Tech-savvy individuals and firms have been eager to apply their skills to the coronavirus pandemic, as they should be. Some of them are working with governments who have flexed their "special powers" and public health muscles, as governments should do.

Much of this tech effort, from all sides, has been put into contact tracing, which aims to find out who might have been exposed to the virus from an infectious person.

Contact tracing is already a routine process in most developed nations for battling things like meningococcal disease, tuberculosis, and sexually transmitted infections (STIs), including HIV.

Normally, this "painstaking and quick detective work" is labour-intensive and involves lots of phone calls and text messages. The new technologies that are being developed intend to improve that.

Australia's plan toadoptTraceTogether, the COVID-19 contract tracing app from Singapore, is one obvious example.

The remarkable partnership between Apple and Google to roll out APIs to enable contact tracing apps is another.

But how many of these players are thinking about the long-term implications?

TraceTogether's creators seem to have made a solid effort to protect users' privacy from each other. The co-called "Central Authority" server generates temporary IDs which are periodically refreshed, for example.

The data log only contains relative distance between users, as determined by the Bluetooth signal strength, not the exact location where the users came in close contact.

But a detailed analysis by researchers from the University of Melbourne and Macquarie University highlights a range of privacy flaws.

One key problem is that users must trust the Central Authority -- in Singapore, that's a Ministry of Health server -- to do the right thing.

"Even though the data logs are only sent to the Central Authority following user's consent, there is no check to ensure that the request from Central Authority is genuine or not, i.e., whether that user was in proximity of an infected user," the researchers wrote.

"Thus, a curious Central Authority might be able to obtain and decrypt data logs from a large number of users yielding to [a] potential mass-surveillance threat."

While the data logs held locally on users devices are deleted after 21 days, there's no guarantee that the data logs decrypted at the authority server would also be deleted.

As well as tweaks to provide more protection from the Central Authority, and less centralisation, the researchers also recommend that any future use of anonymised data logs "must be restricted".

"An important aspect of data gathered by the server is future use by epidemiologists and policymakers," they wrote.

"Although the information seems innocuous, it can be very sensitive and reveal a lot about the users."

The privacy of medical information is particularly important.

As the Australasian Contact Tracing Guidelines remind us, any disclosure that individuals have tested for, or are living with, such as HIV/AIDS or other STIs, can invite social stigma and discrimination.

"People may be reluctant to seek medical attention if they fear their information could be disclosed to others. This 'chilling effect' could have implications for the future prevention, treatment and study of medical conditions."

These risks are also present with COVID-19. Australia is already seeing racist vandalism and physical and verbal abuse. If specific individuals are ever identified, their situation would only get worse.

For this reason, the researchers say that the data shouldn't be made public, even if anonymised.

"A large percentage of the people might share their data. Even the contact graph, without locations, timestamps, phone numbers or explicit identities, can be linked to other data sources enabling user re-identification."

In fact, another University of Melbourne team found such a vulnerability with a supposedly anonymised public dataset in 2016 and had re-identified seven prominent Australiansin 2017.

The government didn't really fix the problem, however. They just tried to make data matching illegal. The legislation lapsed before the federal election in May 2019.

Digital Rights Watch Australia (DRW) has called for more transparency about the planned use of TraceTogether, along with "unimpeachable guarantees" that the data won't be used for anything else.

"They certainly need to do better than suggesting that privacy implications will be examined by the Attorney-General," said DRW chair Lizzie O'Shea on Wednesday.

"Everything about this needs to be transparent. The code must be independently audited. There needs to be a clear benchmark for when data will no longer be collected and the app deactivated."

O'Shea noted, as others have, that there's a real risk of false positivesand a need to preserve human rights even in the face of a pandemic.

"The existence of encryption-breaking laws like the government's own Assistance and Access [Act] undermines our capacity to keep such systems secure," she said.

"Such technological tools need a social licence to operate effectively, and the government has a long way to go before it comes close to earning it."

In a global context, Dr TJ McIntyre, an associate professor in the Sutherland School of Law at University College Dublin, went further.

"COVID-19 tracing is the most significant technology policy development of this generation -- even more so than the war against end to end cryptography -- and we're watching it happen at breakneck speed," McIntyre said.

"The role of tech firms vs states will be critical."

Genevieve Bell, director of the 3A Institute at the Australian National University wrote that the response to the coronavirus presents a chance to reinvent the way we collect and share personal data while protecting individual privacy.

"The speed of the virus and the response it demands shouldn't seduce us into thinking we need to build solutions that last forever," Bell wrote.

"There's a strong argument that much of what we build for this pandemic should have a sunset clause -- in particular when it comes to the private, intimate, and community data we might collect."

Of course, once governments gain certain powers or access to certain technologies, very rarely do they hand them back with a friendly "Thanks, we don't need that any more".

In fact, the opposite happens. There is always scope creep.

What makes the current situation in Australia even more worrisome is that TraceTogether has been fast-tracked through the review process at a time when Parliament and its various oversight committees have been shut down.

Yes, we need to fight the coronavirus with extraordinary measures, but we also need to have our wits about us.

Updated at 9.34am AEST, 16 April 2020 : Clarified status of lapsed data matching legislation.

Here is the original post:
Coronavirus tracing tech policy 'more significant' than the war on encryption - ZDNet

Hello,

A few days ago my laptop crashed and I had to reinstall W10 all over again. Luckily I had copied most of my files on an external drive. What I forgot to do is decrypt the files first before putting them on that drive. I used cipher to encrypt.

Now that I have reinstalled W10 (it works fine again), I cannot open these files. I have tried to decrypt with command prompt (D:>cipher /d "D:>folderfolder.doc.doc" whereas D: is the letter of the external drive), I also tried right mouse click on the document (on the external drive) > Properties > tab Security > Advanced / Edit > ... , following tips from the internet. But I still cannot decrypt the files. Even copying to the laptop drive isn't allowed.

Can anybody help?

Regards,

jazz

Edited by hamluis, Today, 05:35 PM.Moved from W10 Discussion to Encryption - Hamluis.

Read the original post:
Decrypting file on external drive - Encryption Methods and Programs - BleepingComputer

Ray Hillen, Managing Director of Cybersecurity at Agio

COVID-19 has induced a significant shift in the way we work. Remote is the new reality. As large swathes of the financial services economy acclimate to working from home, its workers are finding new methods for cross-enterprise communication.

For many, Zoom has been the answer to staying connected in the workplace. The video conferencing tools growth has exploded since virtual meetups became the new norm, with many organizations embracing the platform to exchange sensitive data, discuss proprietary information and conduct high-stakes business negotiations.

The apps customer base surged from 10 million users pre-outbreak to 200 million. Including 600,000 new clients onboarded on March 15 alone, the same day social distancing orders were first put in place across the country. The US government stands out here, having signed enterprise contracts with Zoom valued at $1.3m as part of its pandemic response.

There may be, however, a tremendous cost to Zooms convenience.

Simply put, the widespread adoption of Zoom amid a global pandemic might be the security vulnerability of the decade. In fact, any financial services organization using the service should immediately assume their user credentials are under malicious parties control. In recent weeks, New York Attorney General Letitia James has probed Zooms data security strategy, and whether the companys security protections can keep up with the spike in users. It is also our understanding the FBI, among other federal government agencies, has also prohibited the use of Zoom and WebEx due to security concerns.

At Agio, we have discontinued the use of Zoom. This piece explains why the platforms use poses a significant risk to organizations and what actions leaders should take to mitigate that risk.

Privacy Policy

Zoom has already set a precedent for lax privacy and security. Until recently, the platform created a local web server on users device allowing it to turn on the devices camera.This server was not mentioned in any official documentation and The Electronic Privacy Information Center filed an FTC complaintagainst Zoom, alleging intent to bypass browser security settingswithout the knowledge or consent of the user. This, in turn, introduced risks including remote surveillance, unwanted videocalls, and denial-of-service attacks. Arvind Narayanan, associate professor of computer science at Princeton University and digital privacy expert, has even referred to Zoom as malware.

The platforms privacy policy is another cause for concern. While it claims not to sell user data for money, this does not include sharing information with third parties like Google or Facebook, for targeted advertising or other undisclosed business purposes. Despite the exchange taking place, it is not bound by any privacy agreement. The process for rejecting data collection is also notoriously complicated, with experts reporting that users must opt out of more than 85 separate cookies.

Encryption

Another area of concern is Zooms claims around encryption capabilities. After initially stating its platform used end-to-end encryption to protect virtual meetings, the firm recently admitted in a blog post this was not the case. Instead, calls are encrypted using transport layer security (TLS), which is known to be less secure. The company also claims that audio and video meeting data is protected by 256-bit advanced-encryption-standard (AES) keys. Several sources, however, have revealed the keys are actually 128-bit. They are also run in electronic code book (ECB) mode, which fails to completely anonymize underlying data. This runs counter to the professional recommendation that encryption keys are run in Segmented Integer Counter or f8 mode. Crucially, Zooms lack of end-to-end encryption extends to its Company Directory, opening the door to thousands of email addresses and photos being leaked to strangers. With this information, a bad actor can conduct Zoom video calls with the owners of those emails.

Zoom now states it has implemented robust and validated internal controls to prevent unauthorized access to any content users share during meetings and that an on-premise solution exists today to give users direct control of the key management process. To date, however, Zoom has not addressed criticisms of encryption key length, mode discrepancies or its lack of true end-to-end encryption.

An added vulnerability, which is particularly prevalent on Windows operating systems, is Zooms ability to convert universal naming convention (UNC) paths into hyperlinks. If a meeting participant is duped into clicking on one of these links pasted inside Zooms chat section, they can unknowingly send their computers username and password hash to a bad actors server. Using decryption software to uncover these credentials, the bad actor can then breach users by joining calls as an uninvited guest (Zoombombing); accessing the users desktop remotely; browsing through any shared network folders; breaching local network devices; and conducting SMBRelay attacks (where the attacker can alter communications being exchanged between two other parties).

Server Hosting

A geopolitical dimension to our concerns around Zoom is the companys ties to China. The AES 128-bit keys used to encrypt Zoom meetings come from the companys cloud infrastructure, which consists of servers that situated all around the world, including China. Servers in China may even be engaged when a virtual meetings participants are all domiciled outside of the country.

Zoomsrecent filing with the SECreveals the company owns three China-based subsidiaries employing more than 700 R&D employees to create Zooms app. Keep in mind that more than 80% of Zooms revenue comes from North America. An application used by financial services businesses to exchange high-value information, especially one with limited security, is a ripe target for nation state attackers conducting electronic espionage.

Against the backdrop of a trade war and claims that 5G equipment manufactured by Chinese telecom companies might threaten US national security, one should consider whether Zoomcould be pressured, or legally obligated, to share servers or encryption keys with Chinese authorities on-request, and what the state would do with that information. Compared to other technology companies, Zoom has provided little information around how many government requests it receives for data, or whether they comply.

Conclusion

So, what protective retroactive steps can an organization take to secure itself, and its devices, when conducting virtual meetings? Here are some suggestions:

If an organization opts to use Zoom, the consequences can range from breached employee privacy and corporate sabotage, to reputational damage and theft of intellectual property. Regardless of Zooms retroactive measures, which allegedly include new patch fixes, enhanced bug bounty programs and third-party security expert review, this platform is not fit for commercial use.

In Zooms case, the convenience is simply not worth the cost.

The views represented in this commentary are those of its author and do not reflect the opinion of Traders Magazine, Markets Media Group or its staff. Traders Magazine welcomes reader feedback on this column and on all issues relevant to the institutional trading community.

Continued here:
Zeroing in on Zoom's Threat to Financial Services - Traders Magazine

By Karmesh GuptaIn recent weeks, working from home has become the new normal. With Covid-19 keeping everyone indoors in the safety of their homes, enterprises are worried about the safety of their proprietary data as a sizeable number of employees are accessing their company accounts and sensitive data using personal devices.

Working from home is necessary for companies to continue functioning. However, the real challenge in the world of employees working from their own homes is not the slack in productivity or the threat of transmission of the virus, but cybersecurity.

CxOs have the advantage of calling system admins over to their home offices and setting up their network connections up to corporate standard to ensure data safety. However, for other employees, the risk of a data breach is very real. That not only threatens the integrity of a company, but also increases the headache of the CxOs and their share of work.

So, what should you do to ensure that your company network is safe while your employees are working from their homes

1. Provide VPN access to your employeesOne of the easiest and cost-efficient ways to protect your company network and data is by providing all employees with VPN (virtual private network) access. Deploy a VPN so the data moves securely between the companys core systems and the devices used by your employees. A VPN adds an extra layer of security, and heres what it can do for your employees a. Hide their IP addressb. Encrypt the data being transferred between devices using the VPNc. Mask the location of the sender and the recipient of the dataMany of the larger corporations already have a VPN in place. Smaller ones might need to choose a VPN provider. Ensure that all your remote employees have access to the VPN service. If necessary hold a meeting or share tutorials on how to use a VPN efficiently to protect company network.

2. Ensure complete security of your VPNChoosing a VPN service out of a list of the best-rated ones is not enough. You need to ensure that it delivers the highest level of security to your company network that it promises. For that, the employer or the company IT team needs to focus on the encryption used by the VPN.

The strength of any encryption depends upon the bit size of the encryption key. The strength of the encryption depends upon the length of the key. Longer keys can provide optimal protection against brute force attacks.

The RSA (Rivest-Shamir-Adleman) encryption system has been popular for over two decades. It is an asymmetric encryption system that can utilize various key lengths including 1024-bits and 2048-bits. RSA-2048 or higher is necessary for corporate networks to optimize their VPN tunnel. Till date, it is one of the few that has not been accessed by an unauthorized third-party.

3. Use MAC binding Your IT team can use MAC binding to control which devices can access your closed company network. MAC address binding links MAC addresses of LAN and WiFi interface of employees official machine with the VPN User Id.

After static MAC binding, only the device (computer, laptop, iPad or mobile phone), with a specified and approved MAC address can receive and send information across the VPN only.

It also discourages employees from using their personal devices for official work. Since personal devices rarely have updated OSx and state-of-the-art firewalls, using them can increase the risk of data breaches and DNS attacks

4. Implement multi-factor authenticationTwo-factor or multi-factor authentication is an effective way to deter unauthorized users from accessing your company network. Work with your IT team to set up two-factor authentication systems for each employee who needs to log into their company user profile remotely.

A multi-factor authentication could be a combination of the following a. Something known to the user (user ID, PIN, or a secret question)b. Security key, token or card that the user possesses physically or can be sent to the registered mobile number of the userc. Biometric identification (if supported by the users device)In most cases, biometric identification is far-fetched for those working from home. Therefore, two-factor authentication, or a combination of user ID along with a one-time-password (OTP) sent to the users personal registered number is used as a hallmark of security in the country.

5. Discourage the use of third-party remote access platformDeploying a remote desktop service (RDS) or application can result in a bottleneck in the network unless the IT team can adjust and size the network suitably. In case your team has to use a remote desktop service, it is imperative for the CxO to set up a remote desktop service monitoring system.

The RDS can be the weakest link in the chain and allow third-party intervention. It can threaten the security of your company network despite the use of the best VPN service in town.

You and your team should choose the RDS very wisely before you begin exchanging information and holding meetings on the remote desktop platform.

Remote working is the life-blood of thousands of small and large companies across the country right now. However, it is also important to safeguard the company data while your employees are working from the safety of their own homes. Make wise choices like setting up a VPN with RSA-2048 or higher, using MAC binding and leveraging multi-factor authentication to keep the sensitive data and information of your company safe and secure.

The writer is CEO& Co-founder, Wijungle.

Read more:
Top tips to safeguard your network when employees are working from home - Economic Times

In the 1900s computer punch cards could store only 80 bits of data, most cellphones today store the equivalent of 400 million cards or more. From hard drives to networks, and data encryption to cloud data, the advancement of memory storage and security has been vast in the last 70 years. We are now living in a digital age, but how did we get here? 1950The first hard drives were developed in the 50s making storage of information easier. In 1956 IBM unveiled the RAMAC 305, a magnetic disk drive that could store 3.75 MB of data. It was the first storage device allowing random data access, eliminating the wait time of drums or tape to get to a data point.1960A little over 10 years later the floppy disk was invented, again by IBM. Floppies allowed people to buy, load, and share data, which sparked a new aftermarket software industry. The 8-inch disks could hold 80 KB of data and were first sold in 1971.

Also within that timespan, Semiconductor Random Access Memory (RAM) was developed. Over the next five years RAM storage capacity grew 32 times its size, going from 8 bits to 256 bits per chip. Semiconductors allowed memory devices to shrink in size and operate at higher speeds, paving the way for personal computers.

Viruses became more prevalent and in 1988 the Morris Worm infected 1 in 10 computers connected to the internet within 24 hours. This followed by Dr. Popp, the first known ransomware in 1989. Dr. Popp was spread through floppy disks and after lying dormant for 90 power cycles, the malware locked the infected computer and demanded payment to release it.

Soon after, in 1998, IBM and CISCO developed Internet Small Computer Systems Interface (ISCSI). ISCSI allowed access to stored data over an internet connection, making block storage cheaper and easier than SAN could.

In 2017 Generative Adversarial Networks (GAN), were used to superimpose celebrities faces in adult films. A few months later with the help of GAN, a video was forged of President Donald Trump speaking about climate change in Belgium. These fake videos were convincing enough to raise serious concerns over how to determine datas authenticity. Over half of companies have said they plan to continue increasing security

By 2025 175 Zettabytes of data will be stored worldwide, mostly through cloud-based data centers. As AI and machine learning increase the value of big data, so do the opportunities for data breaches. So now that were here in the digital age of data storage, consider protecting what was brought to you by annals of time.

Learn more about cybersecurityhere.

Read next: 24 Percent of Global Users Say They Just Don't Understand Computers and New Technology

Go here to see the original:
The Evolution Of Cybersecurity And Data Storage (infographic) - Digital Information World

Analysis of the Global Biometric Data Encryption Device Market

A recent market research report on the Biometric Data Encryption Device market published by Fact.MR is an in-depth assessment of the current landscape of the market. Further, the report sheds light on the different segments of the Biometric Data Encryption Device market and provides a thorough understanding of the growth potential of each market segment over the forecast period (20XX-20XX).

According to the analysts at Fact.MR, the Biometric Data Encryption Device market is evenly poised to register a CAGR growth of ~XX% during the assessment and surpass a value of ~US$ XX by the end of 2029. The report analyzes the micro and macro-economic factors that are likely to impact the growth of the Biometric Data Encryption Device market in the upcoming years.

Request Sample Report @ https://www.factmr.co/connectus/sample?flag=S&rep_id=1884

Key Insights Enclosed in the Report

Segmentation of the Biometric Data Encryption Device Market

The presented report dissects the Biometric Data Encryption Device market into different segments and ponders over the current and future prospects of each segment. The report depicts the year-on-year growth of each segment and touches upon the different factors that are likely to influence the growth of each market segment.

Competitive landscape of Biometric Data Encryption Device market

Request Methodology On This Report @ https://www.factmr.co/connectus/sample?flag=RM&rep_id=1884

COVID-19 Analysis

The report encompasses the major developments within the global Biometric Data Encryption Device market amidst the novel COVID-19 pandemic. The report offers a thorough understanding of the different aspects of the market that are likely to be feel the impact of the pandemic.

Important doubts related to the Biometric Data Encryption Device market clarified in the report:

Why Choose Fact.MR

Ask analyst about this report at https://www.factmr.co/connectus/sample?flag=AE&rep_id=1884

Read more:
Addressing the potential impact of coronavirus disease (COVID-19) on Biometric Data Encryption Device Market Growth Analyzed in a New Study - Science...

Government lockdowns have made it necessary for people, who are working from home, to use video-conferencing for meetings. And of all the communication apps available, Zoomwhich supports group calls of up to 1,000 video participants and 10,000 viewershas seen the most traction. But now, there are reports of its vulnerability to hack attacks. Zooms Windows client, for instance, potentially lets remote attackers steal login credentials from victims computers. So, if you desperately need an alternative free video conferencing solution, you might want to consider Jitsi Meet. The Tor Projecta non-profit that espouses privacy and freedom onlineendorsed the service via a tweet: If you want an alternative to Zoom: try Jitsi Meet. Its encrypted, open-source, and you dont need an account.'; var randomNumber = Math.random(); var isIndia = (window.geoinfo && window.geoinfo.CountryCode === 'IN') && (window.location.href.indexOf('outsideindia') === -1 ); console.log(isIndia && randomNumber Security: Jitsi Meet uses a P2P mode when there are just two participants in a call and this allows for end-to-end encryption.

When there are more participants, the transmitted media gets routed through Jitsi own secure Videobridge server. The encryption is then carried out hop-by-hop, which means that the media is decrypted by the bridge and encrypted again before it is sent out. This step is necessary as of now for video routing between more than two users. Currently, the service supports up to 75 participants, but it is recommended to keep the number below 35 for a better call experience.

To start a video call: Head to meet.jit.si. Under Start a new meeting on that page, enter a name for your video conference and hit Go. Here, you will need to allow Jitsi to access your camera and microphone when prompted by a browser pop-up.

After that, the service provides you with a link and dial-in details that you can share with the people you want to invite. You can also set a password for your room. Create one, and hit the Enter key. You will also need to share the password with the people you have invited.

Features: During a call, depending on your connection speed, you can choose between four levels of video quality, ranging from Low bandwidth to High definition.

Read more:
Jitsi: Your free alternative to Zoom video conferencing - Times of India

The mantra about the crucial role of data backups in digital security has some solid reasoning behind it. Not only is this a way to minimize the damage in a hardware failure scenario, but its also a fundamental element of mitigating the impact of a ransomware attack. This issue has escalated amid todays global healthcare emergency because cybercriminals are busier than ever orchestrating Coronavirus-themed phishing and spam campaigns that parasitize peoples fears to spread ransom Trojans on a large scale.

Organizations are predictably the juiciest prey being hunted down in ransomware raids. Moreover, malefactors continue to target hospitals in these hard times, as if the challenge tackling the COVID-19 outbreak werent arduous enough for these facilities. The dramatic increase in telework is an extra stimulus for crooks to find and exploit loopholes in VPN tools and cloud services used for remote workplace implementation.

With that said, maintaining backups of the most valuable data assets is growingly important for individuals and businesses alike. However, it turns out that a crudely configured backup can do your company a disservice instead of strengthening its security posture. If you are curious about how this could possibly be the case, keep reading to learn the whys and wherefores.

The wakeup call

According to recent findings of security researchers, an incorrectly implemented data backup poses an opportunity for an adversary to amass an organizations valuable files the easy way, no matter how counterintuitive it may sound. Before I proceed, its worth clarifying a few things to give you an idea of the current state of the ransomware ecosystem.

A game-changing trend in this context is that some attackers now steal victims data prior to encrypting it. Several examples of the ransomware families that employ this tactic are Sodinokibi, Maze, DoppelPaymer, and Nemty. Once the criminals retrieve data, they use it as additional leverage to coerce the victim into paying the ransom. If a company refuses to cough up the specified amount of Bitcoin, ransomware operators switch to plan B and publish sensitive information for everyone to see.

Essentially, the attack isnt only about malicious encryption anymore its also about the risk of data breaches and huge reputational damages. To top it off, some cybercriminal groups have launched special websites where they leak the data stolen from non-paying businesses.

You might be wondering what this narrative has to do with backups well, the ties are closer than you probably think. The threat actors behind the above-mentioned DoppelPaymer ransomware recently updated their leak site with an entry listing credentials for the Veeam backup solution used by one of the compromised organizations.

Analysts at Bleeping Computer security outlet who looked into the incident argue that the attackers intention wasnt to punish the organization for rejecting the ransom demands. Instead, it was proof of unlimited access to the victims digital infrastructure, including backups. This way, the felons tried to pressure the company into paying up.

To dot the is and cross the ts, the researchers tried to contact the operators of two very active ransomware strains, DoppelPaymer and Maze, and ask them about this facet of their nefarious activity. On a side note, the experts had previously communicated with these black hats who didnt mind explaining some of their tactics, techniques, and procedures (TTP). The perpetrators response to this particular matter was very surprising.

The cybercrooks described their common attack chain and the role of data backups in it. First, they contaminate a single machine on a network through phishing, auxiliary malware, or remote desktop protocol (RDP) exploitation. As soon as the computer is infiltrated, the offenders move laterally across the network in an attempt to get hold of admin credentials and access the domain controller.

If the attackers succeed in gaining a foothold in the enterprise environment, they leverage a post-exploitation application such as Mimikatz to dump the entirety of authentication data from the active directory database. The consequences of this activity can be hugely disruptive because the obtained information may allow the malefactors to access backup tools used by the organization. The likelihood of this adverse effect is higher if network admins use Windows session authentication to log in to Veeam or another mainstream backup software.

From there, ransomware operators can easily access the victimized companys cloud backups and download all the data to a malicious server. This way, they take a shortcut because there is no need for them to traverse the whole corporate network in search of potentially valuable information cloud backups typically contain the data that matters the most.

An extra benefit for malicious actors who take this route is that the data theft slips below the radar of automated defenses deployed in the network. Restoring directly from the cloud doesnt give IT teams a heads-up because the servers appear to be functioning properly and the backup software doesnt trigger any alerts either.

Once the attackers download all the important files, they delete the backups to prevent the victim from easily recovering from the incursion. Then, they launch the PSExec command-line utility to unleash the ransomware that will encrypt the organizations data surreptitiously.

At the end of the day, although backups are a critical element of incident response, they can be used against companies unless set up properly. Ransomware distributors piggyback on poor backup hygiene to steal data faster without any red flags being raised along the way. This negligence can fuel the extortionists novel strategy thats increasingly capitalizing on data theft before encryption. Offline backups appear to be more effective in this regard, but they are often outdated.

Luckily, there are methods that can help businesses boost their protection against this exploitation vector and make the attackers efforts futile. The fundamental countermeasure is the so-called 3-2-1 rule. It eliminates the risk of a single point of failure (SPOF) in case hardware crashes or a strain of ransomware poisons the enterprise network. In a nutshell, the logic of this mechanism is as follows: store at least three copies of your valuable data, keep two of them on different storage media, and be sure to store one backup copy offline.

The types of storage media for this diversified backup approach can range from external hard disks or USB thumb drives to SD cards or CDs/DVDs. The choice depends on the amount of data to be kept safe. Prioritizing your information is a worthwhile element of facilitating this activity because it narrows down the scope of data to the items that really matter. When it comes to offline backups, its important to ascertain that they hold the latest versions of your files.

If you adhere to the 3-2-1 principle, there is little to no risk of losing your precious data over a ransomware incident, hardware malfunctions, or things like the vengeance of a disgruntled employee. Essentially, it helps your organization steer clear of the worst-case scenario, making your security posture resilient to a disaster no matter where it may come from.

Experts additionally recommend that businesses resort to whats called immutable storage to further enhance their data integrity. This technique makes it impossible to erase or modify backups for a specified period of time.

Furthermore, the saying prevention is the best cure has never been as relevant as it is nowadays. To defend against ransomware attacks and data breaches proactively, organizations should deploy network monitoring tools, cloud access control instruments based on IP addresses and geolocation, and intrusion detection systems (IDS). This combo will stop criminals in their tracks and save companies the trouble of dealing with the mind-boggling aftermath of a compromise.

Post Views: 73

Follow this link:
How Not to Make Backups - The Union Journal