Breaking Down The Critical Security Controls: CSC 10 – Data Recovery
3 min readData recovery can be the difference between getting your business back up and running or going out of business. Backing up data is something everyone knows about but most don’t do properly or at all. The rising attack known as ransomware specifically targets your backup processes. If you have a good data recovery process in place then paying the ransom to the attackers is not an option. However, for most, paying the ransom is the only option because there are no reliable or complete backups to restore from. Pay it or lose everything.
Here what the control says –
The processes and tools used to properly back up critical information with a proven methodology for timely recovery of it.
Solution Approach
Every competent assessment and audit that looks at IT and security ask about data backups. Business Continuity Plans (BCP), Disaster Recover (DR), archiving and off site storage. How are you backing up? What are you backing up? How often? Where are the backups located? How are they secured? How long does it take you to restore from backup?
Proper enterprise data backup and recovery goes far beyond drag and drop onto a portable hard drive. Critical data in various states, full system images, individual files and emails all stored in such a way they can be restored back to an operating mode as quick as possible. There is a reason larger corporations have dedicated teams and departments that just focus on data backups and ensure those backups can be restored. Data backup and recovery go far beyond an automated batch process.
The testing and proving the restoration process has become vital in security assessments. Many time have companies stood by their backup ability only to fall over flat when they needed to recover from it. Poor encryption key management leaving the backups useless, changing hardware making the restore more difficult, and assuming the bandwidth between the archive location and your datacenter is capable to handle large transfers. If you have a restoration target of four hours, you better make sure you can transfer the terra or petabytes from point A to B in that time.
Much like a Disaster Recovery (DR) or Business Continuity Plan (BCP) a Backup process isn’t worth much if it’s not tested regularly. When you have an event that you need to recover, it’s not IF but WHEN, it’s better to know your plans, processes and technology work ahead of time rather than fail when your business is already off line.
How It Could Be Exploited
A poor backup process is what some cybercriminals count on. Ransomware creators hope a target does not have a backup process that they can recover from or recover from quickly. Those targets pay the seemingly less-expensive option of the ransom. A few thousand dollars to release the hostage data or risk hundreds of thousands or closure of the business if they do not. This is why ransomware is becoming more prevalent and so profitable. For a single target $2,000 is a drop in the bucket. From the attackers view that’s $2,000 across 100 companies that paid up. Do the math and you can see the appeal.
The other attack vector is the backups themselves. You production systems may be trimmed and protected but your backups may not be as secure. Loose storage locations, more accounts may have access into the backup areas. The tools and processes are a treasure trove of access points as those will have access to everything in order to back them up. A simple question to ask, does your backups have the same security protections as your production systems?
All of your production data and more is stored there, why should it be treated differently?
End of line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.
Subscribe
Facebook Page
Follow Me On Twitter
contactme@binaryblogger.com