Blog

As I started to write this blog on recent ransomware observations, an email message popped up on my PC from our IT department advising of additional and more stringent security enhancements taking place almost immediately to toughen my company’s cybersecurity and increase our protection against current and emerging threats. A sign of these cybercrime times, indeed!

Ransomware Trending
According to a February 2022 Alert from CISA (Cybersecurity & Infrastructure Security Agency), 2021 trends showed an increasing threat of ransomware to organizations globally with tactics and techniques continuing to evolve in technological sophistication. So-called “big game” organizations like Colonial Pipeline, Kronos, JBS, Kaseya, and SolarWinds made the ransomware headlines over the past year or so. But according to the CISA Alert, by mid-2021, many ransomware threat actors, under pressure from U.S. authorities, turned their attention toward mid-sized victims to reduce the scrutiny and disruption caused by said authorities.

In a recent Enterprise Strategy Group (ESG) study, 64% of respondents said their organization had paid a ransom to regain access to data, applications, or systems. These findings are supported by the latest Threat Landscape report from the European Union Agency for Cybersecurity. It highlighted a 150% rise in ransomware in 2021 compared to 2020. The agency expects that trend to continue, and even accelerate in 2022.

But these numbers hide the stark reality of the ransomware scourge. Gangs like DarkSide, REvil, and BlackMatter are terrorizing organizations with ransomware – and they are getting smarter and more organized. They have moved beyond the basic ploy of infecting files, locking users out of their data, and demanding a fee. They still want money. But they also endanger reputations by exposing attacks, blackmailing companies by threatening to reveal corporate or personal dirty laundry, and selling intellectual property (IP) to competitors.

As a result, cybersecurity spending has become a priority in most organizations. According to ESG, 69% of organizations plan to spend more on cybersecurity in 2022 than in the previous year, while 68% of senior IT decision-makers identify ransomware as one of their organization’s top 5 business priorities.  Such is the fear factor that organizations are now treating cybersecurity ahead of other organizational imperatives such as the cloud, artificial intelligence (AI), digital transformation, and application development.

New Federal Mandate and the SEC Takes Action
On March 15th, in an effort to thwart cyberattacks from foreign spies and criminal hacking groups, President Biden signed into law a requirement for many critical-infrastructure companies to report to the government when they have been hacked. This way, authorities can better understand the scope of the problem and take appropriate action.

It’s also no wonder that the Security and Exchange Commission (SEC) is taking action. On March 9^th, the SEC voted 3 to 1 to propose reporting and disclosures related to cybercrime incidents and preparedness. In a nutshell, the SEC will be asking publicly traded companies:

• To disclose material cybersecurity incidents
• To disclose its policies and procedures to identify and manage cybersecurity risks
• To disclose management’s role and expertise in managing cybersecurity risks
• To disclose the board of director’s oversight role

Specifically, the SEC will want to know:

• Whether a company undertakes activities to prevent, detect and minimize the effects of cybersecurity incidents
• Whether it has business continuity, contingency, and recovery plans in the event of a cybersecurity incident
• Whether the entire board, certain board members, or a board committee is responsible for the oversight of cybersecurity risks
• Whether and how the board or board committee considers cybersecurity risks as part of its business strategy, risk management, and financial oversight

Holding publicly traded companies and their boards accountable for best practices in combating ransomware is a big step in the right direction and will no doubt free up the required budgets and resources.

Lowering the Fear Factor
Cybersecurity is already a top spending priority for 2022 and with SEC regulations looming, will likely continue to be a priority for quite some time. Companies are busy beefing up the tools and resources needed to thwart ransomware. They are buying intrusion response tools and services, extended or managed detection and response suites, security information and event management platforms, antivirus, anti-malware, next-generation firewalls, and more, including cybercrime insurance policies.

What may be missing in the spending frenzy, however, are some fundamental basics that can certainly lower the fear factor. Backup tools are an essential ingredient in being able to swiftly recover from ransomware or other attacks. Similarly, thorough and timely patch management greatly lowers the risk of hackers finding a way into the enterprise via an unpatched vulnerability.

Another smart purchase is software that scans data and backups to ensure that no ransomware or malware is hidden inside. It is not uncommon for a ransomware victim to conduct a restore and find that its backup files have also been corrupted by malware. Cleansing data that is ready to be backed up has become critical. These are some of the fundamental basics that need to be in place in the fight against ransomware. Organizations that neglect them suffer far more from breaches than those that take care of them efficiently.

Adding an Air Gap
Another fundamental basic is the elegantly simple air gap. When data is stored in the cloud, on disk, or in a backup appliance, it remains connected to the network. This leaves it vulnerable to unauthorized access and infection from bad actors. An air gap is essentially a physical gap between data and the network. It disconnects backed up or archived data from the Internet.

Such a gap commonly exists by partitioning in, or removing tapes from, an automated tape library and either storing them on a shelf or sending them to a secure external service provider. If that data is properly scanned prior to being backed up or archived to ensure it is free of infection, it offers certainty that a corruption-free copy of data exists. If a ransomware attack occurs, the organization can confidently fall back on a reliable copy of its data – and avoid any ransom demands.

Effectively Combatting Ransomware
There is no silver security bullet that will 100% guarantee freedom from ransomware. It is truly a multi-faceted strategy. Implementation of best-of-breed security tools is certainly necessary. But they must be supported by the steadfast application of backup and patching best practices and the addition of a tape-based air gap.

CISA, the FBI, and cybersecurity insurance companies all recommend offline, offsite, air-gapped copies of data. This can be achieved cost-effectively with today’s removable, and highly portable modern tape technology. The boards of publicly traded companies will likely want to do whatever it takes to demonstrate compliance with best practices to meet the SEC requirements. This should include air-gapped tape as part of a prudent and comprehensive strategy. A best practice in these cybercrime times, indeed!

Ransomware attacks used to be relatively simple, if unpleasant, affairs. A device would be compromised, the user locked out, and a ransom notice would appear: Pay up if you want to access those files again. On an organizational level, hackers would sometimes gain enough presence in the network to be able to lock IT and users out of their systems. Many of these attacks would go largely unnoticed, even unreported with minimal impact to anyone except the victim organization.

But the Colonial Pipeline hack added a more sinister element – shutting down the pipeline backbone that provides 45% of the gasoline consumed by most of the U.S. eastern seaboard. Gas prices spiked as supplies began to run out. Lines appeared as panic set in at the pumps. The pipeline operator acted quickly and made a ransom payment of $4.4 million dollars in bitcoin to the cybercriminals behind the breach. In return, they provided Colonial with a decryption tool to regain access to their systems. Not surprisingly, the decryption tool turned out to be less than effective, forcing Colonial to restore from existing backups anyway.

But the success of the attack and money paid over is likely to embolden hackers to go after even more lucrative infrastructure targets. That’s why the FBI strongly advises organizations not to pay a ransom. It’s not unlike the policy of refusing to negotiate with terrorists. Paying the ransom not only emboldens the criminals, it does not guarantee complete recovery or prevent repeated ransomware attacks. The more you give in to their demands, the more likely they are to try again.

But Colonial Pipeline paid after careful consideration of what was best for all those that depend on its infrastructure. Some are now wondering if the FBI will carry out its threat to fine Colonial and those who do decide to pay out a ransom. This remains to be seen. Yet, in the high-stakes game of oil and gas, any fine is likely to be no more than a minor inconvenience compared to the potential revenue and profits at risk – perhaps one of the motivations behind the company paying fairly soon after the attack.

Brazen Attacks on the Rise

Expect, then, even more brazen and perhaps costly attacks on U.S. infrastructure, government, industry, and essential services. Remember the SolarWinds saga from earlier in the year? The vulnerabilities of the U.S. Government and its software contractors exposed in this case prompted the White House executive order on “Improving the Nation’s Cybersecurity” issued on May 12^th.  The fall-out from the Colonial Pipeline attack will likely lead to stiffer regulations imposed on pipeline operators and other critical infrastructure players. The broader market needs to pay attention, too, as the frequency of ransomware continues to rise:

• Department of Homeland Security figures show a 300% increase in ransomware in 2020 compared to the previous year.
• Small business targets paid out $350 million in ransoms last year.
• Attacks on schools, local government systems, and healthcare providers have risen sharply.
• And the volume of ransomware victims is expected to rise sharply this year.

Most organizations are understandably far more focused on their primary mission than on instituting cybersecurity measures. This often makes them easy targets. All it takes is one slip by IT or one gullible user and the bad guys can move in and do their damage. Increasingly, that damage involves ransomware.

Read more

By Chris Kehoe, Head of Infrastructure Engineering, FUJIFILM Recording Media U.S.A., Inc.

Object storage has many benefits. Near infinite capacity combined with good metadata capabilities and low cost have propelled it beyond its initial use cases of archiving and backup. More recently, it is being deployed as an aid to compute processing at the edge, in analytics, machine learning, disaster recovery, and regulatory compliance. However, one recent paper perhaps got a little over-enthusiastic in claiming that disk-based object storage provided an adequate safeguard against the threat of ransomware.

The basic idea proposed is that ransomware protection is achieved by having multiple copies of object data protecting against that kind of intrusion. If the object store suffers ransomware incursion, the backup is there for recovery purposes. The flaw in this logic, however, is that any technology that is online cannot be considered to be immune to ransomware. Unless it is the work of an insider, any attempt at hacking must enter via online resources. Any digital file or asset that is online – whether it stored in a NAS filer, a SAN array, or on object storage – is open to attack.

Keeping multiple copies of object storage is certainly a wise strategy and does offer a certain level of protection. But if those objects are online on disk, a persistent connection exists that can be compromised. Even in cases where spin-down disk is deployed, there still remains an automated electronic connection. As soon as a data request is made, therefore, the data is online and potentially exposed to the nefarious actions of cybercriminals.

Read more

In case you were not aware of it, March 31^st is World Backup Day. To be sure, a quick visit to the official website confirms that this day is just a reminder for consumers to backup their PCs and cell phones. According to the website, only 25% of consumers are protecting their precious memories. Surely the helpful recommendations for routine backup doesn’t apply to the storage professionals that keep our enterprise data safe and our websites up and running.  Or does it?

When Disaster Strikes a Data Center

On Wednesday, March 10^th, 2021, a fire broke out at the OVHCloud data center in Strasbourg, France. The fire quickly spread out of control and completely destroyed compute, network and storage infrastructure. According to some accounts, as many as 3.6 million websites including government agencies, financial institutions and gaming sites went dark. Others complained that years’ worth of data was permanently lost.

We know that the statistics regarding cost of downtime and the number of companies that don’t ever recover from catastrophic data loss are alarming. The often-cited University of Texas study shows that 94% of companies do not survive, 43% never reopen and 51% close within two years. That’s why the cardinal sin in data protection is not being able to recover data.

OVH reminds us that, however unlikely, data center disasters like an all-consuming fire can still happen. Although these days a more sinister threat continues to loom and tends to grab the headlines and our attention, namely: ransomware.

Read more

The changing landscape of the data protection industry has evolved from primarily backing up data in order to recover from hardware, software, network failures and human errors, to fighting a mounting wave of cybercrime. Over the years, hardware and software have significantly improved their reliability and resiliency levels but security is a people problem, and people are committing the cybercrimes.

Cybercrime has now become the biggest threat to data protection and the stakes are getting higher as anonymous individuals seek to profit from other’s valuable digital data. With a cease-fire in the cybercrime war highly unlikely, we are witnessing a rapid convergence of data protection and cybersecurity to counter rapidly growing and costly cybercrime threats, including ransomware. The growing cybercrime wave has positioned air-gapped storage solutions as a key component of digital data protection – they simply can’t be hacked.

Traditional backup and archival data can be stored locally or in cloud environments. In contrast, a cyber-resilient copy of data must meet additional more stringent requirements. This is where “air gapping” and tape technology are gaining momentum. The rise of cybercrime officially makes the offline copy of data stored on tape more valuable and takes advantage of what is referred to as the tape air gap. The tape air gap is an electronically disconnected or isolated copy of data in a robotic library or tape rack that prevents cybercriminals from attacking a backup, archive or any other data.

Tape cartridges in a robotic tape library or manually accessed tape cartridges in tape racks, are currently the only data center class air-gapped storage solution available.

For more information, check out this Horison Information Strategies White Paper “The Tape Air Gap: Protecting Your Data From Cybercrime.”

The past decade saw the renaissance of data tape technology with dramatic improvements to capacity, reliability, performance, and TCO giving rise to new industry adoptions and functionality. This trend will only continue in 2021 as data storage and archival needs in the post-COVID digital economy demand exactly what tape has to offer. Below are 5 key contributions tape will make to the storage industry in 2021.

Containing the Growing Cost of Storage
One lingering effect of the pandemic will be the need for more cost containment in already budget-strapped IT operations. We are well into the “zettabyte age,” and storing more data with tighter budgets will be more important than ever. Businesses will need to take an intelligent and data-centric approach to storage to make sure the right data is in the right place at the right time. This will mean storage optimization and tiering where high capacity, low-cost tape plays a critical role — especially in active archive environments.

A Best Practice in Fighting Ransomware
One of many negative side effects of COVID-19 has been the increasing activity of ransomware attacks, not only in the healthcare industry which is most vulnerable at this time, but across many industries, everywhere.  Backup and DR vendors are no doubt adding sophisticated new anti-ransomware features to their software that can help mitigate the impact and expedite recovery. But as a last line of defense, removable tape media will increasingly provide air-gap protection in 2021, just in case the bad actors are one step ahead of the good guys.

Compatibility with Object Storage
Object storage is rapidly growing thanks to its S3 compatibility, scalability, relatively low cost and ease of search and access. But even object storage content eventually goes cold, so why keep that content on more expensive, energy-intensive HDD systems? This is where tape will play an increasing role in 2021, freeing up capacity on object storage systems by moving that content to a less expensive tape tier all while maintaining the native object format on tape.

Read more

Modern tape storage has long been recognized for its low cost. Several analyst white papers have been published that demonstrate the low cost of storing data on tape. For example, “Quantifying the Economic Benefits of LTO-8 Technology” is a white paper that can be found on the LTO.org website. However, occasionally a storage solution provider publishes a white paper that claims to show that their solution is less expensive than tape storage for a particular use case. A good example is a recent white paper published by a disk-based backup-as-a-service provider who will remain unidentified out of respect for what they do. For the purpose of this blog, let’s call them “BaaS.” So let’s dig into their analysis which makes several assumptions that result in higher costs for tape storage than most users would experience.

Total Cost of Ownership (TCO) Process

The first step in developing a Total Cost of Ownership (TCO) estimate is the determination of the amount of data to be stored. The BaaS whitepaper separates the amount of primary data, which we wish to protect, from backup data, which is the data physically stored on the backup media. They estimate the amount of backup data residing in the tape library to be two to four times the primary data. This is due to their use of the old daily/ weekly/monthly/ full backup methodology for estimating the amount of backup data. The result is that two to four times the amount of primary data ends up being stored on tape, raising the tape hardware and media costs by two to four times.

Read more

You would think, by now, that backup best practices would have moved into the same category as filling up the tank before a long drive or looking each way before crossing the street. But a new study indicates that most organizations continue to get it fundamentally wrong. How? By continuing to backup long-inactive data that should have been archived instead of remaining in the backup schedule.

The 2020 Active Archive Alliance survey found that 66% of respondents were still using backup systems to store archive data. What’s wrong with that?

• It greatly lengthens backup windows: Repeatedly backing up unchanging archive data wastes storage resources and adds time to the backup process
• As data sets grow, a failure to distinguish between backup and archiving becomes increasingly expensive in terms of disk space
• Even those offloading backups to cheap cloud resources are still running up a large bill over time by unnecessarily backing up cold data
• Archiving, on the other hand, frees up expensive capacity by moving less frequently used data to more cost-effective storage locations.

Clearing Up Backup Confusions

One of the underlying reasons for this is a confusion between backup and archiving. Backup provides a copy of organizational data for use in recovery from a data loss incident, cyberattack or disaster. These days, it is generally copied onto disk or tape and either retained there or relayed to the cloud. A key point is that backup only copies data, leaving the source data in place. It is also used to restore lost or deleted files rapidly.

Archiving is a different concept entirely. Rather than copying data, it moves data classed as inactive to a more cost-effective tier of storage such as economy disk or tape. This frees up space on higher-tier storage systems such as fast disk or flash. In addition, it shortens the backup window and offers permanent and long-term protection from modification or deletion of data.

Read more

Ransomware statistics can be frightening! Research studies suggest that over two million ransomware incidents occurred in 2019 with 60% of organizations surveyed experiencing a ransomware attack in the past year. To make matters worse, the cybercriminals have moved up the food chain. Two thirds of those attacked said the incident cost them $100,000 to $500,000. Another 20% said the price tag exceeded half a million. Overall, the losses are measured in billions of dollars per year. And it’s getting worse. Enterprise Strategy Group (ESG) reports that about half of all organizations have seen a rise in cyber attacks since the recent upsurge in people working from home.

Understandably, this is a big concern to the FBI. It has issued alerts about the dangers of ransomware. One of its primary recommendations to CEOs is the importance of backup with the following key questions:

“Do you backup all critical information? Are backups stored offline? Have you tested your ability to revert to backups during an incident?”

The key word in that line of questioning is “offline.” Hackers have gotten good at staging their attacks slowly over time. They infiltrate a system, quietly ensuring that backups are infected as well as operational systems. When ready, they encrypt the files and announce to the company that they are locked out of their files until the ransom is paid. Any attempt to recover data from disk or the cloud fails as the backup files are infected, too.

The answer is to make tape part of the 3-2-1 system: Three separate copies of data, stored on at least two different storage media with one copy off-site. This might mean, for example, one copy retained on onsite disk, another in the cloud, and one on tape; or one on onsite disk, one on onsite tape as well as tape copies stored offsite.

Read more

Part 1: What Are Hyperscale Data Centers?

Hyperscale data centers have spread across the globe to meet unprecedented data storage requirements. In this three-part blog series, we take a look at how the industry is preparing for the next wave of hyperscale storage challenges.

The term “hyper” means extreme or excess. While there isn’t a single, comprehensive definition for HSDCs, they are significantly larger facilities than a typical enterprise data center. The Synergy Research Group Report indicated there were 390 hyperscale data centersworldwideattheendof2017. An overwhelming majority of those facilities, 44%are in the US with China being a distant second with 8%. Currently the world’s largest data center facility has 1.1 million square feet. To put this into perspective the standard size for a professional soccer field is 60,000 square feet, the equivalent to about 18.3 soccer fields. Imagine needing binoculars to look out over an endless array of computer equipment in a single facility. Imagine paying the energy bill!

Hyperscale refers to a computer architecture that massively scales compute power, memory, a high-speed networking infrastructure, and storage resources typically serving millions of users with relatively few applications. While most enterprises can rely on out-of- the-box infrastructures from vendors, hyperscale companies must personalize nearly every aspect of their environment. A HSDC architecture is typically made up of tens of thousands of small, inexpensive, commodity component servers or nodes, providing massive compute, storage and networking capabilities. HSDCs are implementing Artificial Intelligence (AI), and Machine Learning (ML) to help manage the load and are exploiting the storage hierarchy including heavy tape usage for backup, archive, active archive and disaster recovery applications.

In Part 2 of this series, we’ll take a look at the characteristics of the hyperscale data center. For more information on this topic, download our white paper: The Ascent to Hyperscale.