cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kyaw_Myo_Oo
Contributor III

Ransom cost vs Backup cost (Security ECONOMIC)

Dear all,


Will data backups save you from ransomware?

Why Backup is Better Than Paying Ransom?

Ransom cost vs Backup cost

 

Would love to hear your thoughts and experiences.Please post your view, comments and suggestions.Thank you in advance! 

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | CCSM | CISSP | PMP
8 Replies
denbesten
Community Champion

Backups are like insurance. Those who are indifferent to risk see it as a waste of money, whereas those of us with assets to protect (houses, professional reputation, etc.) consider it a cost of doing business.

 

Although backups are a good defense to many problems, including ransomware, one does need to keep their limitations in mind:

 

  1. Backups require planning ahead and spending money you hope to waste. 
  2. Backups are generally point-in-time, so you might have "yesterday's spreadsheet", but not "this morning's".
  3. Recovery tends not to scale well -- Recovering 1000 machines may require more bandwidth (network or human/admin) than is available.
  4. One rarely knows what they need until it is gone, making it hard to know what to back up. For example, are you backing up the desktop on laptops, and what about flash drives?
  5. Things break at inconvenient times.  Defense in depth and routine testing are key.
ericgeater
Community Champion

At my previous employer, we were breached.  We had a cyber insurance policy which paid for an IR team, and they used our backups to perform a perfect restoration.  The bad guys never found our backup data.

 

This was incredibly fortunate because previous restorations from backup were typically small scale, and not across our entire infrastructure.  In other words, we'd never tested a full recovery before.

 

The one thing which hit us the hardest was loss of availability.  We were out of email for twenty hours, and other services were a bit longer.

 

The bad guys didn't get a penny.

-----------
A claim is as good as its veracity.
Caute_cautim
Community Champion

Another perspective is Store Now Decrypt Later (SNDL) or Store Now Exploit Later (SNEL).

 

Which is what state actors are conducting at the present time in the hope they can decrypt using Quantum Computers in 5-10 years time - so if you have data that needs to stay safe for 10 years or more i.e. Passports - then potentially you have problems.

 

Regards

 

Caute_Cautim

Kyaw_Myo_Oo
Contributor III

Thank you for your reply. @denbesten 

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | CCSM | CISSP | PMP
Kyaw_Myo_Oo
Contributor III

Thanks for sharing, looks interesting @ericgeater 

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | CCSM | CISSP | PMP
Kyaw_Myo_Oo
Contributor III

Thank you for this discussion. @Caute_cautim 

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | CCSM | CISSP | PMP
marcoperson250
Newcomer I

Data backups are an effective initial defense against the dangers posed by ransomware. It is less expensive to make routine backups than to give in to ransom demands.

Caute_cautim
Community Champion

@marcoperson250 

 

As long as the backups integrity are regularly checked and error messages are not ignored!

 

Personally, I would also like the backup hardware or software to have encryption capability to ensure at least AES-256 bit in GCM Mode is applied by default.

 

Regards

 

Caute_Cautim