Test your backups

From Krebs Security:

From the blog

“In a lot of cases, companies do have backups, but they never actually tried to restore their network from backups before, so they have no idea how long it’s going to take,” said Fabian Wosar, chief technology officer at Emsisoft. “Suddenly the victim notices they have a couple of petabytes of data to restore over the Internet, and they realize that even with their fast connections it’s going to take three months to download all these backup files. A lot of IT teams never actually make even a back-of-the-napkin calculation of how long it would take them to restore from a data rate perspective.”

This is part of the focus on cybersecurity, and I insist on underpinning the processes involved in security by design. Always check for disaster mitigation and create a ring style of architecture to insulate the critical processes from the Internet with strict access controls. It will require a triage of data and a complete documentation of the work processes (and other teams) to ensure its reliability and restore in case a ransomware attack locks systems. It won’t hurt to shift systems to Linux or BSD – those are less vulnerable to attacks than Windows, which follows a Swiss cheese model for “security”.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.