Who could have guessed that having tested, well protected and current backups help when dealing with cyber security incidents?
We have critical customer data on servers that are not backed up. Our contracts specify liability if we lose that data within 6 months in the millions. Management won’t allocate funds for a backup strategy and hardware to store the data, but I keep rainy day copies on one old laptop and a prayer.
Ain’t my pig, ain’t my farm. I just work here.
Meanwhile my previous company had a warehouse dedicated to paper backups. We had to work together with a huge team to find and destroy everything older than 10 years (the max we are required to store)
At the end the remaining documents could be stored in a single cabinet
But backups are expeeeeeeeehhhheeehhhheeeeennnnnsssssiiiiivvvveeeee
You know whats even more expensive than backups?
Show answer
Not having backups
But but but making proper backups is expensive in this quarter!
Not having them might be more expensive at some point, but have you considered that skimping on backups will also allow the C-suite and the board to buy more yachts, cars etc. ??? Why will nobody think of the poor rich people
Having untested backups.
Combining the cost of backups with little assurance. Perfect 💪
Can you come speak at my company?
Best I can do is creating more memes. But feel free to use them for your advantage.
Lol. That’s going directly to the slack
Fuckin network drives, man. And the guy that set up the infrastructure left in 2004.
Does this stuff really run on 20y old hardware? Hard to imagine that this hasn’t been lifecycled twice since then.
Place I left 10 years ago is still using an old IBM s390 and doing backups to tape.
Banking infra is weird bro.
Tape is OG especially for long term storage.
Of all the things our company does badly, I can actually say backups are pretty close to perfect! They are monitored closely for issues since they run all day every day and are tested quarterly to make sure they work. They also have to since it’s part of the yearly audit. Also, they have saved us numerous times from little things like people deleting stuff to full system restores due to bad changes. Thankfully, we never needed them due to our company being compromised… and really hope we never do.
Meanwhile at the place I used to work, my boss had a single hard drive holding 10 years of unencrypted client data that he expected me to use day-to-day for live tasks.
What a cybersecurity nightmare!
I forgot to mention, all of the client passwords for things like web hosting and social media accounts were in a plain text Word document too. The boss didn’t think there was anything wrong with this.
I hope you are protecting your backups really well too
Yup, 2 copies all encrypted. 1 copy kept Onsite and 1 copy kept offsite, and then 1 copy sent to long term storage offsite after 3 months (i forget how long we keep them in long term storage). 1 backup every 24 hours. If the server hosts a dB it also has its own set of maintenance rules with full and incremental changes going from 1 hour down to 15 min depending upon its usage and importance. The storage used is insane but it’s required for our area.
My company got hacked and it took about a month to restore all the backups. During that time, we were using mobile hotshots and passing around flash drives. After that, everything essentially returned to normal aside from making sure all the offline work got where it needed to go. We did not pay the ransom
Asking someone familliar with this stuff ont he IT end: Does it sound like my company was prepared aside from getting hacked in the first place?
Hard to judge from the outside, but I would say you were prepared (with room for improvement).
- You had working backups
- Your backups were well protected
- You did not pay the ransom
- You were able to work with the limited tools you had
- And everything restored within one month.
Companies that are not well prepared:
- Have no backups or their backups encrypted, too
- Are not able to operate during the recovery phase
- Pay the ransom
- Have no plan in what order to restore stuff
- Are impacted even one year later … or go bankrupt.
No, you didn’t meet a reasonable RPO, which is the amount of time between the security incident and a full recovery. Usually with full backups the goal is to get everything back up and running within 24-48 hours, which is pretty much only possible if you have adequate backups to take a “nuke it and rollback” approach
DR Chief: We must run a company wide test at the end of next month
Executives: Yeah, nah.
(Ignore the over-the-top intro if that’s not your thing, the actual video is a fellow talking about things like game companies getting randomwared by Russians)