“In a lot of cases, companies do have backups, but they never actually tried to restore their network from backups before, so they have no idea how long it’s going to take,” said Fabian Wosar, chief technology officer at Emsisoft. “Suddenly the victim notices they have a couple of petabytes of data to restore over the Internet, and they realize that even with their fast connections it’s going to take three months to download all these backup files. A lot of IT teams never actually make even a back-of-the-napkin calculation of how long it would take them to restore from a data rate perspective.”
This is part of the focus on cybersecurity, and I insist on underpinning the processes involved in security by design. Always check for disaster mitigation and create a ring style of architecture to insulate the critical processes from the Internet with strict access controls. It will require a triage of data and a complete documentation of the work processes (and other teams) to ensure its reliability and restore in case a ransomware attack locks systems. It won’t hurt to shift systems to Linux or BSD – those are less vulnerable to attacks than Windows, which follows a Swiss cheese model for “security”.