Who could have guessed that having tested, well protected and current backups help when dealing with cyber security incidents?

  • 5oap10116@lemmy.world
    link
    fedilink
    arrow-up
    6
    ·
    3 months ago

    My company got hacked and it took about a month to restore all the backups. During that time, we were using mobile hotshots and passing around flash drives. After that, everything essentially returned to normal aside from making sure all the offline work got where it needed to go. We did not pay the ransom

    Asking someone familliar with this stuff ont he IT end: Does it sound like my company was prepared aside from getting hacked in the first place?

    • cron@feddit.orgOP
      link
      fedilink
      arrow-up
      6
      ·
      3 months ago

      Hard to judge from the outside, but I would say you were prepared (with room for improvement).

      • You had working backups
      • Your backups were well protected
      • You did not pay the ransom
      • You were able to work with the limited tools you had
      • And everything restored within one month.

      Companies that are not well prepared:

      • Have no backups or their backups encrypted, too
      • Are not able to operate during the recovery phase
      • Pay the ransom
      • Have no plan in what order to restore stuff
      • Are impacted even one year later … or go bankrupt.
    • TexMexBazooka@lemm.ee
      link
      fedilink
      arrow-up
      1
      ·
      3 months ago

      No, you didn’t meet a reasonable RPO, which is the amount of time between the security incident and a full recovery. Usually with full backups the goal is to get everything back up and running within 24-48 hours, which is pretty much only possible if you have adequate backups to take a “nuke it and rollback” approach