Hospital Pays $55K Ransomware Demand DESPITE Having Backups

This article is a great example of needing to understand both your RPO (recovery point objective) AND your RTO (recovery time objective).  In the event of a system outage or a ransomware attack, having your data is only half the battle.  You also need the ability to restore that data in a timely manner.  Timely in this this situation is defined as the ability to restore data quickly enough as to not impact business functions.  The hospital in this article had the data they needed in their backups, but could not restore the data quickly enough.  The data had no practical value, so the ransom had to be paid to keep the hospital open.

Backup/Recovery and Disaster Recovery plans need to take into account both RPO and RTO and these goals need to be verified and tested on a regular basis.  Testing gives the peace of mind an organization needs and wants when an attack occurs.

Emergency Patches, Patch Tuesday and the Great Anti-Virus Compatibility Challenge

Several (50+) patches were released by Microsoft yesterday as part of their patching cycle for January.  Add to these out-of-band emergency patches designed to mitigate and/or resolve the vulnerabilities associated with Meltdown and Spectre, and sysadmins and security admins around the world are incredibly busy this week.

Complicating matters is the challenge of verifying your anti-virus and anti-malware software is compatible with Microsoft’s emergency patches, specifically in terms of the needed registry flags.

Take a moment and familiarize yourself with the updates from Microsoft, Adobe and others and patch accordingly once your testing is complete.


Microsoft Confirms Windows Performance Hits with Meltdown, Spectre Patches

This is the problem many of us feared.  This is the issue that is going to ring louder than the actual security implications of chip-set level vulnerabilities.  When system performance is directly impacted, end users notice and respond.  This type of issue is going to further deter proper patching and vulnerability management.