Who’s on First? Where are the Backups?
It’s truly amazing to see how many companies and organizations are becoming statistics in what has been coined “2016 the Year of Extortion”. With cyber security threats at an all-time high one would think companies would be more prepared for what lies ahead. Instead, we are reading headlines like, “University pays $20,000 to hackers”, “Three US hospitals hit by ransomware”, “FBI: CEO email scams cost US business $246M”, etc.
Just in the first 3 months of 2016 a total of 871 ransomware cases have been reported in Japan .
Most of the mayhem is triggered by an employee unknowingly clicking on what seems to be a legitimate, but malicious email. The payload resulting in an enormous cost and burden to the organization.
But wait, couldn’t this be prevented?
Well, yes and no…
Even with the best up-to-date anti-virus software a new strain of malicious email may still get through. Again, an email appearing as though from a legitimate source is all it takes for the human nature in us to click on the attachment.
After that, the damage is done.
How about backups?
In almost all the recent cases of companies paying the ransom to get their data back, a good backup would have saved both time and money.
It’s hard to believe that so many companies are not able to recover their data from backup.
So what’s going on?
It seems like there are a number of things that contribute to not having a solid backup policy.
Backups aren’t performed on a daily basis
Important data files aren’t included in the backup policy
Legacy systems aren’t supported by backup software
Insufficient storage space available for backups (or just too much data)
Backups thought to be running, but never tested
Backups are mapped to local drive (which are vulnerable to ransomware)
Backups are considered to be a low priority
Don’t wait until it’s too late to get a comprehensive backup plan in place.
Know what your backup policy is and test to ensure they are working properly.