Careless attitude to data: how much is your backup?
Hi, Habr. Answer yourself a simple question: How long have you last been backing up your computer? On Habré, of course, the ratio of “zabekaplennyh” users and “nebebekapilennyh” slightly differs from the world average (in the best, of course, the direction), but still the figure is far from even 50%. So the question “have you been backing up for a long time?” Is rather a rhetorical: it’s good if the recovery tools built into the OS after failures were set up and were doing some kind of backup, a full backup of all critical, sensitive or just important data is still very good. very rarely. And this is at a penny value (and impressive volumes) of modern hard drives.
Why do users careless about their data? The answer is, in fact, simple:
First, as the bearded anecdote says, people fall into two categories: who still does not back up, and who already does. Having once been punctured with the storage of important information, some think about their behavior and set up backing up important information, but so far the thunder will not break - the peasant will not cross himself.
')
Secondly, for ordinary users to use backups at home, they need a good example. As an example, for example, a high-quality backup at work will fit.
But even in spite of the magnitude of risks in business and all the instructions of the internal security services (and even trivial considerations from the point of view of common sense) in the corporate sector, up to 70-75% of the servers do not have a complete and customized backup system. For workstations, this figure is really amazing: up to 95% of workstations do not have any (!) Data backup at all. *
Data from open sources and surveys at the end of 2013
What are those who don't back up at all? For good luck? On “this will not happen to me”? Statistics of service centers and firms for the restoration of "lost" data show that, on average, up to 30% of users at least once lost information completely and irrevocably. And those who were helped waited for their files for weeks and months, both because of the low speed of the restoration work, and because of the banal complexity of this process.
Business losses from the loss of unsaved data are estimated only in the US market at 11.8 billion dollars a year. In Russia, the total amount is, of course, more modest, but for each particular firm, the fact remains that the chance to close within two years after a major loss of information approaches 90%. Of course, the collapse of non-duplicated servers does not threaten the closure of public services, but even here the damage can be very significant.
Literally recently, the news was posted on Habré: “The virus disabled all video recording complexes in the Moscow region”. More than 140 Strelka-ST radars, which detected speeding violations on the main federal highways, were simply disabled by an exploit. The blame for the “sieve” in the area of protecting the complex itself, of course, on the developer (although zero-day vulnerabilities cannot be excluded from the list of possible problems, but nevertheless, old software and Windows XP, which is more than 10 years old, were used on the Strelki) .
According to experts, each camera has a small PC with the most common Windows XP inside (maybe even without a third service pack), on which special software runs. Each camera is calibrated and adjusted manually. The hacker attack resulted in the OS and software of the cameras in a completely inoperable state: the software with all configs was removed, the administrator password on the OS was changed, some of the system files were damaged. Of course, the attack was well planned, the radars were put out of action for no less than a month (according to the director general of Prism, which gave comments on this issue to Gazeta.ru and estimated the approximate recovery times after the failure).
How many fines the system will not collect in these 30 days if all 144 complexes of photo-video fixation of violations are damaged? Meanwhile, the cost of one copy of backup software is a little more than the average fine from “Strelka”. The recovery process (even if on another hard drive) of a complete system image takes less than an hour, while all software, operating system settings and parameters return to the state before the failure. Of course, this does not eliminate vulnerability, but all the radars can be repaired in a much shorter period of time, and it will be possible to look after the hole and install patches after the fact.
Unfortunately, even in spite of the presence on the market of ready-made solutions that are comparable in price to the usual antivirus (or home backup software license), not everyone is in a hurry to use them. The case of the Moscow region cameras could be attributed to purely Russian realities - all the more so since a similar incident already occurred on regional highways a year ago.
Unfortunately, foreign companies are little different from domestic ones in terms of carelessness and careless attitude to data. Last December, one of the largest banks in the world, Barclays, was fined by the US authorities for nearly $ 4 million for the partial loss of an archive of emails and messages for a whole decade: from 2002 to 2012. Three, four, five million dollars is not a critical amount for a corporation with assets in excess of a trillion, but it is easy to calculate that the backup system would cost Barclays much cheaper.
We all know that for an ordinary user the damage from the complete loss of data (work files, personal archive, etc.) can be much more serious than the loss of corporate information for business. At the same time, recovery of one hard disk can cost ten to fifteen thousand rubles and more, and there will be no guarantees that it will be fully successful. It is all the more appropriate for all of us to warn a problem, and not to solve it, when faced with it at the most inappropriate moment. - Especially considering that the available software for this has long been available.
How much are you willing to spend on backup software to ensure your data is stored securely?
Why do users careless about their data? The answer is, in fact, simple:
First, as the bearded anecdote says, people fall into two categories: who still does not back up, and who already does. Having once been punctured with the storage of important information, some think about their behavior and set up backing up important information, but so far the thunder will not break - the peasant will not cross himself.
')
Secondly, for ordinary users to use backups at home, they need a good example. As an example, for example, a high-quality backup at work will fit.
But even in spite of the magnitude of risks in business and all the instructions of the internal security services (and even trivial considerations from the point of view of common sense) in the corporate sector, up to 70-75% of the servers do not have a complete and customized backup system. For workstations, this figure is really amazing: up to 95% of workstations do not have any (!) Data backup at all. *
Data from open sources and surveys at the end of 2013
What are those who don't back up at all? For good luck? On “this will not happen to me”? Statistics of service centers and firms for the restoration of "lost" data show that, on average, up to 30% of users at least once lost information completely and irrevocably. And those who were helped waited for their files for weeks and months, both because of the low speed of the restoration work, and because of the banal complexity of this process.
Business losses from the loss of unsaved data are estimated only in the US market at 11.8 billion dollars a year. In Russia, the total amount is, of course, more modest, but for each particular firm, the fact remains that the chance to close within two years after a major loss of information approaches 90%. Of course, the collapse of non-duplicated servers does not threaten the closure of public services, but even here the damage can be very significant.
Arrow situation
Literally recently, the news was posted on Habré: “The virus disabled all video recording complexes in the Moscow region”. More than 140 Strelka-ST radars, which detected speeding violations on the main federal highways, were simply disabled by an exploit. The blame for the “sieve” in the area of protecting the complex itself, of course, on the developer (although zero-day vulnerabilities cannot be excluded from the list of possible problems, but nevertheless, old software and Windows XP, which is more than 10 years old, were used on the Strelki) .
According to experts, each camera has a small PC with the most common Windows XP inside (maybe even without a third service pack), on which special software runs. Each camera is calibrated and adjusted manually. The hacker attack resulted in the OS and software of the cameras in a completely inoperable state: the software with all configs was removed, the administrator password on the OS was changed, some of the system files were damaged. Of course, the attack was well planned, the radars were put out of action for no less than a month (according to the director general of Prism, which gave comments on this issue to Gazeta.ru and estimated the approximate recovery times after the failure).
How many fines the system will not collect in these 30 days if all 144 complexes of photo-video fixation of violations are damaged? Meanwhile, the cost of one copy of backup software is a little more than the average fine from “Strelka”. The recovery process (even if on another hard drive) of a complete system image takes less than an hour, while all software, operating system settings and parameters return to the state before the failure. Of course, this does not eliminate vulnerability, but all the radars can be repaired in a much shorter period of time, and it will be possible to look after the hole and install patches after the fact.
Unfortunately, even in spite of the presence on the market of ready-made solutions that are comparable in price to the usual antivirus (or home backup software license), not everyone is in a hurry to use them. The case of the Moscow region cameras could be attributed to purely Russian realities - all the more so since a similar incident already occurred on regional highways a year ago.
Unfortunately, foreign companies are little different from domestic ones in terms of carelessness and careless attitude to data. Last December, one of the largest banks in the world, Barclays, was fined by the US authorities for nearly $ 4 million for the partial loss of an archive of emails and messages for a whole decade: from 2002 to 2012. Three, four, five million dollars is not a critical amount for a corporation with assets in excess of a trillion, but it is easy to calculate that the backup system would cost Barclays much cheaper.
We all know that for an ordinary user the damage from the complete loss of data (work files, personal archive, etc.) can be much more serious than the loss of corporate information for business. At the same time, recovery of one hard disk can cost ten to fifteen thousand rubles and more, and there will be no guarantees that it will be fully successful. It is all the more appropriate for all of us to warn a problem, and not to solve it, when faced with it at the most inappropriate moment. - Especially considering that the available software for this has long been available.
How much are you willing to spend on backup software to ensure your data is stored securely?
Source: https://habr.com/ru/post/209392/
All Articles