Tag Archive for: Recovery

Cybersecurity Threats Need Fresh Data Recovery Strategies

/in


The information age is a double-edged sword. Advanced technologies are accelerating incredible achievements for businesses and consumers. We are more connected than ever, and those connections are faster and increasingly more immediate. But technology has also made it easier for those who seek to gain an advantage by exploiting others. Hidden in the digital web of interconnections are people intent on stealing your content or holding it to a hefty ransom for its return.

I was once told that “The only really secure way to keep your data safe is to put it into a box with no electronic connections and guarded by sentries.” Well, that’s not perfect because humans are fallible. But today’s organizations need digital sentries and multiple lines of defense against cybercrime, which can devastate a business when it hits and impacts can linger for years after the initial attack.

Ransomware has been steadily growing in prominence and impact since the WannaCry ransomware outbreak that infiltrated systems around the world in 2017. While criminals develop more advanced techniques, the fundamentals of ransomware remain the same. Attackers penetrate a network, find and encrypt data, and demand payment for a decryption key.

The threat of ransomware is increasing quickly, and the impact of an attack is enormous. It’s not a question of “if” but of “when” you will face this challenge. Choosing between ransom payments or suffering data loss is costly and risky.

The costs associated with cyberattacks, including lost business, insurance rate hikes, lawsuits, criminal investigations and bad press, can even put a company out of business – and fast! Here are just a few of the many data breaches that occurred during the past 18 months and their costly toll:

The New York Times reported that T-Mobile reached a $500 million settlement after a huge 2021 data breach. The company, which said the attack had affected 76.6 million people, agreed to pay $350 million to settle claims and spend $150 million to bolster security.
• Insider reported that global insurance provider CNA Financial forked over a reported $40 million post-cyberattack last year.
The Washington Post reported that the…

Source…

Password Recovery Questions Are Easy to Hack

/in


Lucky for you, we turned to the experts for tips on fixing them.

Password Reminder Questions Are Insanely Easy To Hack

iStock/mihailomilovanovic

When a hacker claimed to have breached Mitt Romney’s personal email account in 2012, he didn’t do it by infecting his computer with a data-leeching virus or by launching a brute-force password cracking attack—he did it with the word “Seamus.”

Seamus was the name of Romney’s dog, and apparently the answer to his password reminder question, “what is your favorite pet.”  Because Romney’s email address had been made public in a news story several days earlier, and the doggo-in-question was the subject of an unfortunate media scandal for having been strapped to the roof of the family car during a 1983 road trip, the alleged hacker had everything he needed to exploit a notoriously weak gateway to password security: the password recovery question.

While setting a password reminder question is a fine idea in theory (so many passwords, so little mental space!), it has probably encouraged you to make your password overly vulnerable. The simple truth is that in our age of social media over-sharing it is far too easy to suss out anyone’s answers to the question “where did you meet your spouse,” or “what is your mother’s maiden name.” If you have a public Facebook, Twitter, or Instagram account, you also have a dossier of clues for would-be hackers to peruse at will. Many security industry professionals wish the password reminder question would be outright abolished from account setup, but until that day comes, what can you do to work with the system and keep yourself secure?

For one thing, pick a harder question. A Microsoft and Carnegie Mellon study found that the safest password reminder question may be “What’s your father’s middle name,” as it’s easy to remember, hard to guess, and unlikely to be public knowledge on the Internet. (Other safe-ish questions were, “What was your first phone number?,” “Who was your favorite teacher,” and “Who is your favorite singer?”)

Some experts recommend answering the question with a non-sequitur (What is your mom’s maiden name? Platypus). But even a random, one-word answer is vulnerable to a…

Source…

Fremont County, Colo., in ‘Recovery Phase’ After Cyber Attack

/in


(TNS) — Now going into the seventh week of mitigation and restoration, Fremont County government is now in a recovery phase from the Aug. 17 BlackCat ransomware cyber attack.

An extension of a declaration of a local disaster due to the cybersecurity attack expired Tuesday, and the Fremont County Board of Commissioners has no plans to renew it.

Many departments are back up and fully functional, but others are still in the works. Every computer has had to be shipped out to be scrubbed and then have software re-downloaded.


County Manager Sunny Bryant gave a heartfelt thanks to the county’s IT team who has worked tirelessly since Aug. 17 to restore these systems.

“They have worked long days, through weekends, and gone above and beyond to bring county services back up,” she said. “The last six weeks have been emotional, mentally exhausting and physically exhausting.”

But the IT team showed up day after day, she said, with positive attitudes and dedication.

“All county services were affected by the attack,” Bryant said. “I appreciate the public’s support as we work through this and the patience as services were and continue to be restored.”

Board Chair Debbie Bell said the IT staff put in a lot of blood, sweat and tears over the last six weeks.

“Everyone took this attack very, very personally,” she said. “There is truly nothing personal about it, but it felt personal, even to us.”

She also recognized all of the county staff, department heads, elected officials and Emergency Management for their work during the mitigation process and for continuing to conduct business the best they could without computers.

“Thank you to all of our residents for being graceful and gracious and for being patient with us,” Bell said. “This was not an easy thing for any of us, but we are recovering.”

Fremont County Clerk and Recorder Justin Grantham said Election Department is fully functional and ballots will go out in the mail Oct. 10 for the Nov. 8 election.

The Department of Motor Vehicle also is up and running and Grantham hopes to have the Recording Division’s online database up and running soon. Also still in the process of fully being…

Source…

5 Top Recovery Time Objective (RTO) Trends 

/in


Time! Most people don’t have enough of it. They wish they had more. There is never enough time. 

They wish they had lived in an earlier era or could turn back time and fix the errors of the past. People are obsessed with time and all its manifestations. 

And so it is with time for recovery. People want their data back now. They won’t stand for any delays. They often specify a recovery time objective (RTO) of zero. Easy enough to specify but expensive to achieve. 

See below for some of the top trends in recovery time objectives: 

1. Immutability and isolation 

Ransomware has turned the entire world or IT on its head. Backup and recovery are no exception. 

As backups are easy to infect, those wishing to recover data quickly need to take malware into account. 

“To meet RTO demands, customers need to consider isolated recovery environments or immutable solutions that can protect backup copies from ransomware attacks,” said George Crump, chief product strategist, StorONE

“The ever-present ransomware threat forces IT to rethink how they meet recovery point and recovery time objectives.”  

2. Near-zero RTOs 

The overwhelming trend is for people to demand ever smaller RTOs. 

If they can recover in days, they want it in a few hours. If they can make it in an hour, they want to take it down to a few minutes. 

“Organizations are increasingly willing to spend more to shorten their recovery times,” said Vasilii Zorin, senior project manager, Acronis

“Companies need speedy recovery in case of disasters, as they heavily rely on IT systems to facilitate effective work of distributed teams in a hybrid environment. Organizations cannot tolerate hours or days of downtime. They should be able to restore operations in a matter of minutes.” 

3. Zero RTOs

Recovery technology has matured enough, costs have come down enough, and business needs require a zero RTO without compromise, according to Jason Lohrey, CEO, Arcitecta

Easier said than done. Lohrey laid out an all-too-common scenario for what typically happens when an end user needs to recover data in an enterprise environment. 

First, they need to submit a request to the IT department to recover lost data….

Source…