The importance of backups within organization landscape.
By Pedro Tavares, Founder of CSIRT.UBI & Cyber Security Blog seguranca-informatica.pt
Today we live in an age where technology is part of everyday life for most people. Have you ever wondered if all the information on your smartphone and your personal computer were corrupted or lost? Your photos, contacts, important documents; with no chance of being recovered. Of course, this would be a very unpleasant situation in your life.
Looking at the day-to-day of an organization, the big picture is nothing different. If this situation would be complicated for a person, imagine what would happen if an organization lost all data. Sales information, customer and supplier data, contracts, sensitive files with large years of history, etc. Certainly, any digital catastrophe would do a great deal of damage to the organization, both reputational and related to the market position – the organization would probably close the doors.
Internet of Things (IoT), Artificial Intelligence (AI), Big Data and social networks — it was not necessary to enumerate CRMs, or even to speak about databases. Some of these ‘words’ have leveraged the amount of information currently available in organizations. Digital data has thus become the new petroleum and guarantee its integrity, confidentiality and availability are increasingly important.
Backups like The Last Resort
The main purpose of a backup is the replication, the copying of information for future restoration or consultation in case of loss, unauthorized alteration or damage to some type of file or digital system, and even until a natural or digital catastrophe.
The backup should preferably be performed on an external drive, and at different geographic location points, to prevent a type of damage from affecting different backups (which would be a huge problem).
Different devices for backups can be highlighted:
- External HD;
- Magnetic tapes (not in use);
- Local and isolated servers (standalone); and
- Cloud-based backup services (e.g., AWS S3).
Each option has its advantages and disadvantages. For example, an external HDD is more portable than most other solutions. For Cloud-based solutions, it does not expose the information in an online service that could potentially be exposed to cyber-attacks, and information subject to data breaches.
However, it can also be damaged or misplaced more easily than a cloud-based solution. In addition, creating snapshots in a multi-device location may become less viable and time-consuming.
Organizations have for many years opted for the use of automated backup solutions on their own servers. Despite the high installation costs, this type of tool brings more security and privacy to those who do not want to transfer the structure to the Cloud. In addition, this type of backup allows for greater scalability and supports a large amount of data.
Cloud backup, on the other hand, has been notable in recent years for its low cost, high scalability and security. Today, companies in the industry can deliver services that use secure connections, encrypted data storage for a low value. With an internet connection, it is possible to hire a tool that can be accessed anywhere in the world for the configuration of a security backup routine.
Take the Sunday Afternoon to Think About the Subject
Cyber threats are constantly increasing. Technologies and software tend to become increasingly complex, with more lines of code (LOC), and with that, the number of faults and potential vulnerabilities also tend to increase.
With this in mind, cybersecurity must be on the agenda of the meeting as a priority topic. There are no bulletproof systems. Note that the exploitation of a zero-day vulnerability could compromise an organization. If a solid backup security policy has not been established, some of the server configurations, software licenses, and sensitive information may be corrupted and destroyed.
It’s therefore essential to lay out all points of failure to prevent and avoid problems this nature. These problems can cause irreversible damage to market positioning and consumer confidence.
About the Author
Pedro Tavares is a cybersecurity professional and a founding member and Pentester of CSIRT.UBI and the founder of seguranca-informatica.pt. In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, hacking, cybersecurity, IoT and security in computer networks. He is also a Freelance Writer.
Segurança Informática blog: www.seguranca-informatica.pt
Contact me: firstname.lastname@example.org