Who could have guessed that having tested, well protected and current backups help when dealing with cyber security incidents?

  • henfredemars@infosec.pub
    link
    fedilink
    English
    arrow-up
    36
    ·
    3 months ago

    We have critical customer data on servers that are not backed up. Our contracts specify liability if we lose that data within 6 months in the millions. Management won’t allocate funds for a backup strategy and hardware to store the data, but I keep rainy day copies on one old laptop and a prayer.

    Ain’t my pig, ain’t my farm. I just work here.

    • criticon@lemmy.ca
      link
      fedilink
      arrow-up
      10
      ·
      3 months ago

      Meanwhile my previous company had a warehouse dedicated to paper backups. We had to work together with a huge team to find and destroy everything older than 10 years (the max we are required to store)

      At the end the remaining documents could be stored in a single cabinet

    • cron@feddit.orgOP
      link
      fedilink
      arrow-up
      28
      ·
      3 months ago

      You know whats even more expensive than backups?

      Show answer

      Not having backups

      • hydroptic
        link
        fedilink
        arrow-up
        18
        ·
        3 months ago

        But but but making proper backups is expensive in this quarter!

        Not having them might be more expensive at some point, but have you considered that skimping on backups will also allow the C-suite and the board to buy more yachts, cars etc. ??? Why will nobody think of the poor rich people

    • cron@feddit.orgOP
      link
      fedilink
      arrow-up
      3
      ·
      3 months ago

      Does this stuff really run on 20y old hardware? Hard to imagine that this hasn’t been lifecycled twice since then.

  • HeyJoe@lemmy.world
    link
    fedilink
    arrow-up
    10
    ·
    3 months ago

    Of all the things our company does badly, I can actually say backups are pretty close to perfect! They are monitored closely for issues since they run all day every day and are tested quarterly to make sure they work. They also have to since it’s part of the yearly audit. Also, they have saved us numerous times from little things like people deleting stuff to full system restores due to bad changes. Thankfully, we never needed them due to our company being compromised… and really hope we never do.

    • skittlebrau@lemmy.world
      link
      fedilink
      arrow-up
      11
      ·
      3 months ago

      Meanwhile at the place I used to work, my boss had a single hard drive holding 10 years of unencrypted client data that he expected me to use day-to-day for live tasks.

        • skittlebrau@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          3 months ago

          I forgot to mention, all of the client passwords for things like web hosting and social media accounts were in a plain text Word document too. The boss didn’t think there was anything wrong with this.

      • HeyJoe@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        3 months ago

        Yup, 2 copies all encrypted. 1 copy kept Onsite and 1 copy kept offsite, and then 1 copy sent to long term storage offsite after 3 months (i forget how long we keep them in long term storage). 1 backup every 24 hours. If the server hosts a dB it also has its own set of maintenance rules with full and incremental changes going from 1 hour down to 15 min depending upon its usage and importance. The storage used is insane but it’s required for our area.

  • 5oap10116@lemmy.world
    link
    fedilink
    arrow-up
    6
    ·
    3 months ago

    My company got hacked and it took about a month to restore all the backups. During that time, we were using mobile hotshots and passing around flash drives. After that, everything essentially returned to normal aside from making sure all the offline work got where it needed to go. We did not pay the ransom

    Asking someone familliar with this stuff ont he IT end: Does it sound like my company was prepared aside from getting hacked in the first place?

    • cron@feddit.orgOP
      link
      fedilink
      arrow-up
      6
      ·
      3 months ago

      Hard to judge from the outside, but I would say you were prepared (with room for improvement).

      • You had working backups
      • Your backups were well protected
      • You did not pay the ransom
      • You were able to work with the limited tools you had
      • And everything restored within one month.

      Companies that are not well prepared:

      • Have no backups or their backups encrypted, too
      • Are not able to operate during the recovery phase
      • Pay the ransom
      • Have no plan in what order to restore stuff
      • Are impacted even one year later … or go bankrupt.
    • TexMexBazooka@lemm.ee
      link
      fedilink
      arrow-up
      1
      ·
      3 months ago

      No, you didn’t meet a reasonable RPO, which is the amount of time between the security incident and a full recovery. Usually with full backups the goal is to get everything back up and running within 24-48 hours, which is pretty much only possible if you have adequate backups to take a “nuke it and rollback” approach

  • Optional@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    3 months ago

    DR Chief: We must run a company wide test at the end of next month

    Executives: Yeah, nah.