Failing Securely.
The Australian is reporting a clever fraud scam where the criminals arrive after hours and cut the phone lines to stores before turning up during business hours and purchasing expensive items with stolen credit cards. With the phone lines down, the merchants have the choice of turning away the sale or manually processing the card and therefore doing without the normal credit card verification. A difficult choice, especially in the current tough economic times.
What this scam highlights for the security conscious is not so much the lack of physical security around the phone lines (although that is a concern, it is not under the control of the merchants) but the fact that the backup system (manual processing) lacks the verification of the primary system.
Businesses can suffer the same problem, where security is relaxed in a Disaster Recovery environment or is viewed as a secondary concern to restoring business processes. It may be that systems and applications at a DR site are patched less frequently or software is not kept at the current version as backup sites can be 'out of sight, out of mind'.
It should be kept in mind that when designing a Business Continuity Plan that should the business have the need to fail over to backup systems or a DR site that it can do so not only quickly but also without compromising the normal level of security.
After all if you are already suffering from an event that requires the use of a DR site (like a fire or flood), the last thing you need is a massive virus outbreak on your DR network or your backup web servers hacked....
0 Response to "Failing Securely."
Post a Comment