Skip to main content

Have you tested your backup recently?

We're in the business of helping people, so when a business owner reached out for assistance during a ransomware attack they had experienced, our first question was, "When was your most recent backup?" The owner said his CTO assured him they backed up their Amazon Web Services infrastructure. 

Well, they had one snapshot from several years ago, which wouldn't do anything for them. Of course, we always feel bad for giving business owners awful news. But, sometimes, even as experts without the absolute minimum being done technically, we're only left with a few options in ways we can help. So we reversed-engineered and created a decryption application based on the ransomware sample we recovered during our investigation. Recovering over 3 TB of data in the process. While that's not always a possibility, in this case, many things went right for us during the investigation. 

Is there a better way to handle ransomware attack recovery? YES!

But the issue wasn't that the owner needed to be made aware of the practice of doing backups. Instead, there needed to be a process for testing those backups to ensure business continuity.

And if you're thinking, "My business is too big for this to happen to me." the client in this example does just over 3 million a year in revenue. As an owner, hacker rules apply, and you can trust, but you have to verify.

What backup best practices should we follow?

3-2-1-1-0 (The evolution of the 3-2-1 rule) States that every organization should have the following:


Three copies of the data

They should consist of the primary data storage and two additional copies of the data. Think local NAS server, cloud storage, and 2 external hard drives for off-site/offline rotation. (This or some variation of this is what we do for our clients.)

Two different kinds of media

Split the data between storage technologies (i.e., tape drives, external hard drives, solid-state drives, cloud solutions), hard drive manufacturers, series or versions, physical server internal storage, and NAS servers. 

If you must use physical disks in different physical servers as part of your strategy (think physical server and NAS server), break up the purchase date or buy drives from different suppliers, and consider using different manufacturers in production versus backup storage. 

One offline copy of the data

This copy should be disconnected (or disconnectable) from the internal network infrastructure in the event of a breach of your systems locally. 

One off-site copy of the data

This copy should be contained off-site in the event of a natural disaster or any other catastrophic failure that may occur. Again, multiple cloud off-site copies are a good idea here. For example, some of our customers use multiple cloud platforms to store copies of their data. 

Zero errors

Check regularly to ensure the backed-up data is usable and works by
simulating an outage to see how long it really takes to bring you "back online." Tabletop exercises and "fire drills" are great ways to easily ensure best practices are followed and identify issues with the business continuity process. 

If your organization still needs to develop a business continuity plan, consider working with a Managed Service Provider like ours that has your business's operations in mind. We'd much rather meet customers before a disaster than after. Oddly enough, it ends up being cheaper too!. Click here to learn more about our managed services!
Location: Los Angeles, CA, USA

Comments

Post a Comment

Popular posts from this blog

Why traditional Pen Testing is dead.

Annual, bi-annual, and quarterly penetration testing schedules will be a thing of the past.  The advent of sophisticated cyber threats has necessitated a paradigm shift in vulnerability management. In this transformative digital era, the static, once-a-year model of traditional penetration testing is becoming increasingly obsolete. Instead, it's time for businesses to embrace a dynamic model of continual vulnerability detection and mitigation - Penetration Testing as a Service (PTaaS) by Xcape, Inc. This innovative service combines the precision of automated remote pen testing with the strategic oversight of seasoned penetration testers, creating a comprehensive solution for the latest cybersecurity concerns. The Case for Internal and External Network Testing In a conventional cybersecurity setup, the focus is often on safeguarding the external network, the so-called perimeter. However, this perimeter-centric approach, while essential, is not sufficient in today's threat land...
1 comment
Read more

How secure is your SMB's domain name?

Studies show that small businesses are being targeted now more than ever in cyber attacks. ( Forbes: Small Businesses Are More Frequent Targets Of Cyberattacks Than Larger Companies ) When cybersecurity professionals discuss two-factor authentication, domain registrars or DNS hijacking is often not the topic. (Think 2FA for GoDaddy , NameCheap , and SquareSpace , to name a few. Take a moment and use these links to setup 2fa for your domain, or google "How to turn on 2fa for name of provider .") Surprisingly, even in 2023, some providers still don't support this essential security control.  However, your domain name controls an organization's corporate website and email exchange records. And suppose an attacker were to get control of it. In that case, they could recreate your email addresses, and password reset their way to control all the accounts owned by an organization.  A few of the recent incidents we've responded to involve attacks where the attacker obtains...
Post a Comment
Read more

Ensuring Cyber Insurance Coverage: The Crucial Role of Security Controls

In today's digital landscape, many business owners believe that obtaining a cyber insurance policy automatically guarantees protection. However, this assumption is far from reality. Even with general liability policies that cover cyber claims, organizations must meet specific minimum requirements to ensure their claims are approved. In fact, some insurance carriers may collaborate with cybersecurity partners to evaluate the implementation of security controls before determining coverage applicability. Xcape, Inc.  can offer the guidance and expertise to ensure these security controls are implemented to strengthen your overall security posture. In addition, our Managed IT Provider Services implementation of the following security controls gives organizations quicker recovery in the event of a security incident so that our customers can get back to work in minutes and hours vs. days and weeks.  Although often overlooked by insurance providers, your policy documents clearly outli...
Post a Comment
Read more