Posted 9/13/2021 15:09 (#9218309 - in reply to #9217865) Subject: RE: Ransomware/malware threat to agriculture
From having observed the results of several ransomware attacks on healthcare offices, here's some things I learned:
1. Too many organizations are using RAID arrays as their backup strategy. in other words, these companies do not make snapshot backups of their files onto removable media (eg, tape, etc). They just trust that a three/four way redundant RAID array is "backup."
No, this isn't a backup strategy. It's a zero-downtime strategy, but it is not a backup strategy. There's a difference between the two.
2. Lots of organizations that are in a 24x7 uptime situation aren't making the time or the infrastructure to allow for system updates. For the zero-downtime shops, they need to look into a technique that used to be done in the days of mainframes: an "alpha" and a "beta" system.
The "alpha" system would be where you were currently running your live databases/applications/etc. The "beta" system would be another whole computer system, with similar peripherals, that would run a non-live version of your applications/databases to test software updates for compatibility, get bug shaken out, etc.
When the folks running IT were comfortable with the software updates and system changes, they'd "flip-flop" the alpha/beta systems, so that the alpha became the next cycle's beta, and the current beta became the live alpha system. This was done to minimize downtime during upgrades.
Today, no one wants to spend one dime more on systems or software than absolutely necessary, and it shows in their vulnerability.
3. The outsourcing of work that your organizations should be doing themselves is a huge vulnerability. Several huge attacks have come into dozens and dozens of companies through these "managed software provider" outfits. This is like leaving your backdoor unlocked and wide open, and thinking that you can feed the neighbor's dog a hamburger every now and again and "he'll watch our open door and keep us safe."
Find and retain your own IT talent, and then get them some training in security. Subscribe to a security intel service to get an idea of what the developing threats are. Design your systems for redundancy and uptime.
The situation is as bad as it is because people got lazy. I have little sympathy for lazy people.