CDSA

Ransomware is inevitable and expensive.

But Wasabi and Object First have combined forces to offer a significantly secure and affordable hybrid, immutable backup solution that provides the performance, security and economics necessary to combat the ongoing ransomware threat, Drew Schlussel, senior director of product marketing at Wasabi, said Aug. 8, during the webinar “Immutable Backups Stop Ransomware in its Tracks with Wasabi and Object First.”

Ensuring an organization’s data is protected and can be recovered when it gets hit with a ransomware attack is paramount to a quick recovery, according to the companies.

Wasabi and Object First offer what they say is the most secure and cost-effective hybrid storage architecture for Veeam Backup & Replication users. Working together, Wasabi and Object First fulfill Veeam’s 3-2-1-1-0 backup guidance with economical cloud object storage and fast on-premises storage, according to the companies.

During the webinar, Schlussel and Anthony Cusimano, director of tech marketing at Object First, explained: why you need ransomware attack resiliency, why the 3-2-1 guideline of data protection is the gold standard for risk mitigation, and how Wasabi and Object First combine to provide the ultimate solution for getting your data back online after a ransomware attack.

“We know that this topic is an oldie but a goodie,” Schlussel said at the start of the webinar. “But we can’t stop talking about it. And not because we love it so much but because it remains relevant.”

Ransomware attack resiliency is “the word” for 2023, he noted, pointing out resiliency is the word that the Cybersecurity and Infrastructure Security Agency (CISA) has adopted, and it “means that you have systems that can sustain prolonged attack.”

Offering another take on resiliency, Cusimano told viewers: “If courage is having done the thing before, resiliency is being ready to do the thing again. And I think that’s a big one that people miss.” People will all too often say: “We survived one attack. We’re good. We’re good forevermore. [But] resiliency is the perpetual cycle of remaining resilient against all things.”

The Bad News

Cusimano added: “As a Floridian, I deal with hurricanes all the time, and we’ve learned this lesson the hard way. Hurricane resiliency truly means every year you prepare: You’re ready to go. You have good, fresh water, and you understand that whether it happens or not, you are prepared for the situation.”

Agreeing, Schlussel noted that he lives in Colorado, telling viewers: “I live in fire country. And we understand that we have to constantly be mitigating our risk for fire as well as I have a go bag. I’m ready to leave my house within 15 minutes if I get an emergency message.”

Cusimano then shared what he called a “really scary story,” asking Schlussel if he had yet heard of an “acoustic-based attack,” in which hackers can pick up the keystrokes that somebody is making to steal their data. “There was an article I read … yesterday [saying] they can literally predict with 90 percent accuracy by listening through your webcam, your microphone, whatever they can get auditory access to…. They can figure out your passwords. They can figure out text-based conversations. And they can use predictive” artificial intelligence (AI) to “fill in the blanks,” said Cusimano.

That method can prove to be especially harmful if a healthcare institution can be compromised, Cusimano noted. “It’s horrifying. It gives me nightmares and it keeps me up at night.” But he added: “This is the future that we live in now.”

We have already seen that the attackers are “constantly getting smarter; they’re reinventing the way that they attack [and are] always looking for that weak link” in an organization’s ecosystem, Cusimano warned, predicting ransomware attacks will only get worse over the next few years.

The Good News … And More Bad News

However, Schlussel said: “The good news is, because we keep this conversation at the forefront, folks are listening. Folks are implementing object immutability out of the box, immutability in the cloud. They are protecting their data in ways that make it possible for them to say: ‘No, I don’t need to pay your ransom. Yeah, you might have compromised my primary storage, but I’ve got a robust backup scheme and I’ve got immutability at one or more levels. So, yeah, I’m going to lose maybe an hour or maybe a day’s worth of work and that’s going to hurt but it’s not going to hurt as much as having to pay you for a key to decrypt my data that may or may not work. And then you’re just going to come back and do it again.’”

Despite the good news about people being “more proactive in protecting their data,” Schlussel pointed out: “The bad news is, because less people are paying ransom, those people who are being affected are being told, ‘You have to pay more. I have to pay my rent as a hacker.’ Or ‘I’m working for a syndicate … and I have a quota to make. So, you’re the one account that I successfully compromised this week. You’re going to have to pay three times as much to get your data back.’”

The conversation shifted to cyber insurance. “Maybe it’s my youth but I’ve always thought insurance was just a really good excuse to take money from people and then make it really hard to get it back when they need it,” said Cusimano.

But he explained: “These cyber insurance agencies, the more you read up on them, the more you start to realize these guys are legit. So, the underwriters and the people they employ to actually go off and do the investigation and evaluation of whether or not you can even be insured. They’re thorough because they know all those weak links that we were talking about earlier [so] they see all of their clients.”

A type of cyber-attack “happens one time and then suddenly it’s added to the underwriter’s job [and they] look for this forever more,” Cusimano noted. “So, they’re constantly evaluating their policies. They’re constantly looking back into their existing clients and saying, ‘Hey, are you doing this, that and the other? Are you immutable? Are you multi-factor?”

The result is that it has become “hard to actually procure as a business, whether you’re the biggest of the big or the smallest of the small,” Cusimano said. “They’re looking for reasons to basically not underwrite you. They want safe bets and complexity is always the enemy of progress. It’s also the friend of the attacker because every little bit of complexity adds those weak links and it just increases the attack surface for these bad guys to get in. So, these guys have become very good at their job and, unfortunately for everyone, ourselves included, it’s just become harder to get, and it’s something that everyone needs these days, especially if you’re in a business.”

Adding to the problem is the rise of nation state attackers, according to Cusimano.

“The nation state is the twist these days,” said Schlussel, who pointed to articles reporting that underwriters were telling clients that, if they’re attacked by a nation state, they’re not going to be covered.

Schlussel went on to stress the importance of “doing consistent backups of all critical systems, of all network operations, all databases.”

And there should be “three copies of your data,” he said, explaining the primary data set is the first backup. Then there should be a second backup and a third one “either driven off that primary data set or a copy of that first backup.”

Using the Wasabi/Object First solution, one copy of the data would be on-prem with Object First and another would be stored in the cloud with Wasabi, both providing immutability, Schlussel said.

Cusimano added that the first copy of the data must be accessible, recent and enable recovery at just a moments’ notice. That, he said, is “because you’re not always going to be able to get everything back” on the first attempt. After all, for one thing, there is the “malicious entity that is residing for six months in your little infrastructure [that] starts to take over; it does change things, so you’re going to have to go back in time.”

Immutability, however, offers organizations a solution to such issues because it prevents changes to data, according to Cusimano. “It’s truly the only way that we know of right now to ensure that data does not change…. Knowing that how these attackers work, knowing that they look to encrypt, lockdown and make unusable, immutability is truly like the only salve for this wound [because] it preserves the data exactly as it is,” he explained.