Eradicate learned helplessness
Posted: Wed Feb 05, 2025 10:34 am
In businesses where it is critical to understand the "rollback point" (RPO), cold copies of data are a good idea. And, of course, it is important to store backups outside the corporate network. And in the literal sense. There is an example of one outstaffing company, where the system administrator organized the process in such a way as not to lose data even in the event of a fire or theft of the server. Every day at 17:10, their system stops accepting connections from work PCs and smoothly ends sessions, after which it unloads all databases. By 19:00, everything worked out during the day is merged into a common archive, which is recorded on magnetic tape. The administrator takes the tape cassette to the safe deposit box of the nearest bank and takes yesterday's reel from there, on which a new backup copy is written the next day. This continues constantly. So even in the worst case scenario, his organization's data loss is limited to one working day.
If you look at the list of measures, it turns out that the implementation of all (or almost all) of the above is possible with relatively little effort. The availability of a fairly large selection of open source solutions means that the average company will not have to invest a lot of money in purchasing licenses. This is extremely important when the bahamas mobile database does not yet understand whether investments in information security will be worthwhile.
Well, if the company has already experienced a hack, then to assess the business sense it would be good to calculate the real losses. They consist of the ransom amount (if it was paid), downtime, the number of man-hours spent on restoration, lost profits. And - although the reputation institute in our country does not work very well - of efforts to restore one's own image in the face of counterparties.
If the incident ends with a simple ransom being paid, companies (especially larger ones) will think twice. In their worldview, an organization visited by hackers itself becomes a source of danger. After all, it is a channel for a possible attack on the supply chain. Is it worth dealing with such a contractor when you can prefer its competitor, who does not have such problems? So it turns out that the issue of ensuring the "hygienic minimum" of information security lies in a purely economic plane. If you ignore this point, you can significantly lose competitiveness to some extent.
If you look at the list of measures, it turns out that the implementation of all (or almost all) of the above is possible with relatively little effort. The availability of a fairly large selection of open source solutions means that the average company will not have to invest a lot of money in purchasing licenses. This is extremely important when the bahamas mobile database does not yet understand whether investments in information security will be worthwhile.
Well, if the company has already experienced a hack, then to assess the business sense it would be good to calculate the real losses. They consist of the ransom amount (if it was paid), downtime, the number of man-hours spent on restoration, lost profits. And - although the reputation institute in our country does not work very well - of efforts to restore one's own image in the face of counterparties.
If the incident ends with a simple ransom being paid, companies (especially larger ones) will think twice. In their worldview, an organization visited by hackers itself becomes a source of danger. After all, it is a channel for a possible attack on the supply chain. Is it worth dealing with such a contractor when you can prefer its competitor, who does not have such problems? So it turns out that the issue of ensuring the "hygienic minimum" of information security lies in a purely economic plane. If you ignore this point, you can significantly lose competitiveness to some extent.