December 7, 2023

More economics tomorrow. Today, backups.

Cyberspace, technology, and backups

The internet is complex. And, with any complex system, populist politicians and CEOs are invoking spectres to stoke fears of impossible things. All the while, doing nothing to regulate the real and persistent threats.

Hacking has been a word thrown around by the press since the early days of computers and networks. Hackers are those evil 12 year olds who steal your data and sell it on the Dark Web for crypto candies. Unless they are White Hat Hackers who work for the government because they have been caught and turned into agents of the state on promises of avoiding prison.

Hackers have remarkable skill sets and they are all as cool as Salander. And, all of them can access any computer anywhere at any time.

Also, AI. Fear it for it will destroy humanity, but also believe it is our salvation and give AI companies lots of money.

Just this week we have seen some pretty remarkable silliness when it comes to stoking fears of our allies.

Republicans are now concerned that Chinese-made batteries are spying on the US military. Anti-China sentiment and legitimate concerns about supply chain security is an issue. And sure, there is no way for a grid-level battery storage device which is not connected to the internet and doesn't have communications infrastructure even as part of its system. But, Chinese hackers! Be afraid.

Google announced Gemini AI. Sure, it isn't available yet and is only a promise of some stuff in an ad. But, AI!

Russia is going to steal our elections through hacking! Never mind the massive threat to democracy from the Far Right that believe all sorts of nonsense is true and cannot tell the difference when being manipulated through sophisticated social media operations. No, hackers will change your votes!

Real security issues

Meanwhile, in the real world, there are some very serious things happening that we are not paying attention to.

Very high profile organizations and individuals are being hit by ransomware attack. These are where phishing of credentials is done to gain access to internal networks or unpatched bugs are abused to install software. Once access is gained, software is run to encrypt the entire local copy of your data and destroy backups.

The only way to get access to your data if this happens is to pay the ransom to the criminal gang for the decryption key.

Criminal gangs operating online are targeting any large organization stupid enough to be connected to the internet and using primarily MicroSoft products without the requisite security systems.

Even with the requisite security systems, MicroSoft products are giant targets for bad actors.

(Even organizations not relying on MicroSoft can be targeted, but let's be honest, it is mostly MicroSoft garbage software like Windows that is the problem.)

Ransomware is a huge threat to even well provisioned organizations. These criminal gangs are extremely well organized and getting access to credentials is not hard for a determined bad actor.

Most of the left's organizations are not equipped to deal with a full attack on our systems that bring them down. Few of our organizations have developers in house, but we do have huge amounts of personal information that cannot be leaked.

If you do not pay, your data can be leaked anyway. So, while this advice will not solve the leaking part of that problem, they will solve other parts and get you back up on your feet faster. Some major things we should be considering as individuals and as organizations in the face of real threats are related to backups and the threat that not having good backup solutions solve.

The key to reviving from a ransomware attack (and not paying for the key) is proper backups.

This goes for individuals as much as it does for organizations. If you need help setting these systems up, ask for it. Don't let a bad disk drive or poor password security result in the loss of all your digital assets.

Immutable backups

Most systems are backed-up in a way that the corruption of data or access to admin accounts can lead to the destruction of that backed-up data.

For example, if your backup is a simple replication of your local data, then if your data is lost locally, then a replication can then over-write the backup with that lost data version essentially deleting information in your backup.

If the local data is locked by ransomware—which is a process where a criminal organization encrypts your local data—then a back-up of that system can result in your backup encrypted by the same ransomware

If a bad actor gets access to your admin account (because your elected leaderships' password is "Solidarity!") then a backup can be deleted before ransomware is installed.

It is for these reasons that a backup system should be immutable. That is, previously backed-up data should not be able to be changed simply through admin/user account access. An organization should not allow the deletion of information in a backup except along a specified automatic timeline for deletion.

Notifications

Your backup system should have notifications if your system is changed substantially more than on average.

Organizations have regular workflows and data changes at a rather constant rate plus or minus some standard variation.

If data changes in a backup in a substantial way, then you should be notified immediately because it is an indication there is likely something wrong.

Versioning

Backups should be versioned. You should be able to go back a day, a week, a month, even a year and get that version of the data.

Documents can be accidentally deleted or bad actors can alter data over time. It is important that data can be retrieved going back at different time intervals to see when those accidental or bad actor changes occurred.

Encryption

Backups for our organizations should be encrypted at rest and in transit. That means that backups should be done using tried and tested open source backup software.

That software should encrypt the backup and allow storage of those encryption keys off-site.

Backups should be tested

If you have not tested your backup solution, you don't really have a backup solution.

Backups seem rather simple, but they can get rather complicated if you are doing them correctly.

Even the most experienced IT professional has locked their encryption keys in their backup accidentally. Or, has a variable wrong and the backup is missing something in the backup.

Only through testing the backup process regularly can these mistake be avoided.

Not only should the backup be tested for functionality, but full system restore in the face of a ransomware attack is important to test.

If your organization has been hit by ransomware, but you can restore from your backups, then it is possible to recover from these attacks—after finding the hole in your security that the attacker crawled through.

Our organizations are targets for bad actors. We have reams full of personal data. And, generally we do digital security and privacy poorly.

While good backups solutions do not solve all issues, I cannot stress enough that backups are essential to our organizations digital health in the face of common real threats.

For other issues that we need to solve, see previous articles about online security.

There are many different backup solution, some software options include the following:

  • Borg
  • Restic
  • rclone
  • rsync

Spending some time over the holiday break to backup your stuff is not a terrible waste of time.