Ransomware and Malware Terrorists should not become Business Vendors

Ransomware/Malware Terrorist should not become business vendors
Data Breach
Ransomware/Malware Terrorist should not become business vendors

Penny Garbus – President, Soaring Eagle Data Solutions

As a managed service provider, we often hear, “Our Backups are too expensive. Our databases are too large. We cannot do a full backup.” We had a client that ran only incremental backups for 5 years.   They never tested to make certain they were restorable. As a result, some never ran at all; some failed to be stored probably due to network connection failures. This went on undetected.

Many businesses now have a budget item to pay the ransomware rather then find ways to afford a Disaster Recovery Program. Space in the leading cloud environments is still costly. Licensing and manpower are costly.

The organizations decide to trust the terrorists to restore their data rather than come up with strategies to protect their data completely and independently. Unfortunately, if your data is disrupted, you are lucky to get 80% of your data back in a useful state. Often the terrorists destroy your environment so badly that they cannot correct the wrongs they have caused.

Also, you cannot trust not to create a back door inside your environment and attack you again months down the road; after all, you already paid once.

Consider reviewing your organization’s needs. If you can, shore up a secondary environment that holds the vital information that you need to run your business for 3 – 5 days while you put the historical information together. Please stop paying the terrorists — you are legitimizing their practice buy setting up budgets for them.  Instead review all preventive measures that you have addressed and look for items that you may have not considered. Then look for low-cost DR Storage. Periodically practice restoring from that storage and keep everything you can there. Your application code, runbooks, DR plan, roles and responsibilities, security information. Who knows where all of the security keys are kept and who can access them? Who knows how to reinstate the application and the database connections? Practice DR and keep everything stored outside of our Production and development networks.

The next time the terrorist come calling you will be ready. Maybe you will save your company, money, time, embarrassment, regulation fines and customers.