The costs associated with a ransomware attack are often viewed from two dimensions: On one side, there is the ransom demand, and on the other, the cost to recover or recreate data. Neither of these is a complete view because they do not take into account all the ancillary costs. Here’s a quick look at several factors that also add to the cost of dealing with ransomware: Downtime Ransomware frequently results in at least some IT systems downtime, meaning that technology resources necessary for business operations are unavailable. The costs…

Continue reading

The process of making sure your business is prepared to protect its data from ransomware and other disasters depends largely on the characteristics of your specific computing environment, such as the type of data you have and how it is stored. To begin the process of implementing or optimizing a data protection plan, you need to gain a full understanding of how data is used within your organization and what needs to be protected the most. Start by asking yourself these four questions: 1. What data do I have? The first thing…

Continue reading

When it comes to ransomware attacks, those who lose valuable data and have no viable backup tend to pay the ransom, while those with backups simply restore their data. However, neither group walks away unscathed because they both suffer downtime. Downtime is the period when systems are unavailable for use, and it can cost small and midsize businesses thousands of dollars or worse—it could put them out of business. An Imperva survey of RSA 2017 attendees found that downtime costs companies more than $5,000 in 56% of cases and more…

Continue reading

Since many organizations are rapidly virtualizing servers and even desktops, there needs to be direction and guidance from top management in regards to information security. Organizations will need to develop a virtualization security policy that establishes the requirements for securely deploying, migrating, administering, and retiring virtual machines. In this way, a proper information security framework can be followed in implementing a secure environment for hosts, virtual machines, and virtual management tools. This article is part two of a series on virtualization. As with other policies, the security policy should not specify technologies to…

Continue reading

Virtualization has really become a mainstream technology and an effective way for organizations to reduce costs. Virtualization simplifies processes but also creates new information security risks to handle. This article is concerned with business continuity and how virtualization can create many new opportunities and efficiencies in your business continuity plan. This is the third article in a series on virtualization. Specifically, three elements of business continuity that can be enhanced through virtualization. These elements are hot, warm, and cold sites, which provide redundancy in case a single site goes down.  Snapshots…

Continue reading

Snapshots are a valuable feature virtualization offers business continuity. Organizations can create point-in-time recovery points numerous times a day by creating snapshots. Snapshots record all changes to a virtual machine so that the machine can be restored to the state at which the snapshot was taken. This is especially important when making changes to a virtual server because changes do not always work as planned. If a change impacts a system negatively, the virtual server can quickly be rolled back to the state it was in prior to the change by…

Continue reading

Business continuity plans are designed to define the processes necessary to protect organizational assets and to keep the business running in the event of a disaster or local incident. Backups and recovery are important elements to business continuity but sometimes an organization needs a shorter Recovery Time Objective (RTO). In some cases, organizations will set up hot, warm, or cold sites that allow the organization to pick up business from that location in the event of a disaster. Hot sites are immediately ready to assume the workload of the production site,…

Continue reading