches CyberSecurity at l'Ecole Polytechnique and HEC Universities in Montreal, and is CEO of Logicnet/EVA-Technologies, one of Canada's oldest privately owned security companies.

Follow Eric on:
Twitter @ericparent
LinkedIn :  EVA-Technologies

www.eva-technologies.com


   

4 comments:

  1. I must agree with you on this. Some people are trying to convince me that online backups are safe and I still hesitated to jump on that bandwagon. I know have an argument more against online backups :)

    ReplyDelete
  2. "Our contract stipulates that we take backups and makes no guarantees that we can restore them".

    Thanks for sharing this, and reminding us to always read the fine print !

    Maria Daigle

    ReplyDelete
  3. Thanks for sharing this, and reminding us to always read the fine print.

    "Our contract stipulates that we take backups and makes no guarantees that we can restore them".

    Its not funny, but I can't stop laughing ...

    ReplyDelete
  4. Again concerning "Our contract stipulates that we take backups and makes no guarantees that we can restore them".

    Restoring certain types of backups is simple and straightforward (OS image, emails, ...), but it is not the case for all types of data. Systems that involve transactions, for example, can be quite complicated to restore, and really requires business knowledge to be done correctly. This is probably why 3rd party backup vendors have to add this "limitation" in their contract.

    In a previous job, I remember a human error that required our team to restore some backup data... what a night !!!

    ReplyDelete

Are we even trying over at BRP

This will be a short blog entry.  Essentially, a general observation. If your enterprise was breached and screenshots of user account passwo...