Recovering Lost Data
Data losses can be enormously problematic for businesses of all sizes. Recovering lost and deleted data can be so formidable a task that losing data is considered synonymous with losing time and money. Data losses occur when information is accidentally or deliberately deleted. This could be due to data corruption, malware, or physical damage to systems. Data losses can also occur when devices are lost or stolen.
Data losses - why do they happen?
1. Human errors
This is possibly the biggest contributor to insider led data losses. Fully two thirds of all insider incidents occur due to employee negligence. Employees might unwittingly, overwrite important files or delete essential information critical to the enterprise. Other human errors that result in data loss can be beverage spills, equipment losses, hardware damage, etc.
2. Malware and Ransomware
Endpoints can many times get infected by a virus from phishing email or spear phishing emails that urges employees to click on a malicious link. Unbeknownst to the user, this link then drops a deadly payload on the endpoint system that proceeds to cause damage to all the data making it unreadable.
Ransomware, on average, attacks businesses once in every 11 seconds!
3. Insider threats
Insider threats are data security risks that arise from any individual with elevated access to an organization’s sensitive data. When insiders turn rogue, they can purposefully perform actions to cause data losses that benefit them, but cause harm to the organization.
4. Natural Disasters
Natural disasters such as fire, earthquakes, and floods are impossible to predict or prevent. These are ‘black swan’ events which can be particularly damaging if all of an organization’s data is stored in a single location. The resultant single point of failure can causes the business to lose all data without any chance of recovering it.
5. Data Corruption
In unfortunate cases there can also be data corruption. Some ways, this could occur is due to events such as unstable power supplies or faulty disk encryption software.
6. Data trapped in a SaaS application
Roughly 13% of data losses that occur in SaaS applications are due to Contract Termination! Which isn’t surprising because SaaS vendors don’t necessarily make it easy for their subscribers to transfer data to a competing service. While SaaS vendors don’t explicitly prevent organizations from downloading and migrating their data, they could impose technical, financial, and legal restrictions that make it hard for organizations to retrieve their data and migrate to other service providers after their subscriptions are terminated.
Consequences of data loss
It may appear impossible at some level that technology can fail organizations and cause data loss. But that’s the cold, hard reality that businesses face each day. And it becomes necessary for them to take additional steps to protect against data losses.
The consequences of data loss can be quite severe
1. Disrupted business functions
Data losses can cripple day-to-day business operations. Time, energy and resources, not to mention money – all get diverted to address data loss incidents. And while the company is fighting the incident, their business grinds to a halt. These lost opportunity costs can be enormous and could haunt a business for months or years even after the attack
2. Effects on employee productivity
Productivity is one of the first things to suffer when an organization loses its data. Lost data may take hours or days to recover, leading to staff downtime and lost sales. According to the Strategic Resource Institute, companies that can’t resume normal operations within 10 days of a data loss incident will not likely survive in the long term.
3. Regulatory non-compliance
Data loss causes exposure of customers’ confidential information, and businesses are subjected to steep penalties when this happens. Regulatory bodies are empowered to levy fines in response to data breaches that could result in financial burdens that the business simply isn’t prepared for.
4. Public relations fallout
The reputation of a business is another casualty of data losses, and these effects are much longer term than an immediate penalty that they may need to pay a regulator. It signals lack of reliability to customers and results in a loss of trust in the company and the brand, which eventually hits the business’s top-line revenue.
5. Legal damages
Reputational losses can take on a particularly troubling form when they manifest themselves as litigation or as a class-action lawsuit by customers or stakeholders. Such situations, even if settled out of court, can cause serious damage to a company’s finances that it may never recover from.
6. Pay the ransom?
In the event of a ransomware incident, an approach some businesses end up taking is to negotiate and pay ransom to the attacker. A disturbing statistic however, is that, on average, only 65% of the data is recovered, and only 8% of organizations recover all data after paying ransom. Many times, files encrypted by ransomware end up unrecoverable, and attacker-provided decrypters crash or fail.
7. A ransom payment may make the business an easier target!
After ransomware hits, recovering data can take several weeks. Also, there is no guarantee that the attacker will return data even after the ransom is paid. In fact, 1 out of 5 ransomware victims report that they were not given access to their data even after the ransom was paid. What’s worse, paying a ransom, signals to the attacker that the organization is a soft and vulnerable target and they are usually targeted again, sometimes within weeks of the previous attack!
A only 65% of the data is recovered, and only 8% of organizations recover all data after paying ransom.
Some ways to avoid data loss
1. Promote a Security-First culture
Educating employees about the importance of data security can go a long way in preventing data loss. Humans are usually the weakest link in the security chain. Creating a security-first culture helps employees stay updated with the latest cybersecurity threats and ways to address them. This empowers them with the knowledge of how attackers steal data and steps they can take as responsible employees to foil such attacks. This can be done by organizing cybersecurity awareness programs or training on a regular basis and is perhaps one of the best investments a business can make.
2. Adopt Security safeguards
A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules. Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet). When implemented and used properly, a firewall can be effective in blocking malicious traffic like viruses and hackers with malicious intent.
Data Loss Prevention (DLP) is the practice of detecting and preventing data breaches, exfiltration, or theft of sensitive data. Organizations use DLP to protect and secure their data and comply with regulations.
A security paradigm that has gained currency recently is Zero Trust. It is a network security model that doesn’t rely just on firewalls – but rather uses a strict identity verification process (Assume Breach). It requires the use of a centralized identify management solution coupled with safeguards such as multi-factor authentication. It espouses the principle of least privilege (i.e. give every user access to only the resources they need to get their jobs done, but nothing more), and can be quite effective in reducing an organization’s attack surface.
3. Protect data from corruption
This may sound elementary but protecting servers from sudden shutdowns due to loss of power or electrical surges is important. Disk subsystems may not be able to survive repeated voltage fluctuations and when they suffer failure – the data on them can become inaccessible. Using surge protectors, UPS systems and other forms of failover is always good practice.
4. Limit access
Having a role-based hierarchy and defined data access rules is also very important. As we noted in the context of Zero Trust above, always operate on the principle of least privilege – give employees just enough access to data assets they need to get their jobs done, but no more. Encourage your IT team to create roles, define access levels, and create policies that enforce the usage of company data. Also put in place legal safeguards such as having employees sign a security agreement when they’re hired.
What if you lose data?
Well, what if you suffer data loss in spite of all these precautions? If you are thinking about how to recover all lost data after possibly suffering any of the above mishaps, then having a robust data backup and recovery process in place is your best bet. The main purpose of a backup is to create a copy of data that can be recovered in the event of a failure in the primary data copy. Good backup solutions will also allow data to be restored from an earlier point in time in order to help the business recover from an unplanned event like a ransomware attack.
Storing the backup copy on a secondary and geographically separated medium is critical to protect against primary data loss or corruption. The backup strategy should ensure this, and the backup solution should support this.
Why is a backup the best option?
1. Backups make a second copy of your data. If done right, this second copy is geographically separated from the primary copy. Modern backup solutions also ensure some level of immutability to the secondary copy by protecting it from attacks like ransomware. What immutability means is that any loss or corruption that affects the primary copy should not affect the backed-up copy. Immutability ensures that you can get your data back even if an unfortunate data loss incident or data corruption occurs.
2. Another important consideration for enterprises is that a key aspect to achieving data compliance is a robust data backup strategy. Modern backup solutions are mostly touch-less and will automatically and predictably ensure transfers of data to secure, secondary data storage targets. They encrypt data during transit, and at rest, in the form of an immutable copy. Most regulations ask for a few basic compliance requirements – and a backup is almost always one of them. Having, a proper data backup strategy in place goes a long way towards ensuring regulatory compliance.
3. Backups are perhaps a business’s best defense against ransomware. Because backups can make a safe copy of your data away from the primary location of your original data, a business doesn’t have to be held hostage by a ransomware attacker. A safe copy of data puts them in a much stronger negotiating position.
4. Backups also protect against insider threats or malicious deletions. Disgruntled or terminated employees who might try to inflict damage by removing valuation information are best thwarted with a sound backup strategy.
5. Last but not least, you don’t have to be held hostage by a SaaS vendor and worry about how to recover data that you are compelled to leave behind in their application after the SaaS contract is terminated. With a backup solution, you have effectively surmounted all technical, legal and financial barriers, secure in the knowledge that you have a copy of all that data stowed away in a vendor-neutral and fully searchable form
Backups should be a core part of any IT manager’s arsenal. Not just to backup servers and databases – but also end-user data in SaaS applications and user endpoints. .
At Parablu we build data security and resiliency solutions among which is an enterprise class backup and recovery solution called BluVault. BluVault can protect enterprise data in all the ways described above – and much more.
If you are interested in learning more, request a demo here or contact us at firstname.lastname@example.org.