Tuesday, June 9, 2015

Kroll Ontrack Research: Data loss due to IT administrator oversights may heighten information security risks

Complex enterprise storage environments call for more thorough backup protocols and investment in technology safeguards

MINNEAPOLIS – June 9, 2015Kroll Ontrack today released its most recent list of common IT administrator errors that can lead to data loss and network downtime. The findings indicate that the complexity in storage environments and sheer growth in data volume can mean impactful data loss when human error strikes, leaving many organizations vulnerable to security risks and financial implications if they do not properly invest in and adhere to technology risk management policies.

“The complexity involved in managing today’s virtual IT environments combined with the growing amount of data that streams through corporate networks require diligent IT administration and effective data management policies,” said Todd Johnson, vice president of data and storage technologies, Kroll Ontrack. “Nevertheless, humans are not infallible, and accidental deletion or a failed backup can result in unknowingly losing customer or proprietary information or the inability to access important evidence required to diagnose a security event.”

A recent EMC survey found that companies lose more than $1 million annually because of data loss and that 26 percent of data loss instances are the result of accidental user error. In the event of a security breach, human error resulting in failed data backup could mean a company is without vital event log information to articulate where the attack or malware originated. Additionally, for organizations facing stringent regulatory requirements, a vulnerable information security landscape combined with inadvertent server deletion could lead to loss of audit evidence, leaving organizations open to incurring unnecessary and expensive penalties or litigation.

“Many organizations simply do not invest sufficient resources into understanding threats and risk or orchestrating policies based on those threats and risk. Add to the mix common IT oversights, and you’ve got a compelling story for security vulnerability and data loss,” said Dr. Richard Scott, director of information security, Kroll Ontrack. “Prioritizing hardware upgrades, rigorously testing and validating IT network processes, investing in skilled and experienced professionals, and enlisting the support of a data recovery expert are fundamental precautions every business decision maker must consider.”

The following are the most common IT mistakes or oversights that could lead to data loss and security vulnerability, according to Kroll Ontrack:

  1. Failure to document and execute established IT, retention and backup procedures. A test server moves into production, but no one informs IT that it is now capturing valuable data, and the data is not being backed up. In another scenario, the departure of a key knowledge holder for the environment creates confusion or an undocumented pool of unknown detail about the configuration and use of the system.
  2. Failure to backup effectively. In a recent survey of Kroll Ontrack data recovery customers, 61 percent had a backup in place at the time of loss – either the backup was not functioning properly, the desired storage device was not included in the backup or the backup was not current. Testing backup policies, identifying correct storage and validating backup integrity are critical.
  3. Delay in infrastructure or security investments. Many cases of data loss are a result of companies failing to invest in infrastructure updates or security.
  4. Failure to adhere to and maintain relevant security policies and/or keep OS and security controls up to date. Even the smallest failure in IT security can lead to devastating results, including data loss and expense. Administrators need to leverage elevated privileges appropriately, restrict passwords only to required users, and change them when an IT administrator leaves the company. Adequately update OS security patches and malware protection controls to guard against cyber-attacks and malicious agents.
  5. Deleting data that is still in active use. Kroll Ontrack routinely performs data recovery on tapes or server networks that are thought to be out of use, but still contain active data.

Kroll Ontrack recommends IT departments adhere to these best practices in light of data loss to ensure the best chance for an effective resolution:

  • Avoid panicking and rushing to action. If data loss happens, companies should not restore data to the source volume from backup because this is where the data loss occurred in the first place. They also should not create new data on the source volume, as it could be corrupt or damaged.
  • Be confident in skills and knowledge. IT staff must help leadership avoid making decisions that do more harm than good. When specifically faced with a possible data loss event, the volume should quickly be taken off line. Data is being overwritten at a rapid pace, and the volume should not be formatted to resolve corruption.
  • Have a plan. Staff should follow established ITIL processes and ensure data center documentation is complete and revisited often to ensure it is up to date. In particular, IT staff should not run volume utilities (CHKDSK/FSCK) or update firmware during a data loss event.
  • Know the environment (and the data). IT staff must understand what their storage environments can handle and how quickly it can recover. Knowing what data is critical or irreplaceable, whether it can be re-entered or replaced, and the costs for getting that data up and running to a point of satisfaction is important. Staff must weigh the costs and risks when determining what is most urgent – getting their systems up and running quickly or protecting the data that is there.
  • When in doubt, call a data recovery company. While the manufacture or vendor may be a good starting point, the value of data and the potential for data loss when getting a system back up and running may not be top of mind. Staff should be sure to consult a reputable data recovery company if concerns over data loss potential arise.

About Kroll Ontrack Inc.
Kroll Ontrack provides technology-driven services and software to help legal, corporate and government entities as well as consumers manage, recover, search, analyze, produce and present data efficiently and cost-effectively. In addition to its award-winning suite of software, Kroll Ontrack provides data recovery, data destruction, electronic discovery, consulting and document review. For more information about Kroll Ontrack and its offerings please visit: www.ediscovery.com or follow @KrollOntrack on Twitter.

# # #

Media Contact:
Kristin Husom, 952-516-3781, khusom@krollontrack.com