The big headlines have been all about Sony’s security breach, and the massive data leak that occurred. What you didn’t hear about was how large parts of their technology infrastructure were rendered unusable. Most of their workstations were severely infected and inoperable for at least several days (some for weeks) and a large portion of their network and server infrastructure was compromised. Even If the hardware was functional, everything still had to be taken offline, scrutinized and analyzed for evidence, reprogrammed then finally redeployed. Qualified or not, Sony’s IT department had a gigantic mess to clean up, and they had to do this quickly (and improve security along the way) as the company was hemorrhaging money every minute their operations were offline.
If there is one thing that is certain (besides Death & Taxes) is that hardware will fail, and probably at the worst possible time. Why it fails is not important – but how you recover from failure is critical and can mean the difference between an inconvenience and a catastrophe. Sony’s disastrous breach is more of an exception in terms of hardware failure – it’s unlikely every single machine in your company will fail at once, but there’s always the chance that a catastrophe – natural or man-made – can wipe out multiple machines at a time. Preventing this type of event from happening is largely beyond your control. What you can do is control how you recover from it, which is a mixture of preparation, training and flexibility.
- Have a current, offsite backup of all your critical data.
The words “offsite” and “current” cannot be emphasized enough. Onsite backups are better than no backups, but if they get destroyed alongside the equipment they were backing up, it’s the same as having no backups. Depending on your business, current can mean different things – old data might be better than no data, but it could still mean many hours of lost work to get back to where you were before the data loss, and then you have to make up for that lost time. Make sure you are backing up the right data as well. Backing up email that is already stored on a server (which is itself being backed up) is a waste of time and money that could be focused on backing up your work documents. - Understand where your data resides.
Where is your data stored? Where is your email stored? What about your applications? You don’t have to understand the technical details, but you should know whether your data is stored onsite, offsite, in the cloud, or some mixture of all of the above. More importantly, you should know how to get to it – either from an alternate location and hardware, or – in the case of backups – who to contact to have data restored. If your critical business data resides at a single point of failure (e.g. your laptop hard drive), consider what would happen if you were to lose that laptop or if the drive was to fail. - Document your infrastructure.
If your business or organization relies heavily on technology-supported processes, rebuilding your infrastructure from scratch could result in serious disruption, especially if it is built differently, and given the pace of technology advancement, this is almost a guarantee. Older equipment and software may not be replaceable, so plan for replacing them on a non-emergent timeline, and prepare your employees for the change. At minimum, you should know that even if you are able to get equipment and software quickly, there will still be a ramp-up period while everyone gets acclimated to the new environment. Making changes in a stable calm environment is a lot less disruptive than doing so in a disaster recovery situation. - Train yourself and your employees to be flexible.
While it may not be possible for all jobs and functions (and some businesses), the crux of disaster preparedness (and recovery) is knowing how to get things done with the tools you have at hand. Most folks don’t realize that their email can be accessed via other methods than the one or two ways they use currently. The same could be said for accessing organizational data. This is not to say that everyone needs to know exactly how to get it done (technology can be complicated, especially tech that isn’t used on a regular basis), but to be open to doing their jobs differently by using alternate tools and methods.
Whether your company relies on racks of equipment or a single laptop, all of the above applies. Catastrophes come in all shapes and sizes, but hardware failure is always a disaster when you are ill-prepared.
A recently published whitepaper from Redwood, CA security firm Imperva reports a disturbing trend that many technology professionals already suspected: current anti-malware manufacturers can’t keep up with the pace of virus development now that malware has moved from the realm of mischief to big-time criminal enterprise. Researchers from Imperva and students from Technion-Israel Institute of Technology put together a study that pitted 80 new viruses against over 40 of the top commercial antivirus products on the market, including Symantec, McAfee and Kaspersky and found that they were only able to detect 5% of the new malware infections.
It’s important to note that the sponsor of this study, Imperva, has a material stake in future anti-malware development, as their focus has been on developing a method of protection that differs from the traditional signature detection approach used by the mainstream antivirus developers. Signature detection relies on antivirus manufacturers being able to “capture” and reverse-engineer a computer virus strain to develop ways to combat infection, a process that is entirely reactive and time-consuming. As you might have guessed, new viruses can do their damage in minutes on a vast scale thanks to the internet, so relying on protection developed after the virus has been in the wild is of no help to those already infected. Cybercriminals realize they have the advantage of surprise on their side, and are investing heavily in staying ahead of signature detection algorithms.
What this means for you:
Future security is going to rely heavily on a combination of methods: signature detection, heuristic analysis (watching for anomalous behavior), virtualization/compartmentalization and good old fashioned paranoia/preparedness. The public at large has been lulled into a false sense of security in thinking that purchasing a product off the shelf will absolve them of the need to remain vigilant. As some of my clients can personally attest, you can have the best antimalware products on the market and still get infected. Technology security is more than purchasing software and hardware – it’s a process and state of mind that must constantly be maintained. If you are uncertain how to evolve your business practices to step up your state of readiness, give C2 Technology a call – we can help!
Image courtesy of graur razvan ionut / FreeDigitalPhotos.net