There is no doubt that one of the main assets of a company is the data it stores. Information about customers, employees and finances, among other types of records, should be adequately protected and available whenever they are needed. For this reason, companies that appreciate the value of their data invest adequate resources both into protecting them and to recovering them in the event of a serious incident.
But how serious does an incident need to be for vitally important data to be lost? A recent study by Kroll Ontrack revealed very interesting data gathered using the company's data recovery tool.
Let's look at the main reasons for corporate data loss or leakage. Below is the complete list, together with the proportion of cases for each reason:
- Undetected drives 25%
- Not powering on 11%
- Device dropped from height 10%
- Deleted files 9%
- Corruption 7%
According to the study, the main problem – accounting for 25% of the total number of cases – is failure to detect the storage drive. That is logical, especially if we are talking about hard drives and flash drives, which are used in mass storage devices in all kinds of corporate environments despite being much more prone to failure than other more reliable types of devices, like magnetic tape.
Furthermore, the increased use of solid-state drives (SSD) with flash memory in recent years will undoubtedly have pushed this percentage up. These types of drive offer faster access to data than conventional mechanical hard drives, but also are more prone to failure if used to write data continually, which is why they are not recommended for use in servers or in computers where reliability is critical.
Another of the big problems behind corporate data loss is the device not powering on, which can be caused by a failure in the power supply or in other components. Curiously, in third place, we find one of the reasons that can cause hardware to fail, and that is the device being dropped on the floor from height.
We should bear in mind that normally such hardware failures don't necessarily have to result inirreparable loss of data, as it can usually be recovered by using forensic analysis tools or even, in cases where the device has been damaged but the disk itself still works, by placing the disk in a new device.
In fourth and fifth place in the table, we can find two reasons that tend to be caused by software failures occurring at the same time as the data is being used, or malware that directly affects the stored data. So here we are talking about files being deleted (accidentally or deliberately) or becoming corrupted.
Both of these reasons can be caused by the user making a bad decision or by a system failure, but in recent months we have seen how ransomware has become a major threat to corporate environments and its malicious actions can include the two causes of data loss mentioned above.
Data corruption is self-evident, given that ransomware encrypts the files, making them inaccessible unless they are decrypted. In order for that to happen, cybercriminals will demand a ransom, which may be large or small. It goes without saying that we do not advise paying such ransoms, because by doing so we would be giving these criminals more of an incentive to keep creating new versions of similar threats.
As for data deletion, we have recently seen cases of ransomware like Jigsaw, which deletes a certain number of files every so often if we do not yield to its demands, and deletes even more files if we try to restart the system.
The importance of prevention
Faced with such incidents, which can put companies in a serious predicament if they do not respond in the right way, the best solution is prevention and having sufficient measures in place to recover the affected data as quickly as possible, so that the company can keep its operations running normally.
Here we are talking about things like security measures provided by an antivirus solution if we want to prevent the kinds of damage that malware can cause. For hardware failures though, the best thing is to have a backup system that can quickly restore not only the data, but also the system on which it is stored, thus minimizing the response time and enabling the company to keep operating normally.
We have to bear in mind that the results of this type of incident can be irreparable, so it is best to be prepared so you can respond adequately if and when it does happen.
Article by Josep Albors, WeLiveSecurity analyst.