topic Re: Ransomware and Disaster Recovery in Tech Talk

Ransomware and Disaster Recovery

gidyn — Mon, 09 Oct 2023 10:11:44 GMT

When we hear of an organisation crippled by a ransomware attack - what if it had been hit by a natural disaster, terrorism, or some other threat? Does this mean that it had no functioning disaster recovery plan, or am I being naive? Crafty ransomware may introduce gradual data corruption over time to confound backups, but this seems to be the exception.

Re: Ransomware and Disaster Recovery

dcontesti — Tue, 24 May 2022 14:01:21 GMT

I don't think you are being naïve. I believe that anyone who has a plan will try to kick it into play, however, most plans are written for the natural disaster, etc. and someone is going to have to adjust.

Through time, we have seen many stories of companies spending $$$$ to replace equipment, find good backups (that is if they have them) and eventually restore.

With other threats, there may be less real-time data loss........not always true but with Ransomware like any virus, etc, it may not be possible to restore as rapidly.

Here is a great article from Forrester on Ransomware and DR/BCP

https://info.cohesity.com/rs/103-SPE-204/images/Forrester%20Ransomware%20Recoverability%20Must%20Be%20A%20Critical%20Component%20Of%20Your%20Business%20Continuity%20Plans.pdf

Smaller and mid-size companies may or may not have embraced DR/BCP as yet but many are starting to pick up the ball.

Sorry, long winded reply to say you are not naive.

Re: Ransomware and Disaster Recovery

Beads — Tue, 24 May 2022 15:27:44 GMT

Not so much naive but realistic. For most organizations ransomware should be treated as a natural disaster, even if man-made.

BCP/DRM has for whatever reason faded into the background these past few years, perhaps because it doesn't sound 'cyber' or sexy enough to bother. Not sure. Nonetheless ransomware must be tied back to BCP/DRM either way or suffer the consequences.

- B/Eads

Re: Ransomware and Disaster Recovery

ElviaB — Tue, 31 May 2022 15:31:18 GMT

They are just stupid. They think that having a BC plan is enough.............if they have one. A regular test of your BC plan is as important as having one. People forget updating the BC plan when changes are made.

Other factor is when you forget about the dependencies of your system and there is no plan for that.

Re: Ransomware and Disaster Recovery

Beads — Tue, 31 May 2022 19:10:34 GMT

Stupid is a bit much but I enforce my BCP/DRM plans by policy statement and audit. This way what you refer to as "stupid" becomes the law of the land and is enforceable.

Depends a bit more on your industry now doesn't it?

- B/Eads

Re: Ransomware and Disaster Recovery

Caute_cautim — Tue, 31 May 2022 19:52:54 GMT

Hi All

You could use this type of approach, whereby in this case IBM Security and IBM Storage came together and offered a different approach to tacking the issue cited "Ransomware".

https://bit.ly/3N8o54b

https://www.youtube.com/watch?v=oZUtqfZbpuA

The video explores IBM's Synergy between IBM Security and Storage products. Using IBM Flash-systems' Safe Guard Copy functions, along with QRadar and SOAR, this video shows how QRadar - SIEM will alert to a cyber attack, and then immediately launch SOAR to remediate using various automation tools, leveraging the Immutable snapshots on the Flash-system, testing and validating them, and then finally restoring one to the production server, with a full restart.

A useful and innovative method.

Regards

Caute_Cautim

Re: Ransomware and Disaster Recovery

Caute_cautim — Wed, 01 Jun 2022 22:49:57 GMT

All you could also read the definitive guide to Ransomware in 2022 and then circulate it to raise awareness.

On the basis that if someone needs it they will read and apply it, hopefully before the action takes place and not after the event!!

Regards

Caute_Cautim

Re: Ransomware and Disaster Recovery

csjohnng — Wed, 08 Jun 2022 20:04:35 GMT

@Caute_cautim

Good sharing.

However, as an ex-IBMer, I really doubt IBM's innovation and execution.

As IBM storage brand (tech sales) always selling dreams (things are too good on paper and only work on paper) but eventually is a lab's alpha or it's just some GTS (now is call split off as kyndryl) offering (meaning a lot of hard work on integration specialist writing custom script to make the "product" to work).

Re: Ransomware and Disaster Recovery

Caute_cautim — Sat, 11 Jun 2022 01:19:09 GMT

@csjohnngDefinitely some bad feelings or blood there. It definitely works, in production and not just a pipe dream. There have been a great deal of changes, chaotic at time, but it has come along way from the Red Books and has been turned into a reality.

I have seen other techniques, but I just wanted to illustrate one method of recovering from Ransomware attacks. Now the industry feeling is that Ransomware is running out of puff, and BEC attacks are becoming more sophisticated and likely to be the next battleground.

Regards

Caute_Cautim

Re: Ransomware and Disaster Recovery

csjohnng — Mon, 13 Jun 2022 07:28:23 GMT

@Caute_cautim

yes, there are good and bad within IBM. I don't really have bad feeling about IBM, but just sad to see it's falling ranks from the fortune 500 years after years.

There are great time in my early career with IBM and definitely blood and sweats as well in making things work in IBM. 🙂

I still love and miss IBM's value of dedication to client success.

I recall there was call for invitation on writing the Redbook 15 years ago, ( we called red residency). Eventually I did not apply the red residency. I still recall it's a top priority within IBM in the old days because the redbooks benefit so many customers and IBMers.

When IBM release product (esp new ones), it really took individual specialist (old day I was also GTS) to write the redbooks ( not the manual) because the products (developed by those "lab" people) are really so "unfriendly", "sophisticated" and even "unknown" to internals.

But anyway, good sharing and glad if that works, I hope there are still good talent and great vision in the IBM distinguish Engineers-DEs and as well as their senior executives

Re: Ransomware and Disaster Recovery

Caute_cautim — Thu, 16 Jun 2022 23:22:46 GMT

HI @csjohnng Yes, I was in GTS for years, before I moved out and joined the 9,000 IBM Security Business unit and have not turned back since then. Since then I have become the ANZ Architecture Practice Leader for my sins etc.

However, things are changing from the GTS to Kyndryl split.

IBM Garage - Co-Create, C-Execute, Co-Support is changing a lot of approaches by using a Minimum Viable Product (MVP) which means workshops are taken with the clients, and they state what is it that concerns them, rather than having ease it out of them over a period of time etc. A lot of this was due to the Pandemic.

So it has become a lot more collaborative and innovative, through ensuring that idea will work.

I have been here for over 20 years, and I am still enjoying it.

Regards

Caute_Cautim