Storing company data has fairly simple rules. Protecting them is more complicated. Two “online” copies and one “offline” copy should suffice, but nothing is 100% secure from attack.
“Companies used to have backups to protect themselves from disasters such as fire or floods, and the risk of data erasure or hardware failure. Today, the importance of backups has shifted to protection against ransomware.” Attacks on businesses with malicious code or extortion viruses have become , where the attacker asks for a certain purchase price to unlock data, is more modern than ever. Attackers are often able to lock (encrypt) backups or backups.
The greatest danger is the ignorance of the employees
“According to some analysis data, up to 80% of attacks start with phishing, which is why users really need to pay attention to the files they receive on the computers they open,” Kalotta warns.
Tony Gershin, director of the Center for Cyber Security at Anni doo, emphasizes that (non-)knowledge of users, regardless of all security shields, is critical: “We can invest a million euros in cybersecurity, but if we don’t make users aware that we haven’t done much.” ‘, he says. “The user in his ignorance is still the main factor and biggest threat. On the one hand, the company should give employees only those rights and access they need, and on the other hand, the user should know that they should not click on every file or link they receive.” Those are two important points.” This is one of the reasons why Anni conducts periodic inspections of companies for phishing attacks.
The attacker takes his time and then launches a real “bomb”.
Kalucha continues the conversation assuming that we have a fairly dangerous security system in place at the company and that we have been the victim of a blackmail attack. “Once an attacker is in the system, he usually takes his time,” Kalucha continues. He takes care of the most important data and administrative rights and at the same time it is important for him to discover backup copies. When he estimates he’s done enough, he detonates a bomb, triggers an extortion code, and encrypts the data. The company that was attacked is facing a serious problem and it will be possible to get out of this situation only with payment, ”explains Kalucha.
If the company is lucky that the attacker did not discover the backup, then this is the last line of defense.
Do we have a “clean” backup? Can we get it back?
“If we have an unencrypted backup, we will need to restore or restore the data. Before that, we need to make sure what we restore is clean. This is not easy, but that is why the company needs the help of outside experts like us,” Kalucha explains. .
Let’s say a company has encrypted servers, file systems, important applications and maybe even workstations… It is important that they have a good enough backup to be able to restore it.
Method 3, 2, 1 – The Golden Rule of Backups
For a correct backup, method 3, 2, 1 applies – for every good backup we have 3 copies, 2 of which are online – perhaps even on 2 different mediums: one as a disk system and one on cheaper tapes or discs and a copy of the first copies. “The third copy is an offline copy that only connects at the time of the backup. Where should this copy be? It can be in another geographical location, which is useful in the event of a natural disaster, flood or fire. From a cyberattack point of view However, if a copy is available over a network, it doesn’t matter where it is physically located. This copy can be on magnetic tapes encrypted in an external location or as cloud storage. Acronis is a provider that also provides an offline version in the cloud, where we work With ourselves. We can backup you both on-site and in the cloud somewhere abroad, ”the interlocutors continue the conversation.
“For those companies that can’t afford all this infrastructure, a certain number of external drives, at least three or four, might be a good enough option, depending on how much data you have. We connect these drives to the system at certain intervals when Make an offline copy. It is important to rotate disks. This is a much cheaper affair. It is not automated, everything has to be done manually, but this is the third option offline, ”explains Kalucha.
Backup is important to isolate, fragment and make access difficult
No matter which option you choose, it is very important that you design the system correctly. Every software (software) we use for this purpose must be properly configured and isolated as much as possible. We must place as many obstacles as possible on the attacker. We achieve this by fragmenting as much as possible, separating the servers on which we have backups or backup systems.
“You also need to have its own network, separated by a firewall that should shut off all ‘gates’ (portals) that are not strictly necessary. It is important that your backup is not accessible from your network and is strictly secured. All configurations in this should be locked down. The system so that the settings cannot be changed easily,” Kalua stresses the importance of security.
Also, this backup system should always be kept up to date. Once a vulnerability is discovered and updates are available, they should be updated and not take unnecessary risks.
“The user accounts we use for this server should not be part of the Active Directory infrastructure, so we can’t manage backups with the domain administrator, which is a common practice because it’s the easiest way. But if someone gets into the network and gets access to the domain admin, it’s a common practice. , we can have a big problem. In companies, it is common (also) for one domain admin to have access to everything, including backups. This admin has only one username and password. This can be a big problem. Interviewers agreed. However, the informatics is not aware of this enough.”
From a security point of view, multi-level authentication is also highly recommended. Despite years of warnings, it is rarely used by companies and officials.
Regular tests and data recovery
For backup to work in the event of an attack, a company must perform periodic backups and restore data. It would be fine to do this with outside experts like Annie at least once a year and even better often, but it depends on the capabilities of the company. Each company should have specific procedures for its safety, in this way it will restore or renew the data.
“We recommend that you test the performance of your backup at least once a year. It’s true that if you take care of something and pay for it, it also works. If you buy some software and haven’t checked that it works properly in four years, you haven’t done anything.”
Data security is more important
Why is cyber security still not taken seriously by many? “I am giving a comparison here with home insurance. It is highly insured against damages in the event of an earthquake, although we know there is little chance of it happening. We have quite a few insured cases which are very unlikely. This is also the case with Cyber Threats – These are things we know may or may not happen. It’s very similar, but we will secure the house against everything possible, and many don’t properly care about the company’s security,” Yerschin clearly describes the situation.
Kalucha continues: “Most heavy-hearted companies invest in cybersecurity. For example, a manager invests a lot of money in a company car, and a small part of it will not be given to protect order in the company. True, however, no one sees a system backup, firewall, or multifactor authentication. But if there is a major break-in, the car may need to be sold. We must raise this awareness. The probability of an attack is increasing from year to year.”
“Let’s take a look at what happened in the last few weeks. All the hackers focused on Russia, but I fear what will happen if they respond with the same measures. When the military goes into the field in physical form, we know where the state borders are. However, in the virtual world, There are no borders.Most of the world uses almost the same software, it is not written for each country separately, and its vulnerabilities are the same as in Slovenia, Ukraine, Russia, China or the USA If we all use the same software and attackers use it, on the other hand, We are all equally at risk. The only limit is the internet cable. Unfortunately, awareness is only increasing with events like the one we’ve been witnessing recently. Unfortunately, that’s the situation,” concluded Ershin.
In order to avoid problems as much as possible, Anni also offers a new generation of Watchguard solutions, which take care of comprehensive business protection. This multi-level protection protects against extortion and other viruses and malicious code, detects suspicious and malicious connections, and is able to respond automatically to security incidents.
You can find more on anni.si. (Public relations)