The Race of the Red Queen
Security, like so many things in computing, is similar to biology. Each organism has natural defenses. Parasites and pathogens must evolve tactics to overcome these defenses to survive. The hosts evolve better defenses. The pathogens evolve better attacks. We often refer to this as the Race of the Red Queen: you must run as fast as possible to stay in the same place.
Protecting your environment and your data is a constant evolutionary battle. As many news headlines have shown, we are always on the losing side. Someone, somewhere, will devise a way to penetrate our defenses. They will always have the leg up on us because, you see, we are not devious enough, and they are motivated by greed or malice. But what if there was a way to leap-frog to the end?
I worked with a SaaS company that was breached by ransomware. In a couple of hours, we lost everything. Absolutely everything. However, the hacker made one mistake: they left the SQL engine running while the program encrypted the disk. Because the data and log files were locked, we could remotely access the server and stream backups off the infected server to a backup drive. We then proceeded to rebuild the entire company from scratch.
We learned many, many lessons recovering from the attack. But the most important was to protect your data at all costs. Many tools and services can help recovery from various kinds of disasters, and indeed, the cloud enables much faster recovery from most disasters. But without uncorrupted data from which to start, you’ll have difficulty recovering from the most catastrophic attacks you won’t see coming because you aren’t devious enough…