I had the opportunity to attend in person and present on the latest in tape technology at the 16th Annual Flash Memory Summit (FMS) held in Santa Clara last week. That’s right, tape technology at a flash conference. My friends from the DNA Data Storage Alliance were there presenting too. So what gives?
As I started to write this blog on recent ransomware observations, an email message popped up on my PC from our IT department advising of additional and more stringent security enhancements taking place almost immediately to toughen my company’s cybersecurity and increase our protection against current and emerging threats. A sign of these cybercrime times, indeed!
Ransomware Trending According to a February 2022 Alert from CISA (Cybersecurity & Infrastructure Security Agency), 2021 trends showed an increasing threat of ransomware to organizations globally with tactics and techniques continuing to evolve in technological sophistication. So-called “big game” organizations like Colonial Pipeline, Kronos, JBS, Kaseya, and SolarWinds made the ransomware headlines over the past year or so. But according to the CISA Alert, by mid-2021, many ransomware threat actors, under pressure from U.S. authorities, turned their attention toward mid-sized victims to reduce the scrutiny and disruption caused by said authorities.
In a recent Enterprise Strategy Group (ESG) study, 64% of respondents said their organization had paid a ransom to regain access to data, applications, or systems. These findings are supported by the latest Threat Landscape report from the European Union Agency for Cybersecurity. It highlighted a 150% rise in ransomware in 2021 compared to 2020. The agency expects that trend to continue, and even accelerate in 2022.
But these numbers hide the stark reality of the ransomware scourge. Gangs like DarkSide, REvil, and BlackMatter are terrorizing organizations with ransomware – and they are getting smarter and more organized. They have moved beyond the basic ploy of infecting files, locking users out of their data, and demanding a fee. They still want money. But they also endanger reputations by exposing attacks, blackmailing companies by threatening to reveal corporate or personal dirty laundry, and selling intellectual property (IP) to competitors.
As a result, cybersecurity spending has become a priority in most organizations. According to ESG, 69% of organizations plan to spend more on cybersecurity in 2022 than in the previous year, while 68% of senior IT decision-makers identify ransomware as one of their organization’s top 5 business priorities. Such is the fear factor that organizations are now treating cybersecurity ahead of other organizational imperatives such as the cloud, artificial intelligence (AI), digital transformation, and application development.
New Federal Mandate and the SEC Takes Action On March 15th, in an effort to thwart cyberattacks from foreign spies and criminal hacking groups, President Biden signed into law a requirement for many critical-infrastructure companies to report to the government when they have been hacked. This way, authorities can better understand the scope of the problem and take appropriate action.
It’s also no wonder that the Security and Exchange Commission (SEC) is taking action. On March 9th, the SEC voted 3 to 1 to propose reporting and disclosures related to cybercrime incidents and preparedness. In a nutshell, the SEC will be asking publicly traded companies:
To disclose material cybersecurity incidents
To disclose its policies and procedures to identify and manage cybersecurity risks
To disclose management’s role and expertise in managing cybersecurity risks
To disclose the board of director’s oversight role
Specifically, the SEC will want to know:
Whether a company undertakes activities to prevent, detect and minimize the effects of cybersecurity incidents
Whether it has business continuity, contingency, and recovery plans in the event of a cybersecurity incident
Whether the entire board, certain board members, or a board committee is responsible for the oversight of cybersecurity risks
Whether and how the board or board committee considers cybersecurity risks as part of its business strategy, risk management, and financial oversight
Holding publicly traded companies and their boards accountable for best practices in combating ransomware is a big step in the right direction and will no doubt free up the required budgets and resources.
Lowering the Fear Factor Cybersecurity is already a top spending priority for 2022 and with SEC regulations looming, will likely continue to be a priority for quite some time. Companies are busy beefing up the tools and resources needed to thwart ransomware. They are buying intrusion response tools and services, extended or managed detection and response suites, security information and event management platforms, antivirus, anti-malware, next-generation firewalls, and more, including cybercrime insurance policies.
What may be missing in the spending frenzy, however, are some fundamental basics that can certainly lower the fear factor. Backup tools are an essential ingredient in being able to swiftly recover from ransomware or other attacks. Similarly, thorough and timely patch management greatly lowers the risk of hackers finding a way into the enterprise via an unpatched vulnerability.
Another smart purchase is software that scans data and backups to ensure that no ransomware or malware is hidden inside. It is not uncommon for a ransomware victim to conduct a restore and find that its backup files have also been corrupted by malware. Cleansing data that is ready to be backed up has become critical. These are some of the fundamental basics that need to be in place in the fight against ransomware. Organizations that neglect them suffer far more from breaches than those that take care of them efficiently.
Adding an Air Gap Another fundamental basic is the elegantly simple air gap. When data is stored in the cloud, on disk, or in a backup appliance, it remains connected to the network. This leaves it vulnerable to unauthorized access and infection from bad actors. An air gap is essentially a physical gap between data and the network. It disconnects backed up or archived data from the Internet.
Such a gap commonly exists by partitioning in, or removing tapes from, an automated tape library and either storing them on a shelf or sending them to a secure external service provider. If that data is properly scanned prior to being backed up or archived to ensure it is free of infection, it offers certainty that a corruption-free copy of data exists. If a ransomware attack occurs, the organization can confidently fall back on a reliable copy of its data – and avoid any ransom demands.
Effectively Combatting Ransomware There is no silver security bullet that will 100% guarantee freedom from ransomware. It is truly a multi-faceted strategy. Implementation of best-of-breed security tools is certainly necessary. But they must be supported by the steadfast application of backup and patching best practices and the addition of a tape-based air gap.
CISA, the FBI, and cybersecurity insurance companies all recommend offline, offsite, air-gapped copies of data. This can be achieved cost-effectively with today’s removable, and highly portable modern tape technology. The boards of publicly traded companies will likely want to do whatever it takes to demonstrate compliance with best practices to meet the SEC requirements. This should include air-gapped tape as part of a prudent and comprehensive strategy. A best practice in these cybercrime times, indeed!
Ransomware statistics can be frightening! Research studies suggest that over two million ransomware incidents occurred in 2019 with 60% of organizations surveyed experiencing a ransomware attack in the past year. To make matters worse, the cybercriminals have moved up the food chain. Two thirds of those attacked said the incident cost them $100,000 to $500,000. Another 20% said the price tag exceeded half a million. Overall, the losses are measured in billions of dollars per year. And it’s getting worse. Enterprise Strategy Group (ESG) reports that about half of all organizations have seen a rise in cyber attacks since the recent upsurge in people working from home.
Understandably, this is a big concern to the FBI. It has issued alerts about the dangers of ransomware. One of its primary recommendations to CEOs is the importance of backup with the following key questions:
“Do you backup all critical information? Are backups stored offline? Have you tested your ability to revert to backups during an incident?”
The key word in that line of questioning is “offline.” Hackers have gotten good at staging their attacks slowly over time. They infiltrate a system, quietly ensuring that backups are infected as well as operational systems. When ready, they encrypt the files and announce to the company that they are locked out of their files until the ransom is paid. Any attempt to recover data from disk or the cloud fails as the backup files are infected, too.
The answer is to make tape part of the 3-2-1 system: Three separate copies of data, stored on at least two different storage media with one copy off-site. This might mean, for example, one copy retained on onsite disk, another in the cloud, and one on tape; or one on onsite disk, one on onsite tape as well as tape copies stored offsite.
In this video Brendan Sullivan, Fred Moore and Chris Dale discuss the IT environments that have existed over the past 30 years that have resulted in the mountains of unstructured data being backed up or archived on a plethora of different tape and data formats, and the reasons why the vaulting strategies created at the time do not serve the legacy data issues of today.
For over five decades, CERN has used tape for its archival storage. In this Fujifilm Summit video, Vladimir Bahyl of CERN explains how they increased the capacity of their tape archive by reformatting certain types of tape cartridges at a higher density.
By Ken Kajikawa,
OEM Technical Support Manager
FUJIFILM Recording Media U.S.A., Inc.
Did you know 96,000 petabytes (PB) of total compressed tape capacity shipped in 2016? To put that into perspective, that’s over 326,000 years of 24/7 Full HD video! But why do so many companies depend on tape if primary backup can be faster to disk or cheaper in the short-term to the cloud?
For starters, mid-size and enterprise companies produce reams of digital data that they must retain for long periods of time and tape provides more reliability than disk—at a significantly lower total cost of ownership. For most companies, data is their most prized possession, and LTO tape provides reliable, offline protection against on-line data corruption. For mid-sized to enterprise companies, by diversifying their storage practice, they can depend on their data from tape always being there when they need it.
Don’t listen to the hype from fancy providers; LTO tape is actually the most reliable solution available, with bit error rates that best those of disk. The bit error rate (BER) predicts the percentage of faulty bits per total number of written bits. Tape’s reliability is an impressive 100 times more reliable than Flash SSD, 1,000 times more reliable than Fibre Channel & SAS HDD, and an outstanding 10,000 more reliable than enterprise SATA disks (Source: Supplier Data, Horison, Inc.).
Our friends at LTO.org helped put this into perspective: for LTO-7 tape, that would be 1 error event in every 200,000 LTO-7 cartridges (1.25 exabytes) compared to 1 error event in every 20 enterprises 6 TB SATA disks (125 TB). Clearly, LTO Ultrium tape is designed to deliver outstanding reliability.
Additionally, an ESG audit found that the new Error Detection/Correction Code in LTO-7 Ultrium tape technology was so advanced that customers would be more likely to be struck by lightning or killed by a shark than hit an uncorrectable error when saving data to tape. Below are some fun probabilities:
Getting hit by lightning; the odds are one in a million.
Getting killed by a shark; the odds are one in 11.5 million.
Winning a multi-million dollar lottery; the odds are 1 in 259 million.
Getting an uncorrectable error using LTO-7 media; the odds are one in 10 quintillion
Not only is LTO tape reliable, but it is also durable enough to withstand the test of time. LTO Tape provides users with a shelf-life of over 30 years—unlike disk that has a shelf-life of 3-5 years. Additionally, advancements in technologies like Barium Ferrite ensure longer archival life with no loss of magnetic signal.
We all know data volumes are growing explosively while IT budgets are remaining stagnant; the most effective solution to this problem is a low-cost, highly reliable and high capacity tape storage system. There is no doubt some of your backup/achieved data will need to reside on disk, but with astounding reliability and its cost advantaged most of your backup/archive data should reside on tape.
Usage of Cookies