Blogs

Jul 2017
11

Ransomware Threat Predictions for 2017 and Beyond

 
A person with a crystal ball

Ransomware is now the biggest security threat for organizations worldwide. Recent WannaCry and Petya attacks have heightened these fears, forcing companies to re-evaluate their security measures and policies. The reactive approaches companies are taking is slightly problematic because cyber criminals are only getting more sophisticated...attacks are escalating, new strains are constantly being developed and employees are still not aware of what ransomware is, making it difficult to stay one step ahead of the cyber criminals.

Here are some statistics and trends about ransomware that your organization should be aware of that will assist you when planning your cyber security policies.

1. Myth — only certain industries and organizations are targeted

Fact: Every industry and organization is at risk. Cyber criminals simply want money, hence why they target businesses of all sizes. Although big businesses have the multi-million dollar budgets, smaller organizations are also targeted because they are in fact most likely to pay the ransom because lengthy periods of downtime or data loss will put them more at risk of going out of business.

2. Two thirds of ransomware infections in Q1 2017 were sent via Remote Desktop (RDP)1

Working remotely coupled with BYOD is where most vulnerabilities are stemming. With statistics showing that 66 per cent of employees don’t know what ransomware is, mitigate risk within your organization and train your entire staff on best practices regarding phishing emails and links, malicious websites, etc.

3. Phishing techniques have become much more advanced

Prior to 2015, phishing tactics used to consist of mass email campaigns trying to trick unsuspecting victims. Most knew they were involved in a scam as these emails were littered with spelling and grammar mistakes, incorrect branding in messages, wrong/outdated company logos, etc. Now, cyber criminals carry out targeted and focused tactical email campaigns as part of phishing attacks and with new natural language processing enhancements (including AI technology), this has fixed the majority of the grammatical errors, making malicious websites and emails that much more difficult to detect.

4. Downtime when recovering files is hurting most companies

Reports from Gartner calculated that downtime can reach 87 hours a year (about 200 minutes on average) ranging anywhere from a few minutes to a few hours. When network services are unavailable, employees can’t work, and the duties that they perform to keep your organization afloat aren’t getting done. Downtime as a result of a ransomware attack means loss of productivity, profit and customers. Depending on the size of your business, minutes or hours of downtime may result in your organization going out of business.

Here are other ways downtime can affect your organization:

  1. Threats of lawsuits – Businesses could be at the receiving end of lawsuits if they do not have proper cybersecurity protocols in place.
  2. Data breaches – If personal data was leaked or deleted this may result in litigation or fines for not adhering to compliancy.
  3. Damage to brand reputation – If you’re not able to serve your customers due to downtime, your customers may vent on social media platforms, causing damage to your brand image.
  4. Loss of profit – On average, businesses lose between $84,000 and $108,000 (US) for every hour of IT system downtime. For a large organization, this may result in higher costs with little impact to their business but for small-medium sized business, the hourly cost may be lower, however the negative impact on the business is usually much larger.

Are you ready to learn how our solution can help your organization survive after a ransomware attack?

1. Crowe, Jonathan. "Ransomware Growth by the Numbers: Ransomware Statistics 2017." www.blog.barkly.com. n.p., June 2017. Web. July 2017.

Contact a Recoverability Specialist

Spice IT Email Post
Jun 2017
15

Top Six Concerns of IT Professionals in 2017

 
Specialist at a datacenter

Since 2016 the landscape of information security has changed. There have been new strains of malware developed, new phishing techniques, cyber security breaches, new developments to security and compliance as well as debates about security and privacy. With all these new developments in the IT landscape, here are six factors that IT professionals are most concerned with.

1. Cybersecurity: Recent reports found that cyberattacks/web based threats have been growing quickly over the last couple of years, and there's nothing to indicate they won't keep increasing. Even with all the advancements in cybersecurity, most professionals are aware that these advancements are not making systems and networks any more stable. They also realize that their systems can be hacked at any time as employee negligence is still the number one reason for cyber security breaches. Here are three other concerns relative to cybersecurity:

  • General lack of knowledge and awareness about cyber security
  • Too many versions of technology. Most companies have a combination of old/outdated software with new technologies making IT systems within organizations complex to manage
  • Lack of time, money and general resources to implement a comprehensive security solution

2. Ransomware: This form of cybercrime has grown exponentially since 2015. Criminals are much more sophisticated in coding, system and network configurations, making ransomware more difficult to detect. The fear of ransomware is prompting most IT professionals to ask not if they’ll encounter a breach but when they’ll encounter an attack.

3. Data classification: Although data classification is a fairly simple concept, it is quite difficult to implement and can cost your company thousands if not done correctly. Many organizations face the fundamental problem of not having any data classification systems in place and not being able to classify what information is deemed critical for business operations on an on-going basis. Not knowing this information can be detrimental to your business operations.

4. Protecting Endpoint Devices: According to a Promisec survey 89 per cent of VPs and C-Level IT professionals are concerned about security breaches on endpoint devices, while a mere 32 per cent actually have endpoint protection in place. The reasons why endpoint device protection is such a concern is because:

  • IT professionals do not know all of the endpoints within their corporate environment. They don’t have full line of sight into who owns and manages these devices, what types of work and data are on them, and how they will be protected. Without this endpoint visibility, the chance of protecting corporate data are slim to none
  • There are gaps and vulnerabilities in endpoint protection (i.e. the lack of complete and regular rollouts of software patches, gaps in blocking applications, etc.)
  • Up-to-date antivirus software is not sufficient to ensure proper coverage of endpoints

5. Compliance: Whether it’s the healthcare, financial or legal verticals, many industries have strict regulations on how organizations handle their business-critical data. Within the last few years, there have been enormous changes to the way data can be acceptably classified, and IT pros admit they’re not ready for these key changes due to the fact that they don’t really understand what exactly is being asked of them to comply with these ever-changing regulations.

6. Data Breaches: As data breaches continue to increase, more organizations are at risk of losing confidential consumer and corporate data. Studies have shown that less than 25 per cent of professionals are confident in their company system’s ability to mitigate the risk of security incidents. This number is frightening, as data breaches can mean you’ve lost one crucial element to your business – your customer’s faith (and most likely their business). And because cyber breaches can severely impact all areas of business, IT pros are looking for best practices, advanced compliance and signature-based security technologies.

What can you do as an IT Professional?

  • Educate your staff on all the threats out there and make sure there are no gaps in process, skills, and training.
  • Have current/up-to-date technology and software needed to defend against all threats.
  • Leverage new/existing security controls for risk prevention.
Spice IT Email Post
May 2017
31

Why Backup is the Only Prevention from Ransomware

 
Laptop screen saying: We have your data. Pay!

This is part four of five in a series on Ransomware that will discuss the growth of ransomware, recent WannaCry attacks, tips to safeguard our data and also includes an interview with our VP of Marketing who shares what Asigra’s solutions can do to prevent attacks.

In 2017, ransomware attacks have skyrocketed and the bad news is that these numbers are getting worse. Reports from CNBC indicate that there has been a 6000 per cent increase of ransomware infections deriving from email and similar reports show that 92 per cent of surveyed IT firms reported their clients had been attacked by ransomware.

In a recent attack in May 2017 (known as WannaCry), critical information was stolen, and encrypted data from the U.S. National Security Agency affected over 99 countries across a wide range of industries. European authorities estimated that at least 200,000 computers in the public and private sector were infected globally.

Organizations who were most vulnerable had old/outdated software (i.e. operating on Windows XP). The infections were deployed via a worm, which initially asked for $300 (£230) in Bitcoin cryptocurrency to unlock the files for each computer. Fines have now doubled to $600 (£348) Bitcoin, with threats of being permanently locked out of systems after seven days of non-payment. Although the attack affected so many companies, payments to the cyber criminals have still been slow, as organizations either a. don’t know where to obtain bitcoin currency and b. know that paying the ransom does not guarantee that the files will actually be retrieved.

Fact: Ransomware is not a new phenomenon, however it has grown exponentially over the last two years. Despite its growth, 66 per cent of people don’t know what ransomware is, and these same people may work within your organization. Therefore, it’s safe to assume that with the proliferation of attacks globally and the lack of education amongst the general public you and your data are at risk. Here are six ransomware best practices you should always keep in mind:

  • Have solid systems, protocols, policies and training in place to prevent infection
  • Train your staff to know what to do when an attack happens
  • Double (and triple) check all email senders. Do not open or download suspicious links, attachments and files
  • Have a robust, up-to-date antivirus software and ensure all firewalls and software are regularly updated
  • Send security tips to ensure your staff is vigilant, informed and educated on ransomware
  • Backup, Backup, Backup!! The truth is that disaster recovery solutions (i.e. data protection strategies, backup with snapshots, CDP, replication for different levels of recovery) and effective data protection are the only two things to thoroughly protect your data.

Ready to Learn More?

Hear our VP of Marketing, Michael Stephens share his insights on CFRB 1010 on these recent attacks and how our solution can help combat ransomware.

Listen to the Interview

Spice IT Email Post
May 2017
9

How Organizations Can Plan for Cloud Computing Costs

 
Manager with currency symbols above his head

If you’re an organization that either uses the cloud, or are considering migrating services to the cloud and are confused about the costs…you are not alone. The costs associated with the cloud are confusing and without proper management and monitoring cloud computing costs can add up quickly leading to your next bill being significantly more expensive than you budgeted for.

Here are three scenarios you’ll have to consider when factoring cloud costs.

If you use SaaS Based Applications (Office 365, Salesforce.com and G Suite)

Instance #1: In this instance you will be billed on the number of resources. The problems that companies may run into is when they over-provision. Choosing appropriate resources within these apps take time, and by choosing too many resources that are most likely not relevant to your business results in inflated costs.

Instance #2: SaaS based providers also charge pay per use or pay as you go. A common misconception is that users are charged per device (i.e. tablet, laptop and smartphone), however charges are based on the number of administrators. SaaS based providers charge in a tiered structure (based on a specified number of users) and once that threshold is capped you’ll be charged when more admins are added as opposed to how many devices you add.

Solution: Perform regular system audits and do thorough research to determine which resources and how many system administrators you actually need.

If you use IaaS/PaaS Based Applications Services (Amazon Web Services and MS Azure)

Both of these platforms boast strong PaaS and IaaS capabilities, but are their billing modules are not the easiest to understand.

Amazon Web Services (AWS): If you use AWS, charges are based on the services you are using, however there are several different variables which can lead to additional costs. These services include: databases, deployment, management, application services, network, storage and how content is delivered. In addition to these major charges, there are three additional service charges based on the location of your data centre, volume and the performance level. Additional features such as VM’s, memory, operating system choice, web service calls to their technical support/customer service departments will all be added on to your bill.

Microsoft Azure: When using Azure, they bill you based on usage, storage, storage transactions and data transfers on a pay as you go pricing model. Here’s where the complexities arise…as long as you have an application instance hosted on Azure, you will be paying a monthly minimum (roughly 80 US dollars), whether you still actively use that app or not. Another factor to consider is data transferring and the charges associated with that. Example: think of your data usage on your cellphone. Once you’ve hit your threshold of data consumed (for example 5 GB/month), you will get a notification from your service provider letting you know that you’re approaching your limit (or in some cases they may even block your data usage to prevent hefty bills). You then have the choice to stop using data or accept the overage charges. Azure works in a similar framework, if your organization is constantly doing data transfers and exceeds their monthly GB limit, your monthly bill will be higher than expected as Azure does not have a GB threshold cap.

Solution: Use the data from previous years to be able to forecast costs for the upcoming year. These services both offer calculators to predict costs, so if your organization’s projections are accurate, the monthly bills won’t be shocking.

Costs Associated with MSPs, Monthly Bills and the Cloud

  1. Moving/Migrating to the cloud: There will be a large upfront cost associated to moving to the cloud, whether that’s a onetime move or done incrementally. Network bandwidth accounts for much of the cost of moving data and cloud providers might charge upload and download fees. Even though data and systems are being hosted off-site, there are internal labor costs that you’re billed for, depending on the workload, instances and number(s) of servers being migrated.
  2. If you store data in the cloud: There are often different pricing tiers of storage which will be added to your monthly bill. Your organization should think carefully when storing data and work with your MSP to decide on the storage tier that is best based on the amount of data that you will be storing.
  3. Fees allocated with testing: You’ll have to test all software and apps before migrating to the cloud to ensure that all systems integrate properly. Depending on how long this testing takes you will see either incremental or drastic costs added to your bill.
  4. Costs associated with rent, utilities and power: This cost is often overlooked and unexpected. Most data centres are offsite and because you’re data is taking up space in the data centre, organizations will be billed accordingly, which can also increase your bill.

Solution: Choose an MSP that is forthcoming with costs and services they can provide, can quickly respond to business demands, reduce costs, manage complexity, keep abreast of industry standards and adopt all facets of technology.

Spice IT Email Post
May 2017
2

What is a Virtual Machine (VM)? – Technology Defined

 
Virtual machines in the cloud

Virtualization is a growing presence in every data centre. It allows you to reduce hardware costs and power consumption; it provides more flexible server provisioning and ensures that IT managers can be more responsive to business needs. VMs offer many benefits to organizations and allows you to not only simplify IT operations, but also to respond quickly to changing business demands.

What is a Virtual Machine (VM)?

A virtual machine is a computer application or file (which is typically called an image) that behaves like an actual computer. It runs on your current operating system in a window on your desktop to allow you to experiment with different operating systems, just like you would on a real, physical machine. Like physical machines, virtual machines have their own virtual hard drive – a large multi-gigabyte file stored on your hard drive which includes hardware, a virtual CPU, memory, network interface and other devices.

Why would you want to create a Virtual Machine?

  • They allow you to experiment with other operating systems.
  • Allows you to work safely with more reliability and security: VMs are essentially like working in a sandbox environment. Working within such a controlled environment when running programs is a good way to learn about operating systems (i.e. Linux Ubuntu). When you’re done evaluating or testing operating systems you can delete the VM or create a snapshot once everything's been configured just in case anything goes wrong.
  • Enables you to consolidate your servers: Up to 10 applications can run on a single VM that may have required several physical servers to operate.

What are some situations where a VM will be used?

Testing Software, New Configurations or Upgrades:

  • New versions of operating systems. This allows you to experiment with different versions of software without installing defunct versions onto your servers.
  • Multiple Platforms. Rather than keeping servers around to test multiple platforms, you can test whether an application works on different operating systems.

Implementing other software systems: you can install various systems within the VM and learn how they work at your own pace.

Using software that uses an outdated OS: there are several programs or laptops that aren’t compatible with Windows XP, however your organization may be using an application critical to your business that only operates in the XP environment. Using a VM allows you to run and use this application without having to actually install outdated software to physical machines.

Using software that needs another OS: If your organization is in a MAC environment and you wanted to run Windows software on this specific OS to test compatibility without using services like Wine or Crossover, VM allows you to run and use this application

Spice IT Email Post
Apr 2017
21

Five Critical Mistakes Managed Service Providers (MSP) are Making

 
Photo with a confused IT specialist

Managed Service Providers ultimately have the same goal – growing business and providing clients with the best IT solutions. However, in the plight of winning business, some fundamentals are often overlooked and the MSP is either left with unhappy clients or lost business. Below are five mistakes MSPs should avoid.

  1. Assuming that all customers/organizations are familiar with all the facets of cloud. MSPs often think and rely on their clients to know their technical needs, however, the reality is that customers don’t have a complete understanding of the complexities and various solutions of backup systems. Potential clients need help understanding the benefits, risks, and costs associated with cloud models. Work with your potential clients to develop (or enhance) a data recovery strategy that will back up and protect their business data, ensuring their business critical data is safe and can be recovered.

  2. Over-promising, yet under delivering. In some circumstances, Service Providers don’t like to admit that they don’t offer certain services/solutions…they fear that this honesty will hinder them from acquiring new business. When you over promise, you’re actually spending more time trying to learn on the job while trying to deliver; which in fact hinders your business as you’re selling your clients short. Be clear on the services you provide, don’t make false promises and be upfront at all times with your client.

  3. Selling products, not a service. As an MSP, not only do you sell technology, you should strive to also sell your expertise, reliability and services. Most organizations are not extremely tech savvy, and they rely on you to provide sound advice and monitor systems to ensure everything is working up to the contractual expectations. By checking in sporadically (not only during the onboarding process but throughout the duration of the contract), you have a pulse on your clients’ needs and are able to fix any issues when and if they were to arise.

  4. Little to no content on website to describe products/services. Most consumers (if not all) are informed buyers, they are doing their due diligence in their research before making a purchasing decision. Therefore, having strong content about your services helps people find you, and also demonstrates that you have the technical wherewithal to deal with IT issues. By having information on the services provided and general industry information, you have forged a relationship of trust with your prospective clients…they begin to trust you and are much more likely to engage with your company and seek your expertise for their business.

  5. Not having a thorough understanding of what your clients really want. Assuming that one solution will suit the needs of all your clients or not selecting the right/suitable service package for your clients’ business needs will hurt your bottom line. Your clients are relying on your expertise to provide them with guidance as well as a sound solution that most adequately suits the needs of their business. By not providing the clear definitions of the scope of your offerings, you’re really undermining the success of your own relationship with your potential client.

By steering clear of these mistakes, new and veteran MSPs can significantly boost their success.

Spice IT Email Post
Apr 2017
7

Fileless Ransomware Infections – How Does This Really Work?

 
Laptop with a lock

This is part three of five in a series on Ransomware that will discuss a new variation of ransomware (known as fileless ransomware), the most targeted verticals, how it works and what IT executives and administrators need to know to combat the ever-changing strains of ransomware.

There is a new variant of ransomware – it’s stealthy, nearly impossible to detect and is forcing more banks, telecommunication companies, government agencies and healthcare organizations globally to pay the ransom to cyber criminals. These attacks are known as fileless or non-malware ransomware and it leverages Microsoft’s PowerShell’s scripting language to target organizations through documents and/or applications that run through macros.

What is PowerShell?

PowerShell is a programming language designed to automate tasks on MS Windows operating environments and includes over 100 command line tools.

How does Fileless Ransomware Work with PowerShell?

Non-malware aka fileless ransomware (unlike traditional ransomware) does not use files to encrypt your data; instead it writes scripts/macros which derive from PowerShell to encrypt the files.

What are the two ways fileless ransomware can penetrate your systems:

Via Phishing Attacks: An email is opened on a device and automatically writes macros directly to your device’s (i.e. tablet, laptop, cellphone or desktop) memory which starts dictating commands of payment as well as encrypting your data.

Via Compromised Websites: An employee browses or visits a compromised/malicious website in which the cyber criminals write scripts to the computer’s RAM to capture some pertinent information which will then either ask for cryptocurrency or immediately encrypt your files.

Why is fileless ransomware unique?

Fileless malware is unique and difficult to detect because the malicious code is embedded into a native scripting language or written straight into the computer’s RAM, where it hides in isolated spots within the computer’s memory. It’s not written to disk nor does the malicious code rely on the hard drive to run these commands.

What are the problems associated with Fileless Ransomware?

  1. Fileless ransomware leaves little trace behind nor can it be detected with any antivirus software.
  2. This ransomware strain allows cyber criminals to have access to your systems, meaning that they can infiltrate your computers, steal your information and encrypt your files without your IT staff even knowing.  
  3. It can lead to more attacks. As the cyber criminals are writing scripts they’re also gathering as much data from the victim’s computer as possible.

What can end users do to protect themselves?

  1. BACKUP YOUR DATA. Monitor your systems frequently and backup regularly so you can revert back to specific points-in-time when you’re systems were free of malware and malicious attacks.
  2. BE VIGILANT. Disable all macros or do not open any files unless the end user is 100 per cent certain the file is not malicious. If there is any cause for concern, contact your MSP or IT administrator immediately.
  3. BLOCK all infected emails, pages, and communication with browsers and servers. Since the cybercriminals will write code to infect email and webpages, block anything that is odd, unfamiliar or sketchy.

Interested in learning how to keep your networks and systems protected against ransomware threats?

Contact a Recoverability Specialist

Spice IT Email Post
Apr 2017
3

Asigra Named a 2017 Top Rated Endpoint Backup Service by Software Users on TrustRadius

 

Toronto, ON – April 3, 2017 – Asigra (www.asigra.com) has recently been awarded a 2017 top rated endpoint backup service badge on TrustRadius based on 40+ in-depth reviews and user ratings. This badge recognizes the best products in a category based on user reviews and ratings. Badges are awarded to products that have an above average satisfaction rating in any segments within their category.

Since receiving our first review in 2014, Asigra has maintained an 8.8 overall rating of our user’s satisfaction of our products which is depicted through the TrustMap*. Included in this total is over 60 per cent of respondents rating Asigra a 9 or higher out of 10.

"Asigra is one of our Top Rated products for 2017, with very strong reviews from end-users on TrustRadius," said Megan Headley, Research Director at TrustRadius. "Asigra is a strong data backup solution and end-users praise the dedupe and compression capabilities, support for cloud, on-premise and hybrid data sources, and the agentless architecture, which reduces the support burden.”

Visit our TrustRadius page to read the positive reviews that we have gotten about our solutions. While there, feel free to write us a review as well to share your experience using Asigra.

If you require any more information on any of our solutions, contact a recoverability specialist at 1-877-736-9901 or email info@asigra.com.

About Asigra

Trusted since 1986, Asigra provides organizations around the world the ability to recover their data now from anywhere through a global network of partners who deliver cloud backup and recovery services as public, private and/or hybrid deployments. As the industry’s first enterprise-class agentless cloud-based recovery software to provide data backup and recovery of servers, virtual machines, endpoint devices, enterprise databases and applications, SaaS- and IaaS-based applications, Asigra lowers the total cost of ownership, reduces recovery time objectives, eliminates silos of backup data by providing a single consolidated repository, and provides 100 percent recovery assurance. Asigra’s revolutionary patent-pending Recovery License Model provides organizations with a cost-effective data-recovery business model unlike any other offered in the storage market. More information on Asigra can be found at www.asigra.com.

*The TrustMap™ is a visual depiction of the best software products as rated by users on TrustRadius within each market segment. TrustRadius does not endorse any vendor, product, or service depicted in its TrustMaps and does not advise software users to select only those vendors with the highest ratings.

Spice IT Email Post
Mar 2017
20

Managed Services vs. Break/Fix IT Services – What Better Suits the Needs of Your Business?

 
Data Center

What is the Break/Fix Service Model?

The Break/Fix model is a fee-based model – as in when something within your IT infrastructure breaks you contact your IT service provider to fix the issue and they bill you accordingly. Considered to be a reactive approach to IT, the broken system can only be used once the IT contractor is on-site, identifies and fixes the problem.

What are Managed Services?

A Managed Service (MS) is where your IT networks are continuously monitored by a third party, who mitigates risk and problems before issues arise. Unlike the break/fix model, the managed service model bills on a monthly basis and is considered more proactive as they employ preventative care. They work to identify potential challenges and threats before these issues disrupt business operations.

What is an appropriate situation that a company would use the break/fix model as opposed to a managed service?

  • If a company was looking to cut costs
  • If a small or medium sized enterprise did not have the financial capital to sustain the monthly bills that are associated with managed services, but has the money to handle fluctuating or ad-hoc costs associated with IT problems
  • If an organization rarely has IT/Technology issues
  • If there was an onsite IT staff who could handle the majority of requests

What are some disadvantages when using the break/fix model?

  • Your IT staff/administrators do not have line of sight into how much the issue will cost, so the unpredictable fees can quickly blow your budget
  • It increases down time which translates into lost business and revenue
  • IT contractors charge on an hourly billing basis and therefore aren’t really interested in making your networks stable in the long run. Typically, they fix the immediate problem as a Band-Aid solution and rarely offer any preventative measures to avert these problems from occurring again

What are some advantages of implementing the MS model?

  • The fees are predicable which most IT departments can support
  • This model comes with easy access to IT professionals
  • Downtime is minimized as risks are monitored and mitigated

Does the Break/Fix Model achieve economic efficiency in the long run?

No. It may save organizations a few dollars in the short term, however, when systems/networks are down your organization is losing money…and the longer the systems are down the more money your organization loses.

Which is the more efficient solution… break/fix or hiring a third party managed service?

The managed services approach is a better solution for businesses of any size because it involves constant monitoring of your network 24 hours a day. A Managed Service Provider (MSP) will detect issues before they develop into larger problems which is all included in their monthly fees.

If you’re still questioning whether your organization should choose the break/fix or the managed service model, consider your organization’s dependency on IT. Long periods of downtime are detrimental to companies of any size, therefore it’s best to have a team of experts at your disposal handling issues before they arise.

Read our data sheet for helpful hints on how to select an MSP that suits your organization’s needs.

Read the Data Sheet

Spice IT Email Post
Mar 2017
8

Why Organisations Should Consider Data Insurance

 
Mark Saville Photo

This is part of a series of interviews with Asigra Partners. In this post we’re talking with Mark Saville, Director at Data2Vault who discusses why companies would need an insurance policy for critical data, the risks associated with only having cyber insurance and the best way to reduce the risks associated with residual loss.

VM: What is Data Insurance (DI)?

MS: DI is a policy issued by underwriters and brokers to protect against the residual risk of permanently losing critical data. It allows you to protect your organisations most critical, unique business assets and offers full financial protection in the case of data loss. We are a unique solution because we are currently the only solution that compensates for data loss as well as the value of our payouts are higher. Think of it like this: data insurance is like fire insurance. You try to avoid the risk as much as possible, but you’ll still need insurance in case the building were to burn down. It’s the same thing in the world of IT… the best practice is that an organisation would have firewalls, antivirus, backup and replication in place, but there is still a residual risk that you may still lose your critical data, and for that reason, this is why you have a data insurance policy.

VM: Why is an Asigra Service Provider involved in Data Insurance?

MS: As an Asigra Service Provider, we have built an Insured Data Environment, which has been certified to give our clients the extra protection they need for peace of mind. It also provides the underwriter with a proven method to recover the clients’ critical data and therefore reduce the likelihood to have to make a significant payout.

VM: If a client has Cyber Insurance, why will they still need Data Insurance?

MS: Cyber Insurance is a valuable policy, but it only protects personal identifiable data and personal sensitive information against copy theft or loss of data through a cyber-threat. If there is no cyber-attack there is no basis for a claim. Data Insurance, on the other hand protects against the permanent loss of critical data. As an example, a pharmaceutical or a food/beverage company may have a loss of formula or patents, which contains no personally identifiable data, and could only be covered by data insurance.

VM: All my data is critical, how do I determine what should be insured vs. what shouldn’t?

MS: That’s really up to the client to determine what is critical vs. what is not. If any of our clients need further clarity to assess what should be covered, we have risk analysts and data classification consultants who will help with the identification and valuation of data if the customer needs assistance. Once the client defines what should be insured, together, with the underwriters Allianz, a fair value will be agreed.

VM: We have seen from the CRA case study that companies operating in high hazard industries (i.e. Nuclear Energy, Rail, Oil, Gas as well as Airlines) should seriously consider insuring their data. Why?

MS: In high hazard industries there is already an appreciation of residual risk, and the cost associated with minimising residual risk to an acceptable level. As these industries increasingly become more digital, the principles of safeguarding against residual risk of data loss becomes equally important. Organisations in high hazard industries are also conscious that the loss of critical data could have extremely negative ramifications on the business (i.e. shutting down after a data loss) and therefore discussing data insurance to residual risk with business executives is a language they understand.

VM: How does Data Insurance reduce the residual risk of data loss?

MS: Even if every possible step to prevent data loss was taken, there would always be a residual risk of data loss. Data Insurance, through an assessment of risk and use of the Insured Data Environment helps reduce the residual risk to an acceptable level and provides both the ability to recover lost data or financial compensation if the data cannot be recovered from the Insured Data Environment.

VM: Why would an organisation need Data Insurance as well as a backup and recovery solution in place?

MS: A commercially licensed and supported Backup and Recovery solution or service is a pre-condition of Data Insurance as it demonstrates the organisation follows good practices in safeguarding their data. With a conventional backup and recovery solution there is no 100 per cent guarantee that any lost critical data can be recovered. Data Insurance covers that residual risk of data loss.

VM: Why is it a pre-requisite that an organisation has a backup and recovery solution prior to obtaining data insurance?

MS: Data Insurance does not replace Backup and Recovery solutions, it augments existing protection. Like many other insurance policies, the client has a small number of pre-requisites to qualify for Data Insurance. A Backup and Recovery solution is a best business practice and the client must also identify and value their critical data which will then be placed into the Insured Data Environment, at this point a Data Insurance policy will be issued.

Interested in learning more about Data Insurance and how to minimise residual risk? Data2Vault is running a series of free seminars throughout March and April across the UK to educate organisations of all sizes on how to protect their business critical assets.

Click on the button below to register and select the venue that suits you best.

Register Now

Spice IT Email Post
Syndicate content
Print this page
Email this page