World Backup Day & Sleepless Nights
The specifications
In the second semester of my master's program in computer science, we were asked to come up with an idea for the bachelor's students, which they had to implement within the framework of their subject. We were divided into groups and each member was given a task. My task was to work out a requirement specification for the bachelor students and to present it afterwards. Of course, the requirements were not defined by me alone, I was the person in charge and made sure that the specification was kept updated and error-free. On the eve of the presentation, I put the finishing touches and wanted to toast the final result with a cool drink. There it was, the unintended moment. The drink slipped out of my hand and was caught by my laptop. Everything was gone, my laptop, the specifications and my evening that I thought was calm. I panicked and tried to save the laptop, but there was nothing I could do, the evening was over. Full of panic, I ran to my roommate and asked him if I could borrow his laptop. I just had to do something "briefly", and I was sure it wouldn't take long. So I started reconstructing the specifications from the countless sheets of paper that were written on and no longer legible. (Fortunately, we have always recorded our ideas and requirements on paper before).
So now I was sitting in front of the borrowed laptop, at my side the reason for my long night, the glass that had gone to shards. It took me hours, but the long night was worth it and at the end there was again a recognizable specification. Dog-tired, I fell into my bed to present the "specifications" the next day.
Threat mitigations in the enterprise context
In private, I have learned my lesson of a non-existent backup, but what do companies specifically need to pay attention to? The media are reporting more and more frequently on cyber-attacks, whether it's the data exfiltration at Continental at the beginning of February or the attack against the car-sharing service provider Sixt. Even my father, who is not a digital native by any stretch of the imagination, asked me about this topic.
One of the most common cyber-attacks is ransomware, which encrypts files on the victim's system. If the company does not have a backup, the encrypted files must be restored at great expense, or the company bites the bullet and pays the ransom demanded by the attacker. It is obvious that the second option is not the most elegant solution. However, reasons for a backup do not only lurk outside a company. Faulty or defective hardware is just as much a headache for an IT administrator as the accidental deletion of data by a colleague. Anyone who has already operated a backup system can tell you a thing or two about it.
So do your nightly sleep and also the IT administrator a favor and create backups of your data.
Author: Roman Scholtysik