Attacks on the EDP of political organizations are increasing. Personal and corporate computers could be infected as collateral damage. Backup copies maintain the ability to act after cyber attacks.
There is a high probability that the infected content will be distributed and clicked on worldwide, since there is great interest in the presidential election, including in Germany. Computers from private users and companies could also be damaged in this digital conflict in this country as collateral damage. The US election serves as a lesson in cyber risks in the election campaign and suggests that similar tactics will be deployed in the run-up to the general election next year.
Spying On And Blackmailing Political Actors
Professional cyber criminals have mastered a wide repertoire of attack techniques with which they can steal data. One of them is currently very popular: ransomware. Attackers use this malicious code to encrypt the data of their victims and extort a ransom for the release of the information. If a political actor no longer has access to their data, political campaigns largely come to a standstill.
Data-driven election campaign activities such as big data analysis, microtargeting and tailored messages to voters via social media no longer work. Parties, for example, can fall behind their opponents, while public perception shifts in favor of the opponents. The situation becomes really precarious
Due to the high level of global interest in the topic, hostile content can easily be smuggled into the stream of many attachments, videos, memes and other digital files and distributed worldwide. It is therefore likely that users in Germany will also click on the offer and thereby infect computers in companies and at home.
Therefore, every organization, whether political party, NGO or classic company, should protect its important data from loss in order to be able to reliably restore it in the event of a successful attack and thus keep the collateral damage as low as possible.
The following four best practices will help put the process on the right footing and take the wind out of the sails of cyber attacks.
1. What Data Needs To Be Recovered And By When?
Organizations and companies should determine in advance which data has which priority. Critical information must be given priority. Parameters for prioritization are the Recovery Time Objective (RTO) and the Recovery Point Objective (RPO). The RTO determines the maximum time that may elapse before all of an application’s data can be accessed again. The RPO provides information about the amount of data whose loss can just about be endured, i.e. how much time can elapse between the last duplication and the attack.
2. Switching To A Backup System
If information is no longer available and applications are paralyzed, the affected organization must ensure that employees are redirected to another system, for example – and that automatically. So you can continue working seamlessly; ideally, nothing is noticeable from the incision. This process is known as failover. If the failed application is operational again, the service switches back to the initial situation. The primary system is also updated with the workloads that occurred in the secondary system at the time of the failure.
3. Decouple Data
In order to prevent attacks from creating multiple backup copies with encrypted data, the backup information should be decoupled. It is therefore necessary to configure the replication of data logically. After a successful creation of a backup, the backup is logically replicated to the next site, but only the backup. If the primary backup system is attacked and encrypted, the data located on the second or third location is not affected and is still available for restore.
4. Carry Out Test Runs
Last but not least, it should be checked whether the recovery processes that have been set up also work and how quickly. The tests required for this run automatically in the background without affecting the work of the party members. With appropriate solutions, parties have the option of setting up the entire process using drag and drop. An integrated dashboard provides real-time analysis. In this way, information can be called up as to whether the time targets are being met. With just a few mouse clicks, the solution provides reliable information on the duration of a failover or failback. IT managers in political organizations can use the simulation to get an idea of an emergency, which is based on realistic conditions.