A nearby manufacturer called Bryley panicked. Their problems started with a failed upgrade to their ERP system (Enterprise Resource Planning software). Because they hadn’t wanted to interrupt their workflow, the company hadn’t upgraded the ERP in more than five years. But the installed version was now beyond maintenance and support, so they bit the bullet. Only, during the upgrade there was a power fluctuation which caused the upgrade to fail. To make matters worse, no computer on the network would boot normally. In addition while trying to resolve the failed upgrade, their IT team found a flaw in their in-house back-ups. Now the business was losing days and money to downtime.
Businesses call us with horror stories too often. The following are some common problems your organization may face without the right defense.
Loss of Power and Power Surges
Data can get lost and hard drives and other component parts of a computer can be compromised when power goes off suddenly. Computers are meant to function at a consistent voltage, when that’s not available due to a power loss, surge or a brownout (power fluctuations) it can be especially damaging to the computer’s hard drive hardware. Surges are known to fry circuit boards in electronics (including sometimes bricking solid-state drives [SSDs]1 ).
Back-up Failure and Failure to Back-up
Just doing local back-ups (where you copy your data to other drives at your facility) can lead to problems ranging from susceptibility to the same problems of power fluctuations as any other device, to theft and the threats of fire, flood and other natural disasters.
Cloud back-up (where your data is copied to a drive at another location) avoids the above problems, but introduces no more than low-double-digit Mbps storage upload and restoration speeds (for comparison, typical local back-up speeds are 1000 Mbps). Also data can be intercepted en route to a cloud server, and at the cloud server. Is the transferred data encrypted? Are the servers monitored? Does the cloud server have a back-up and data recovery plan?
And then there’s the human problem of implementation. A doctor once told me the best kind of exercise is the kind I’ll actually do. Most computer issues are due to human failure to actually maintain a back-up scheme. Lacking a current back-up can lead to self-evident troubles.
Targeted Attacks and Lapses in Judgment
Ransomware is not slowing. Newsweek called it the “go-to attack” of criminals2. Cybercrime Magazine shows ransomware damages going from $5 Billion in 2017 to $11.5 Billion in 2019. Most of these damages are not due to paying the thieves — though with the attack volume increasing, so is the money collected by the thieves3. Most of the damages are from lost revenue as data is compromised, businesses are shutdown to deal with the attack and are rendered less productive.
In the middle of 2018 the Department of Homeland Security issued a warning4 about an increase in attacks on ERP software. Hackers see a wealth of valuable data in businesses — including employees’ and clients’ critical information, and so look for vulnerabilities in software products that control business functions.
Even visiting trusted websites —especially those built on WordPress — can be dangerous. The sites may have been infiltrated to serve malware that infects your network5.
The most common way hackers attack is through spoofed email attachments and hyperlinks. These types of attacks can include voice conversations to lessen your vigilance: the caller lies about the intent of a forthcoming email so you click and havoc. Rich Text Format (RTF) and Portable Document Format (PDF) files are two of the most commonly infected attachments — who exactly is that resume from, anyway?
Most often your business’ data is collected and sold, held for ransom or maliciously destroyed. Computer systems can be overridden by malware, often lurking to grab business and employee banking and credit card data. Sometimes criminals install malware that silently rides on a business’ computing power to mine Bitcoin. Criminals can bombard your networked servers with requests (Denial of Service attacks) so that your organization’s data is unavailable to legitimate users.
Cue the Happily-Ever-After Music Already
Now picture your network is corrupted with malware: your database is hacked and inaccessible. Then your Back-Up/Data Recovery (BU/DR) plan kicks in, and removes the malware, and restores your data to where it was before the attack, minimizing your downtime. Creating a BU/DR plan ensures your ability to continue to serve your customers.
Recovery from disaster means planning ahead. Next month I’ll explain some of the preventive medicine Bryley uses to keep these disasters at bay.
1 https://www.zdnet.com/article/how-ssd-power-faults-scramble-your-data/
2 https://www.newsweek.com/ransomware-attacks-rise-250-2017-us-wannacry-614034
3 https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-20-billion-usd-by-2021/
4 https://www.us-cert.gov/ncas/current-activity/2018/07/25/Malicious-Cyber-Activity-Targeting-ERP-Applications
5 over 30% of all sites per https://w3techs.com/technologies/details/cm-wordpress/all/all