Author: Alistair Mackenzie

Over the last 18 months, a lot has been going on at IBM.

It has purchased Red Hat, plans to spin out its managed services business and promoted new leadership. A generational shift is underway to position itself as the leader in open hybrid cloud.

Are these decisions too bold or are they too little too late? Sit back and listen, then let us know what YOU think.

Al and Rick begin by discussing IBM’s decision to essentially split the business in two, with its Global Technology Services arm due to be spun out in 2021, this is then followed by their thoughts on the acquisition of Red Hat as the engine to return the business to revenue growth. Finally, what does this mean for IBM’s overall culture and the technology platform it is building?

We’ve already looked at recovering your data post-ransomware attack; plan, plan, plan and plan again. In this blog, we’ll explore five ways we can plan for and better protect against ransomware attacks. By planning and protecting, we can ensure that we lose the least amount of valuable data possible, without breaking the bank.

1. Understand the nature of ransomware

The chief problem with ransomware is that it is ever-evolving. This means that processes and systems need to be continuously reviewed and updated. However, as with most things like this, it can lead to perplexing problems that can make IT Teams feel they never get to place ransomware in the ‘Job Done Pile’. The temptation to stall can creep in, meaning there are holes in the system that can be exploited.

You can find out more about what ransomware is in this article from Expert Insights.

The nature of ransomware simply isn’t consistent, and so when businesses realise this, they can better understand the need for software and systems that can resist attacks and if attacked, better recover from them.

2. Invest in trustworthy and knowledgeable solutions early on

Because many businesses find these processes so difficult to navigate and their IT teams struggle to maintain effective management of these complex processes, it can be tempting for them to put the investment of software on the backburner. More so, the complex nature of ransomware means that when businesses do choose to invest in protection and reach out for help, they’re unsure if they are getting genuine, authentic advice or if they’re just being spun a clever sales play.

The best way around this is to seek out trusted advisors that are willing to not only help you with their service but will gladly share free knowledge with their customers in the form of excellent customer service. By sharing their first-hand experience, they can demystify the volume of information out there and tailor a solution to your unique business needs. Above all else, failing to invest in quality backup and recovery solutions early on, can – and probably will – end in botched disaster recoveries and a lot of wasted cash.

3. Utilise your resources

Irrespective of investing, there are also things you can do that cost nothing or very little that will help you in terms of shielding your backup systems. Without doing these things, your only option is to hope that your underfunded and under-loved backup setup will, by some miracle, come to life before you’re forced to pay the ransom. If, however, you hope that ransomware won’t target your backup setup; we’re here to break the bad news to you. It definitely will. So, here are a few things you can do to shield your backup set up as it stands*:

• Use two different operating systems. Put the primary backup system on Windows and then copy the system on Linux (we’ll use Linux as an example here, but you can include AIX or any other). In simple terms: can the Ransomware attack navigate a Windows structure, it most certainly can. Can it navigate Linux as easily? Not necessarily.
• If you have more than one domain, place the production backup system on a different domain to the Copy system. The strategy here is to put as many obstacles in the path of the attack.
• Spread your data across different storage types. For example, Block is great for a primary source and S3 is good for a copy.

4. Making the most of IBM Storage Protect

By being an IBM Spectrum user, you’ve already invested in the right software, so make sure that you’re on the latest version. The latest versions of IBM Storage Protect work to make predictions on potential incoming attacks, making the update an invaluable asset to businesses. By pre-empting attacks, data loss is significantly reduced in the instance of an attack and can sometimes prevent a full-blown attack altogether. It’s always important to get the most out of the data protection software that you’re paying for. You can read more about making data backup and recovery technology sustainable for your business here.

On top of this feature, Storage Protect has within it a DRM File. In a nutshell, the system creates a backup file daily. You can then store this outside of your domain by email or any other method of your choice. Outside your domain is somewhere safe and secure! It’s a small task to undertake, but it holds the keys to unlock and recover your business quickly in the face of a disaster. Plus, there are no costs involved in emailing a copy of this to a safe location.

5. Stay alert and act quickly 

Our fifth and final piece of advice is to stay alert and act quickly. Don’t allow Ransomware to lie dormant so it can gain a stronghold on your data. By keeping a keen eye on things like the slowing of systems, inaccessible or corrupt files and CPU spikes, you may not be able to halt an infection entirely, but you will be able to align your damage control better by ensuring your backup is taken offline and stored safely before being infected. Always have a ‘Code Red’ plan in place. Who monitors these things? Who raises the alarm? Who acts on them quickly?

These five things will help you minimize and lessen the severity of ransomware attacks, but it pays to mind that they are limiting the cause, not preventing the effect. Always test your data recovery processes and ensure that you have invested in secure and, preferably, automated processes. The aim is to have maximum confidence that your data backup and recovery process will be quick, efficient and controllable.

*This is based on having a setup which has both a primary version and a copy version of the backup.  

Ahh, Black Friday. It’s a plentiful day (now stretching to a full week), brimming with shiny bargains and special offers.

Every year, Black Friday comes and goes almost as suddenly as it appears. Like a thief in the night, it burns holes in our pockets and puts retailers and organisations back in the black. This year more than ever, Black Friday will play a fundamental role in aiding many businesses recovering from the adverse effects of COVID-19.

However, despite its merits, sorry looking bank accounts and bargains are not the only thing that Black Friday opens us up to. It also opens up organisations to data breaches. Take Amazon, for example. The Amazon sale for Black Friday 2018 saw a significant data breach. The details of thousands of customers were leaked just hours before the event took place. The leak was put down to an ‘inadvertent technical error’, suggesting it was Amazon’s IT team that took the hit for the breach.

Prophets or Profits?

So why do events like Black Friday leave our businesses more susceptible to cyber-attacks, hackers and data leaks like this one?

In the bustle of Black Friday, organisations big and small are often scrambling to ensure their servers can manage the onslaught of site traffic. They’re trying out new applications, forming new programmes, transferring ecommerce to the cloud; the list is endless. Actions like this, although well intended, can often leave minor – and sometimes major – gaps for data breaches.

For instance, a simple human error could be made in the rush to prepare things. It could cause the malfunctioning of a programme required to process customer data; ultimately leaving the data vulnerable, out-in-the-cold and easy for cyber criminals to gain access to.

On the other end of the spectrum, cyber criminals may directly attack less secure sites in the knowledge that Black Friday brings an abundance of opportunity to credential surf or RAM scrape.

Vigilance or Vigilante?

To combat potential breaches like these, organisations should take into account that Black Friday is simply not ‘business as usual’. Programmes and applications should be tried and tested with vigour. Data protection software should be up-to-date and functioning at full capacity with all-hands-on-deck. Extra layers of data protection may even be required. For optimal management, you may want to consider a SaaS data platform.

It also bodes well to remember, whilst customers do have a responsibility to protect their own data – organisations should be making this easier for them, not harder. Any external emails to customers should be well designed and clearly marketed, making it easier for customers to tell a real email from a fake phishing attempt. It should also be made clear what customer data may be shared and why.

So, don’t rush, be meticulous, test, test and test again. And, most importantly, happy bargain hunting!

In recent months, we have seen a rapid rise in ransomware attacks. Covid-19 has forced businesses to make fast changes, occasionally leaving holes in their IT systems for cybercriminals to creep through.

These attacks could be through the means of phishing, attachments, hidden links or in more direct formats like leaked passwords or guest passwords. Whatever the cause, these attacks have the potential to lay dormant for quite some time. Lying dormant allows the initial infection to take hold before spilling over and causing a noticeable event that alerts IT teams to its presence. Dormant and slow attacks allow a wider range of infection; singular computers may not only be at risk but put user ID’s – with access to multiple machines, operating systems and backup software – at risk.

Although dormant attacks are perhaps the more damaging, some attacks will be immediate and brutal, destroying as much data as possible in as little time as possible. The threat here is that IT teams don’t have enough time to scramble and halt the infection.

So, let’s say your organisation has been the victim of a ransomware attack. Now what? Where do you go from here? It might seem like there are endless possibilities and roads to go down, but one thing is clear:

You need a recovery plan

“But we already have one, why do we need another one?” The thing about ransomware attacks is that, like a real infection or virus, they change and adapt. Cybercriminals will often analyse the effectiveness of their attack methods and alter code. Organisations must understand this. They should be making a commitment to incrementally update and manage their backup and recovery processes to ensure the most effective protection of their data. Ransomware avoidance is simply is not enough; it will happen sooner rather than later. It must be followed by flexible backup and recovery plans that aim to prevent as much data loss as possible following a ransomware attack.

Let’s think back to 2017, when the infamous ransomware ‘WannaCry’, infected over 300,000 computers in 150 different countries, simply by spreading through a local network – no harmful links, no dodgy email attachments. It’s all very well the malware was eventually put a stop to but by then, data had already been compromised and cybercriminals were free to adapt the code and worsen the effects of the next planned attack.

Backup but not forgotten

It bodes well to remember that the aim of a sturdy backup and recovery plan is not to protect the perimeter. The aim of backup and recovery is to recover the overall environment, understand the level of infection and research the backup catalogues in order to find the earliest uninfected files. By promoting a culture where infection intelligence is ongoing, backup and recovery can be made into a flexible and compliant process.

The scanning processes of some backup vendors can detect locked files and directories alerting the user to the effects of ransom activities after the fact. Others can search backup images for infection signatures in an effort to avoid reseeding the environment by recovering infected backups. However, these measures really only signal how far the horse has bolted.

Take a step

Predatar uses a mixture of methods and approaches to help automate the backup and recovery process, taking the initial heat off of IT teams. Ultimately, rapidly recovering environments and ensuring that organisations have the best of their data back after disaster strikes.

For more on this topic why not watch this 20 minute presentation taken from our Control 2020 conference. It can be viewed from the Predatar You Tube channel here

Over the last decade, organisations have really struggled to deal with the multitude of contradictory requirements for data compliance. How do you ensure that data is retained long enough but not too long when dealing with sector, geographic and internal requirements?

Deciding which regulation trumps another is a complex process. In fact, it’s best left to compliance and risk officers.

There are 2 key factors in compliance:

1. The IT department should be the facilitator for compliance not the decision maker
   • Let Risk/Compliance decide what needs to be kept, in what condition and for how long
   • IT provision a solution to meet the requirements
2. ALL compliance policies should be audited
   • Retention Policy should be documented
   • Changes to Policy should be reviewed and approved
   • Audit trail of changes should be taken as evidence of compliance

Backup is not Archive

When you’re dealing with long term retention, many organisations choose backup rather than content archival because of its lower cost. But, too often, we forget about the auditing of changes within the backup solution that could impact compliance.

Typically, backup administrators have the power to make changes to data retention and even delete existing backups. However, this process isn’t as smooth sailing as we’d like to think. A simple typo could delete the wrong data accidently.

Users of IBM Storage Protect have the ability to place a “legal hold” on retention sets so that data doesn’t suddenly expire when it may be needed for subpoena.

IBM Storage Protect not only has an audit trail of changes, it also has the concept of authorisation. When this is configured effectively, it requires any disruptive change to be authorised by a second admin.

Although this is a great place to start towards ensuring compliance, if 2 admins are in cahoots, it could still be difficult to prevent malicious intent.

So, what can you do about it?

Predatar’s platform gathers meta data from Storage Protect and stores it offsite for analysis. It can be configured to not only audit the activities, but also raise alerts based on customised thresholds.

The Predatar platform can be made visible to key stakeholders and risk officers. This means that alerts relating to data destruction can be reviewed by non-IT personnel and appropriate action taken in light of a breach of compliance. Predatar’s audit trail helps compliance and risk officers demonstrate sustained control over data. It shows effectiveness and efficiency.

3 Quick Steps to Success

We recommend that Storage Protect users with compliance requirements take the following steps:

1. Upgrade to version 8.1.9 or higher
2. Create at least 2 admins with “cmdapprover=yes” set
3. Set commandapproval to on

Predatar gives you the tools and control you need to keep your backup compliant.

In this podcast, we speak to our new customer success officer, Andy Brown. We talk about why customer success for SaaS entities is so important and how it impacts their day-to-day deliverables.

We discuss the rapidly flowing river of data that is the IT industry and how IT customer service needs to be swiftly adaptable. Having the tools and skills to leap into action when things go wrong or change direction is crucial for Predatar as a SaaS platform.

We learn about how at Predatar, we take control of customer’s needs so that they can take control of their data.