July 4, 2017 / Christian Riege / Editorial
They are called Golden Eye, WannaCry or Petya, the malware (also known as ransomware) that terrifies individuals and companies around the world like a recurring nightmare. Currently, a modified Petya trojan has struck, hitting two of our customers, but not us. Naturally, this raises the question: How secure is my data at Riege?
First and foremost: Your data is safe. Now let's get into details.
These viruses solely attack Windows based systems, particularly if they have not been recently updated. This is because they exploit a security hole which Microsoft advises it has now patched but experts still warn against possible risks.
Scope environments are not affected because they run on Linux rather than Windows but regardless of this fact, we diligently apply all security patches supplied by our vendor.
But that's not all. While Scope is designed to avoid unauthorized entry of data, its environments are secured in multiple ways.
Traffic that takes place within our internal network is encrypted where necessary. In addition, even authorized user access to database servers is only enabled in READ mode. Changes can only be made by Scope itself or by our administrators, thus conforming to the four-eyes-principle.
In the most unlikely case that a so far unknown virus should find its way into our systems via an also unknown backdoor, our systems are constantly generating backups, building a wall and preventing malware penetration. Furthermore, backup data can only be retrieved in a PULL mode and backups are incrementally stored on external media, this means there is no way to maliciously encrypt this data via outside intrusion.
A final thought, what can our customers do to defend against attacks on their systems? First, they should make sure the latest official release of Java is installed and their Operating System (namely Windows) has the very latest updates issued by Microsoft. These security patches should also of course be applied to any internal security systems.
In the end, nothing is 100%. But we are close to it and if customers do their part, together we're even closer. We call it “Almost 100%”. Let's carry on.