Data Back-up & Cyber Security
– Two Birds, One Stone

In this article we’ll talk about the recent trend in ransomware attacks, and why having an off-site back-up of data may be your best line of defence in combatting this threat.

Data Back-up and cyber-security have been viewed as largely different things by both business people and IT professionals. Separate things done for separate reasons.

The job of back-up is to safeguard your files and data against disk failure or accidental deletion (“oops, I just deleted our ISO 9001 folder”) with cyber-security being about keeping the out the bad guys from your network (the ones bent on stealing your customers credit card numbers or other customer data).

But there’s a fundamental similarity, they’re both ultimately about protecting your organisation’s data. Criminals targeting large enterprises may have different motivations (a secondary benefit like reputational damage or political motivations), but hacking into the network of a mid-sized business has no benefit unless you’re going to get hold of something of value that can be monetised. The value is in the data.

The major cyber plague of the last 12-months has been ransomware. The idea is devastatingly simple, it just takes one computer in the organisation to be infected, and uses its access to the rest of the network to lock-up all the data it can find, putting it out of reach until you pay a ransom.

Just one infected computer and the rest of the company is brought to its knees. They didn’t steal anything, they just stopped you accessing your data, they held it to ransom. There’s a sort of evil brilliance to it.

The amount of the ransom varies. £5,000 was the previous benchmark. More recent strains, targeted at the NHS, have had price tags as low as £300. With this lower price approach the attackers have taken a ‘volume takes care of profit’ approach when targeting large enterprises with a perceived vulnerability to attack.

In all cases, targeted or otherwise, there is collateral damage with businesses outside of the target being hit. A June 17 outbreak hit small businesses in Ukraine very hard. Political motivations were cited, but as always, other businesses across Europe, the US and Russia were caught up in the fallout.

Usually, the media hype of these things goes way beyond the actual real-world impact. We’re used to this over-reporting in the media, some subjects get massive attention whilst others – possibly more serious – are neglected.

The reporting of this latest (2017) outbreak of ransomware did, to my mind, seem to largely proportional to the real-world situation. When your local hospital is cancelling clinic appointments and you can’t buy a pack of nails from the town hardware shop because of it, you know it’s real. You don’t have to be told about it in a news report, you experience it directly.

Meanwhile, back at the office, our phone was starting to ring. Clients were getting worried. The advice was, as it had always been: keep your eyes open, no clicking suspicious links, re-acquaint everyone with the security advice sheet.

It’s one of those finger-tapping moments when you hope that all your efforts of the past few years has worked. This cyber problem wasn’t of our making, but we can’t help feeling a sense of responsibility for our clients.

Luckily, in this wave, all our clients were safe. A combination of being proactive – locking down systems, sending advisory notices, tests, and education – but also, to be perfectly honest, a degree of luck. Mop brow, stand down the guard.

But in these situations, we often get to meet a few new clients under unfortunate circumstances. When a company gets bitten, it can put an instant strain on the relationship with their IT provider. If that relationship is already rocky, it can reach breaking point, and we find companies reaching out to us for help.

It’s tough, because after the event, it’s often difficult to give advice that’s any different from their current provider’s. They are, in effect, where they are — stuck between a rock and a hard place. Choices are to stump-up with the ransom or, … live with the consequences.

The lack of an ‘or’ option is always down to one thing – they don’t have a recent back-up of their data, or if they did it was on their internal network and engulfed by the ransomware attack.

If we could only get our hands on a recent back-up, we could clean the infected computers and servers, restore, and get the business back on track, usually within hours or, worst case, the next business day.

Without it, catch22, no options other than to pay-up or suffer the consequences of never seeing your data again. Although it seems to go against every fibre of decency and fuels this dark industry, we realise that, in the cold hard light of day, the most practical thing may be to simply pay-up.

Our experience is, when businesses do pay up, they are given the unlock code by the fraudsters and they do actually get their data back. Cyber criminals answer their emails faster than my bank does, what excellent customer service! You’re left with an sickening feeling, but the problem is solved. Of course, there’s no guarantees there won’t be a next time.

To give you an idea of scale, from our experience, based on working in the SME sector within the UK, ransomware accounts for 95% of business affecting cyber-attacks in the last year (Q4, 2017).

Does that mean that all my other security measures are not working or not needed?

No, not at all. In many ways ransomware has exploited a loophole. It’s its simplicity that has made it so effective. The reason we’re not seeing outbreaks of other malware types is that our current security measures – modern firewalls and endpoint protection (aka antivirus) – are keeping on top of it. They’re not proliferating at the same rate because the current measures are keeping them at bay.

So, let’s summarise:

• Don’t neglect the basics. Avoiding a cyber-attack is a mixture of good security measures: antivirus, firewalls, security policies, user education, and … just a pinch of good luck.

• Good cyber-defences aren’t a nice to have, they’re a necessity. Consider the government-backed Cyber Esssentials Plus certification. Going through the process will give you the confidence that you’ve got the right technologies and processes in place. No, it’s not onerous, or expensive.

And to finish, a final piece of advice to round off the theme of this article.

• An offsite backup of your data is your last line of defence. An up-to-date copy of your data will save your bacon if all other measures fail. It must be an off-site back-up – away from the infected network – to be of any use (as an on-site backup may have been infected too (subject to how it is stored).

If you’d like to discuss any of these points, and how they might apply to your business, please feel free to get in touch –

I’d like to end on a positive note. As of time of writing, Sept 2017, all has been quiet on the ransomware front for a couple of months. Will we see further outbreaks of the same, or will the next wave be something completely different? It’s difficult to know.

If there is a small upside to this recent spate of attacks, it reminds us to stay vigilant and keep cyber security at the forefront of our minds and the minds of our customers.

If you have any more general comments or questions, please post a comment and we’d be happy to respond.

Nick Simon, Business Manager, Portsmouth Branch