Bareos<p>Why is Bareos the choice of IT professionals for backup solutions? Flexibility, reliability, and open-source. <br>Dive in: www.bareos.com<br><a href="https://social.cologne/tags/Bareos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bareos</span></a> <a href="https://social.cologne/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://social.cologne/tags/DataProtection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DataProtection</span></a> <a href="https://social.cologne/tags/BackupSolutions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BackupSolutions</span></a> <a href="https://social.cologne/tags/DisasterRecovery" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DisasterRecovery</span></a> <a href="https://social.cologne/tags/CloudBackup" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudBackup</span></a> <a href="https://social.cologne/tags/DataSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DataSecurity</span></a> <a href="https://social.cologne/tags/RansomwareProtection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RansomwareProtection</span></a> <a href="https://social.cologne/tags/ITSupport" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITSupport</span></a> <a href="https://social.cologne/tags/TechTips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechTips</span></a> <a href="https://social.cologne/tags/DataLossPrevention" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DataLossPrevention</span></a> <a href="https://social.cologne/tags/Bareos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bareos</span></a> <a href="https://social.cologne/tags/StorageSolutions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StorageSolutions</span></a> <a href="https://social.cologne/tags/SMBTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SMBTech</span></a></p>
Recent searches
No recent searches
Search options
Not available on mastodon.xyz.
mastodon.xyz is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance, open to everyone, but mainly English and French speaking.
Administered by:
Server stats:
817active users
mastodon.xyz: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#RansomwareProtection
0 posts · 0 participants · 0 posts today
Erik van Straten<p>EvS infosec myth#2: ransomware</p><p>"Ransomware" as in, cybercriminals want you to pay - to prevent further (reputation) damage caused by publishing confidential data, phishing/threatening your stakeholders, and/or performing DDoS attacks, and/or by letting you regain control of encrypted storage by "selling" you a decryption key.</p><p>Actually there are two myths related to "successful" ransomware attacks:</p><p>2.a) It is easy to prevent becoming a victim of a (devastating) ransomware attack;</p><p>2.b) Every organization can, at any time, become a victim of a devastating ransomware attack.</p><p>Nearly every organization that becomes a victim of a ransomware attack will cry out myth 2.b): "This can happen to anyone" and lie "Protecting your data and privacy is of the utmost importance to us. Unfortunately [...]".</p><p>Such a red flag typically means: "We did not take cybersecurity as serious as MOST OTHERS do, which is why the attackers CHOSE US".</p><p>If 2.b) (protection is impossible) were true, we should stop digitalizing everything and return to pen and paper.</p><p>OTOH, designing and implementing effective cybersecurity incident prevention measures is far from simple. For example, from [1]:</p><p>"It is extremely difficult to prove something cannot happen".</p><p>Since (residual) risk is usually calculated by:</p><p> CHANCE x impact</p><p>and if, w.r.t. "chance", you take into account that "it never happened to us before", while you (should) know that the impact may be devastating, this resembles what I call the "Fukushima effect" (a totally unexpected disaster).</p><p>IMO, the higher the impact, and the higher the chance of underestimating the chance of an infosec incident with a possible (high to devastating) impact taking place, the higher we should OVERESTIMATE the chance of such an incident happening.</p><p>OKAY, THE RISK IS HIGH, GOT IT<br>However, what are the most effective measures to prevent succesful ransomware attacks? When is "getting our job done" becoming too hard? What if measures would cost so much money that our profits will turn negative? What if our competitors don't act as well?</p><p>And: should we, as an organization, take the (secondary) risks of STAKEHOLDERS (such as customers and citizens) into account when determining OUR risks (what, in the end, will it cost US)? How effective is damage control such as described by myth 2.b)?</p><p>Or can we get away with it by telling stakeholders "It doesn't matter that WE leaked your PII, since your PII will be leaked anyway"?</p><p>Note that this was even stated by the Dutch privacy watchdog in their "2022 data breach report" [2]:<br>——{<br>5 jaar datalekken: iedereen kan slachtoffer worden</p><p>Ga ervan uit dat je persoonlijke gegevens al eens gelekt zijn, of dat dit nog gaat gebeuren. Maar je kunt<br>jezelf beschermen: maak daar werk van.<br>}——<br>Which roughly translates into:<br>——{<br>5 years of data breaches: everbody can become a victim</p><p>Presume that your PII have bean leaked, or that it will happen. But you can protect yourself: work on that.<br>}——</p><p>I very much dislike the latter two lines of text. GDPR (called AVG in NL) has evidently failed to protect us.</p><p>And it is not the job of customers and citizens to prevent that OTHERS leak their PII (Personally Identifying Information, including other data that should be treated as confidential - and should never be sold).</p><p>IMO, the ROI (Return of Investment) of cybersecurity measures is simply way too low. Security and privacy will deteriorate even further if we do not solve the problem at hand immediately (artificially, by stricter governmental regulations and devastating fines for offenders), and if we don't stop introducing new risks (such as EDIW [3]).</p><p>"Security measures are too expensive" is NEVER a valid excuse.</p><p>Final note: this post was influenced by what Hagen Bauer (<span class="h-card" translate="no"><a href="https://infosec.exchange/@hagen_bauer" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>hagen_bauer</span></a></span>) wrote -in German- [4] earlier today, regarding the unxpectedness of falling pray to a ransomware attack.</p><p>[1] <a href="https://www.theregister.com/2024/02/25/security_not_different/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2024/02/25/sec</span><span class="invisible">urity_not_different/</span></a></p><p>[2] (PDF, Dutch) <a href="https://www.autoriteitpersoonsgegevens.nl/uploads/2023-06/AP_Rapportage_datalekken_2022.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">autoriteitpersoonsgegevens.nl/</span><span class="invisible">uploads/2023-06/AP_Rapportage_datalekken_2022.pdf</span></a></p><p>[3] <a href="https://infosec.exchange/@ErikvanStraten/111994271645187752" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/111994271645187752</span></a></p><p>[4] <a href="https://infosec.exchange/@hagen_bauer/111996774704239468" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@hagen_bauer/</span><span class="invisible">111996774704239468</span></a></p><p>——<br>Previous myth#1: "Not my problem": <a href="https://infosec.exchange/@ErikvanStraten/111996985377746835" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/111996985377746835</span></a></p><p><a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a> <a href="https://infosec.exchange/tags/ransomwareProtection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomwareProtection</span></a> <a href="https://infosec.exchange/tags/myth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>myth</span></a> <a href="https://infosec.exchange/tags/myths" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>myths</span></a> <a href="https://infosec.exchange/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GDPR</span></a> <a href="https://infosec.exchange/tags/AVG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AVG</span></a> <a href="https://infosec.exchange/tags/AP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AP</span></a> <a href="https://infosec.exchange/tags/autoriteitPersoonsgegevens" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>autoriteitPersoonsgegevens</span></a> <a href="https://infosec.exchange/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Privacy</span></a> <a href="https://infosec.exchange/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PII</span></a> <a href="https://infosec.exchange/tags/leaks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>leaks</span></a> <a href="https://infosec.exchange/tags/breaches" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>breaches</span></a> <a href="https://infosec.exchange/tags/dataBreaches" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dataBreaches</span></a> <a href="https://infosec.exchange/tags/cyberSecurityBreaches" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cyberSecurityBreaches</span></a> <a href="https://infosec.exchange/tags/risk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>risk</span></a> <a href="https://infosec.exchange/tags/risks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>risks</span></a> <a href="https://infosec.exchange/tags/chance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>chance</span></a> <a href="https://infosec.exchange/tags/impact" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>impact</span></a> <a href="https://infosec.exchange/tags/disaster" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>disaster</span></a> <a href="https://infosec.exchange/tags/ROI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ROI</span></a> <a href="https://infosec.exchange/tags/measures" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>measures</span></a></p>
IT News<p>How Does a Ransomware Negotiation Work? - Criminals have always held people hostage to get what they want. In the modern dig... - <a href="https://readwrite.com/how-does-a-ransomware-negotiation-work/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">readwrite.com/how-does-a-ranso</span><span class="invisible">mware-negotiation-work/</span></a> <a href="https://schleuss.online/tags/ransomwareprotection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomwareprotection</span></a> <a href="https://schleuss.online/tags/dataandsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dataandsecurity</span></a> <a href="https://schleuss.online/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://schleuss.online/tags/cyberattack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cyberattack</span></a> <a href="https://schleuss.online/tags/negotiation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>negotiation</span></a> <a href="https://schleuss.online/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a> <a href="https://schleuss.online/tags/readwrite" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>readwrite</span></a></p>
IT News<p>Air-Gapping in the Cloud: A Buzz or Necessity? - Air-gapping is becoming more and more common in the data protection and backup and... - <a href="https://readwrite.com/2022/01/21/air-gapping-in-the-cloud-a-buzz-or-necessity/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">readwrite.com/2022/01/21/air-g</span><span class="invisible">apping-in-the-cloud-a-buzz-or-necessity/</span></a> <a href="https://schleuss.online/tags/ransomwareprotection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomwareprotection</span></a> <a href="https://schleuss.online/tags/itinfrastructure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itinfrastructure</span></a> <a href="https://schleuss.online/tags/dataandsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dataandsecurity</span></a> <a href="https://schleuss.online/tags/dataprotection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dataprotection</span></a> <a href="https://schleuss.online/tags/datasecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>datasecurity</span></a> <a href="https://schleuss.online/tags/air" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>air</span></a>-gapping <a href="https://schleuss.online/tags/cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloud</span></a> <a href="https://schleuss.online/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://schleuss.online/tags/work" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>work</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload