… can ruin everything.
There's a widely shared understanding that many businesses fail after a catastrophic data loss. While not everyone can agree on the numbers, we can all agree that data loss is something to be avoided.
Poor security practices
Most companies know that their data is important, and they protect it by conducting data backups and restricting access through network credentials. Beyond these steps, many companies only think of IT security as a means to remain in regulatory compliance or prevent data leaks. This is an unfortunate gap in understanding how infrastructure security protects the company from data loss. For example,
Ransomware: The big one on everyone's mind is extortion. The attacker encrypts the victim's data and refuses to decrypt until the victim pays the ransom. Even if the victim pays the ransom, finds a free decryptor, or restores from backup, there's a possibility that some data will be lost forever. The attacker might not decrypt everything, the process may destroy some data, or the backups might be incomplete.
Malware: There are too many types of malware to count, so let's just focus on advanced persistent threats (APTs). When successful, these attacks allow a criminal to spy on a company for a long period of time. With some research, the attacker can find the data that is most critical to operations. Once he has made that determination, he can copy the data for himself and destroy the original copies on the network.For true data protection, deploy multiple layers of security. Click To Tweet
Mobile (in)security: Mobile devices and wearables are everywhere in the network, forcing IT departments to come up with standards and support systems after-the-fact. Some networks are still not fully secure, and employees continue to resist any effort to apply corporate security to their personal devices. This makes mobile devices an easy way for an attacker to get into a network through the mobile device.
Social engineering: Shifting slightly from our focus on technology, consider the security threats posed by an employee with little or no training on the dangers that can slip into the inbox. For example, in 2020, Shark Tank’s Barbara Corcoran made headlines when she revealed that she had lost nearly $400,000 after her bookkeeper fell victim to a phishing scam, paying a fake invoice for real estate renovations. Another recent example of a social engineering attack came to light in November after an attacker phoned a Robinhood support representative and tricked him into installing remote access software on his computer, ultimately exposing the data of millions of customers. After the intrusion was contained, the attacker demanded an extortion payment in exchange for not selling the stolen data.
Watering holes: Not all malware is delivered through email. A watering hole is a legitimate website that has been compromised by attackers who are targeting the demographic of the site. For example, if an attacker wanted to infiltrate ABC company, he would infect a website that ABC employees visit on a regular basis. This could be anything from a third-party HR website to the menu of a nearby restaurant where many of the employees go to lunch. The code could redirect visitors to a phishing site or initiate a drive-by download.
Those are just a few of the examples of how a security breach could cause data loss. Having good backups is a critical step in data protection, but it's just one step of many. For most companies, there's no guarantee that all data will be restored from backup:
- The company may lose all data generated between the data loss and the most recent backup
- SaaS applications and data are often overlooked in data backup and disaster recovery plans
- The format of the restored data may be incompatible with the most recent or only available version of an application that has to be reinstalled
- Some data is simply missed in the backup configuration, or databases aren't configured properly for backup
And in the best-case scenario when you can restore all of your data intact, will you be able to operate during the time it takes to reinstall the operating systems and applications?
World Backup Day
March 31 is World Backup Day, which means it's a great time to remind everyone to think about good data protection. You can get more information from the World Backup Day website here.
Barracuda provides powerful, effective, and affordable security and data protection solutions. Visit our corporate website here for more information
Note: World Backup Day is not associated with Barracuda or Barracuda Backup solutions.
Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology and project management credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.
Connect with Christine on LinkedIn here.