There is no doubt that one of the main assets of a company is the data it stores. Information about its customers, financial or employee planning, among other types of records, should be adequately protected and available whenever they are needed.
For this reason, companies that care about such data invest adequate resources into protecting them and recovering them in the event of a serious incident, according to ESET Southern Africa.
But how serious does an incident need to be for vitally important stored data to be lost? A recent study by Kroll Ontrack revealed some interesting data gathered using the company’s data recovery tool.
Let’s look at the main reasons for the loss or leakage of corporate data; below is the complete list, together with the proportion of cases for each reason:
Undetected drives – 25%;
Not powering on – 11%;
Device dropped from height – 10%;
Deleted files – 9%; and
Corruption – 7%
According to the study, the main problem, accounting for 25% of the total number of cases, is failure to detect the storage drive.
That is logical, especially if we are talking about hard drives and flash drives, which are used in mass storage devices in all kinds of corporate environments despite being much more prone to failure than other more reliable types of devices, like magnetic tape.
Furthermore, the increased use of solid-state drives (SSD) with flash memory in recent years will undoubtedly have pushed this percentage up. These types of drive offer faster access to data than conventional mechanical hard drives, but also are more prone to failure if used to write data continually, which is why they are not recommended for use in servers or in computers where reliability is critical.
Another of the big problems behind data loss is the device not powering on, which can be caused by a failure in the power supply or in other components. Curiously, in third place, we find one of the reasons that can cause hardware to fail, and that is the device being dropped on the floor from height.
We should bear in mind that normally such hardware failures don’t necessarily have to result in irreparable loss of data, as it can usually be recovered by using forensic analysis tools or even, in cases where the device has been damaged but the disk itself still works, by placing the disk in a new device.
In fourth and fifth place in the table, we can find two reasons that tend to be caused by software failures occurring at the same time as the data is being used, or malware that directly affects the stored data. So here we are talking about files being deleted (accidentally or deliberately) or becoming corrupted.
Both of these reasons can be caused by the user making a bad decision or by a system failure, but in recent months we have seen how ransomware has become a major threat to corporate environments and its malicious actions can include the two causes of data loss mentioned above.
Data corruption is self-evident, given that ransomware encrypts the files, making them inaccessible unless they are decrypted, and in order to do that the cybercriminals demand a ransom, which may be large or small. It goes without saying that we do not advise paying such ransoms, because by doing so we would be giving these criminals more of an incentive to keep creating new similar threats.
As for data deletion, we have recently seen cases of malware like Jigsaw, which deletes a certain quantity of files every so often if we do not yield to its demands, and deletes even more files if we try to restart the system.
The importance of prevention
Faced with such incidents, which can put companies in a serious predicament if they do not respond in the right way, the best solution is prevention and having sufficient measures in place to recover the affected data as quickly as possible, so that the company can keep its operations running normally.
Here we are talking about things like security measures provided by an antivirus solution if we want to prevent the kinds of damage that malware can cause. For hardware failures though, the best thing is to have a backup system that can quickly restore not only the data stored but also the system on which they are stored, thus minimizing the response time and enabling the company to keep operating normally.
It is vitally important for companies of all sizes to ensure that they have an end to end holistic approach to data security, including essential protection for data loss or leakage though antivirus solutions and backup systems.
Furthermore, considering the ever increasing data protection laws globally and especially in south Africa with the new POPI laws, companies need to look at security in a layered approach bringing in various security solutions to create a secure environment.