never give unauthorized access to the data...
Thats a fine crystal ball you have there sir.
A global software-as-a-service platform catering to accountants is in damage control mode after a malware infection knocked its services offline. Netherlands-headquartered Wolters Kluwer, the software company behind the CCH suite of web-based tax preperation tools for professional accountants, said in a statement it does not …
" ... CCH suite of web-based tax preperation tools for professional accountants." (sic)
So which tools do unprofessional accountants use?
Perhaps we should sell wire strippers for qualified electricians ...
Spanners for qualified mechanics ...
A full manual for professional MS Office users ... oh sorry, that's just pushing expectation too far!
I'm assuming that, given the number of times we hear of companies being hit by ransomware and paying up, those backups aren't as common as you'd like to think.
I'm also assuming that, once they've been subject to that kind of extortion, a proper backup system must start looking like a golden investment.
But maybe I'm assuming too much there.
Backups - even if they hare made, are they frequent enough and tested for a full bare-metal recovery?
It is a bit like UPS support: few are willing to send Igor to throw the big red switch and see how the whole building copes with a power outage (you know, to see if aircon holds up while servers are shut down in an orderly manner, etc, instead of overheating).
Been there, done that, had the complete server room offline. At one client, a new manager decided to actually test the UPS, as opposed to assume the UPSes report that everything was working was correct.
The batteries were at 100%, according to the UPS, they held a grand total of less than 1 second!
Nope, the batteries had gone bad and the UPS still reported them as good.
This was a large unit for a computer room with an AS/400 and 2 Novell Netware servers.
The NetWare servers recovered without any issues, the AS/400 spit out its dummy (hard drive bearings ceased as they cooled) and refused to come back up.
Quote from the Krebs on Security post linked to in OA
"Accounting Today says the limited ability to share updates angered CCH users, many of whom took to social media to air their grievances against a cloud partner they perceive to be ill-prepared for maintaining ongoing service and proper security online."
Perhaps services companies that depend on the cloud should have a completely separate status reporting system? Just a small system that has nothing in common with the main service (perhaps even with a separate DNS entry).
I recollect that Sony in the US had to resort to a drawer full of old Blackberrys after their hack five years ago...
Biting the hand that feeds IT © 1998–2021