This discussion focused on the critical aspects of data protection, ransomware, and incident response. Experts Jeff Boic and Tom Hern, shared insights on how organizations can plan for, prevent, and recover from security events. They highlighted the evolving nature of cyber threats and the importance of robust data protection strategies to maintain business continuity and resilience.

The Evolving Threat Landscape

Cyber threats are getting more sophisticated. Bad actors are constantly changing their tactics, making it harder for organizations to protect their data. It's not just about data exfiltration anymore; it's about holding data hostage for money. This shift means attacks can spread incredibly fast, sometimes taking down thousands of workloads in just over an hour. This speed changes everything about how you plan for recovery.

Key Takeaways

• Speed of Attack: Ransomware can encrypt entire environments in minutes, not hours or days.

• Targeted Attacks: Threat actors research organizations to maximize their financial gain.

• Impact on Recovery: The rapid spread of attacks makes traditional recovery methods much more complex and time-consuming.

The Importance of a Robust Data Protection Strategy

While the core concepts of data protection haven't changed much, the way we apply them has. The 3-2-1 rule (three copies of data, on two different media types, with one offsite) is still very important. However, organizations also need to consider the human element and the potential for entire environments to be locked down.

Best Practices for Data Protection

• Multiple Copies: Always have several copies of your data.

• Diverse Media: Store data on different types of media (e.g., disk, cloud, tape) to avoid single points of failure.

• Offsite Storage: Keep at least one copy of your data offsite to protect against physical disasters.

• Immutability: Use immutable storage to ensure backups cannot be altered or encrypted by attackers. This is a great way to prevent ransomware from affecting your backups, but it doesn't stop malware from being placed in your active file system.

Preparing for and Recovering from a Cyber Attack

Many organizations focus on backing up data, but the real test is in the recovery. It's not enough to just have backups; you need to know you can restore them effectively and quickly. This means regular testing of your recovery plans and understanding the cleanliness of your data.

Key Considerations for Preparedness and Recovery

• Testing is Key: Regularly test your business continuity and disaster recovery (BCDR) plans. Don't just have a plan; practice it.

• Clean Backups: Modern data protection solutions can help identify when malware might have entered your system, even in backups. They can scan for anomalies and help you restore from a clean point in time.

• External Help: Be ready to call on third-party experts. When an entire environment is down, your internal team will likely be overwhelmed. Having a pre-planned process for engaging external help is crucial.

• People and Process: The human element is often overlooked. Ensure your team knows their roles, and consider how to augment your staff during a crisis. Policies need to be updated to reflect the new realities of large-scale cyber attacks.

• Confidence in Restoration: You need to be confident that what you're restoring is clean and won't reintroduce vulnerabilities. This involves rigorous testing and validation of restored data.

The Challenge of Scale

When an entire environment is impacted, the scale of recovery changes dramatically. Moving petabytes of data is a different challenge than restoring a few virtual machines. The data protection team often becomes the most critical and overloaded team during a recovery effort. Capacity planning for large-scale restorations is a complex physics problem that needs careful consideration.

Ultimately, protecting your environment means focusing on restorability. It's about understanding the new demands and pressures brought by modern cyber threats and building a strategy that ensures you can get your business back online as quickly and securely as possible.