Ransomware, Resiliency, and Recovery: The Triple R’s of Data…

Blog Post: Disaster Recovery, Ransomware, Backup and Recovery

Ransomware, Resiliency, and Recovery: The Triple R’s of Data Security

August 1, 2023

Despite investing significant resources, companies are still losing data. This podcast takes a deep dive into data security and protection, where Demetrius Malbrough, founder and CEO of Data Protection Gumbo, interviews Jim Garn, Quorum’s CEO, about ransomware and recovery, and what they mean to small, medium and large businesses.

Here’s the link to the original podcast. Below is the video and transcript:

Topics Discussed:

1. Experience with ransomware attacks

2. Protecting data when it comes to ransomware

3. Why DR solutions have been overlooked in ransomware attacks

4. Keeping backups safe from ransomware

5. Artificial Intelligence (AI) in backup and disaster recovery

6. The future of disaster recovery

7. Are tape storage going away?

[00:00:26] - Demetrius Malbrough

Welcome to Data Protection Gumbo. I'm your host, Demetrius Malbrough, and today we have a special guest, Jim Garn, who is the CEO of Quorum on the show. And Jim is big Air Force Academy guy, right? Serving in the Air Force for ten years, also finishing at the Pentagon. And he jumped into business, where he successfully led operations across a number of industries, including automotive software and life sciences industries. And so, as I mentioned, he's the CEO of Quorum, which is a leading mission-critical operations, to offer fast, secure, and reliable data backup and recovery for businesses. So Jim, welcome to the Gumbo. How are you?

[00:01:16] - Jim Garn

I'm good. It's great to be with you, Demetrius. Look forward to spending a couple of minutes talking about data protection and ransomware.

[00:01:24] - Demetrius Malbrough

Let's do it. I heard you were the right guy to have this conversation with, so let's dive in and have a conversation.

[00:01:32] - Jim Garn

Absolutely.

[00:01:33] - Demetrius Malbrough

And so there's a lot of talk about ransomware within the news, within the industry, and just it's everywhere. Even the White House is talking about it. They released a cybersecurity strategy a few weeks ago as well. And so a lot of resources, a lot of money, and a lot of eyes are looking at it. And so, as a data backup and disaster recovery vendor yourself, what has been your experience with ransomware attacks?

[00:02:05] - Jim Garn

So we have quite a bit of experience just being in the business and having a number of customers out there. I mean, ransomware. I think one of the things that we see is that your ability to defend against it is very difficult. So what you really need to do is make sure you're prepared should you be hit by ransomware. And that's where we really come into play with the backup and recovery side of the business. Often times, companies think that they're going to defend themselves and prevent the attack from entering into their environment. What we find is that if a hacker wants to get into an environment, the odds are they're probably going to get in. And so, like I said, the challenge is to make sure you're prepared. It's interesting, you mentioned that the recent release of the cybersecurity document strategy, we recently did a webinar on that to help some of our customers and potential customers better understand the document, which was rather extensive and a little bit challenging to follow. So we recently put together some kind of high points and talked about it, so worked out well.

[00:03:16] - Demetrius Malbrough

Yeah, I think it's about 96 pages, 89 pages. It's almost 100 pages.

[00:03:24] - Jim Garn

It references a lot of other pages, and people, and organizations.

[00:03:28] - Demetrius Malbrough

And that's typical of a political document anyway; no one's going to read it; just give me the highlights.

[00:03:38] - Jim Garn

When we were going through it, I accused or I told my product VP, I said, who is actually putting together the presentation. I said, I think what they've done is they used Chat GPT to put this together and then published it.

[00:03:52] - Demetrius Malbrough

Yeah, I wouldn't be surprised. Some White House correspondence or someone on the back end, decided to take the smart route. And just something else that I've noticed around ransomware is that everyone says that it's not a matter of if, it's a matter of when. Well, actually, yeah, I think I said that right. It's a matter of when it's going to happen because the statistics are rather high that you will one day get some type of breach in your environment, whether it's ransomware, or it's malware, or it's some type of phishing activity from some bad actor somewhere, or even an internal employee, right? All of that or any of that can happen. So when you're having conversations with C-level executives, Jim, what are you primarily trying to get them to understand about protecting their data as it comes to ransomware?

[00:04:57] - Jim Garn

Well, first of all, if you listen to what you just said, I think you pretty much hit the nail on the head. You talked about all the ways a bad actor could enter into an environment, and mostly what you talked about was how they could enter into an environment, typically by some mistake typically made by an employee. Not intentional, but how often, and I'm a key target, for I get more spam emails saying click here, click there, and it's amazing how authentic they look. But what I emphasize is that it really starts with making sure that all of your employees are extremely careful that if they even slightly suspect that an email is spam or malware to make sure that they reach out to their IT group before they do anything with it. And my IT guy gets regular emails from me saying, "Take a look at this, is this valid or not?". The other thing, besides employees clicking on emails, it's making sure that within the IT organization that there is a well thought out strategy on how to manage passwords. One of the things we find is that companies sometimes, just because passwords can be challenging to stay on top of, they sometimes get a little bit lax in that space.

[00:06:31] - Jim Garn

And I think that's another thing that I would emphasize, is making sure that companies stay on top of their password policies, strategies and making sure that they're changed regularly. The final thing would be making sure that if they have multi-factor authentication, particularly for some of their key systems that they engage with that. We launched multi-factor authentication probably about six months ago, six, eight months ago. And one of the things we're doing is when we install, we go through a new install. We're making sure that when we complete that install, we're also activating the multi-factor authentication with the customer. Because a lot of times, again, what we find is if we don't do it, if we don't make sure it's done during that process, people get busy, they have other things that come up, and they never do it, and then they get hit by something, and then they have a problem. So it's kind of those things, it's the people to make sure that they're constantly on guard. It's making sure you're taking care of passwords, making sure you're using multi-factor authentication would be the kind of the key things and then also making sure you have a top rate disaster recovery solution.

[00:07:51] - Jim Garn

Because again, we can talk about antivirus software, we can talk about firewalls and all the things to shore up the walls around your environment. But again, as we talked about and as you indicated, you talked about people, and oftentimes the challenge is more with the people and those types of things than it is with some of the software that is trying to prevent the activity.

[00:08:17] - Demetrius Malbrough

Yeah, and the way I think about security controls nowadays, especially like multi-factor authentication and two-factor authentication, is that it's like the analogy of in order to get a good job, you have to have at least a high school diploma, right? But it's more like now you have to have a degree from a four-year university and also some type of, if it's a technical position, an internship proving experience before you actually get hired at that particular job makes you more marketable. But those types of things now around security controls are like your four-year degree. Like you really have to have those things built into a solution because zero trust is a buzzword. But it's also a way that security professionals started saying, Hey, we don't give everyone authorization, right? So we're going to say we don't trust anyone, even the person who has access, give them minimal and least privilege possible. So one thing that's often overlooked as well in that disaster recovery solution, you mentioned that last Jim, which it's important. What do you think disaster recovery solutions have? Not what, but why do you think disaster recovery solutions have been often overlooked when it comes to ransomware?

[00:09:48] - Jim Garn

I think that in many respects, people think that they're bought into the concept that they can prevent it or that it's not going to happen to them. They've invested in the front end; they've invested in building the firewalls and those types of things, and they think that I'm not going to have. First of all, they think I'm not going to have a disaster, so I don't necessarily need to invest in disaster recovery. And then, if they get beyond that or if they're looking at ransomware, the odds of me getting hit by ransomware they think are low. But it's like insurance; you hope it never hits, but when it does, it can be very painful and very costly. So that's one of the things that we point out with our customers, is that it is like insurance. And when you think about it, and we have a number of customers that have been with us for a number of years, and they've been on we sell an appliance-based solution. The appliance is kind of the portion of it you've got to buy hardware, you got to buy a piece of hardware, and sometimes they bock at that.

[00:11:02] - Jim Garn

But many of our customers have been on the same piece of hardware for seven years. So when you look at what you've actually paid for the hardware over that time, it's minimal compared to the pain you would experience going through a ransomware or even a disaster. Again, we have a lot of customers in the panhandle of Florida, along the Gulf, and as soon as when we see some of those swat big hurricane things building, we immediately get on the phone and make sure that everybody's up to date and everybody's current.

[00:11:34] - Demetrius Malbrough

Yeah, actually, there were a lot of news stories about ransomware infecting and encrypting backups as well. And so, yeah, we have a backup, but is that backup safe, right? So we've seen different things happen to backups, which is you mentioned insurance, right? It's your insurance policy. But how can businesses ensure that their backups are safe from ransomware attacks?

[00:12:04] - Jim Garn

So one of the things we do is we do incremental backups and also their immutable, right? So that once you back it up, it's locked. So essentially with our solution, what you do is identify when you were hit by ransomware, you go to the incremental backup just prior to being hit by ransomware, and you spin it up on the appliance. One of the things by using an appliance, when a lot of those ransomware, some of the high-dollar ransomware attacks, were taking place, the government was talking about the idea of air gap. And that's one of the things that, by using a backup solution that is an appliance-based solution, or not connected into your production environment, or not part of your production environment, you get that air gap, that separation between the production environment and what you're expecting to be there when you need it. So this goes back to making sure you have three copies—two places and one off site. So that's the thing that, when you look at how to protect against ransomware and if you have a ransomware attack, that's really our solution, is that you go to the backup that took place right before you were identified as being hit by ransomware and you spin that up, and you continue running the business while you clean your environment.

[00:13:31] - Demetrius Malbrough

And maybe a random question here. You've heard of Chat GPT, right?

[00:13:36] - Jim Garn

I already mentioned chat GPT. I told you that. That's what I thought.

[00:13:40] - Demetrius Malbrough

Oh, you did. See you’re testing me.

[00:13:44] - Jim Garn

I'm testing you. Yeah, that's right. My turn to test you.

[00:13:49] - Demetrius Malbrough

Have you played around with it for any business use or maybe personal? I don't know.

[00:13:55] - Jim Garn

No, we did play around with it. We have kind of a company that we work with on a regular basis, kind of a mentoring situation. And they were talking about Chat GPT, and it was right before it all kind of really popped up in the news, one of my folks actually wrote a marketing piece using Chat GPT. It was actually pretty amazing how accurate it was. I'm not sure if that's a good thing or a scary thing. I'm still sorting that out. But it was a great starting point. So I told him, I said, hey, good starting point. Now make it look like something we would have written or a person. You got to break it up, do some bullets, do some a little bit more texture to it than just a bunch of streaming words that sound good. So we did play with it a little bit.

[00:14:52] - Demetrius Malbrough

Okay. Yeah. And I bring it up. Because of artificial intelligence and generative AI. And, I mean, it's a hot topic nowadays. Everyone's jumping in the race. Google, Microsoft, of course, they're, like, leaps and bounds ahead. IBM's been doing it for decades, right? Watson and the chess matches, et cetera. But where do you see AI in artificial intelligence and also machine learning in the industry around disaster recovery and backup, and recovery?

[00:15:26] - Jim Garn

Well, one of the places I see it is using it to better identify potential threats within an environment. Using it to learn and understand what the signatures look like that you're looking for, understanding, looking at things not just necessarily within your production environment, but looking for areas where you can identify that you are being targeted in advance for a potential ransomware attack, so that's one of the things that we're looking at right now, is adding some things to be more preventative or anticipatory and looking for those types of signatures that would indicate that there's a potential attack.

[00:16:10] - Demetrius Malbrough

Wild question here.

[00:16:12] - Jim Garn

That's fine. Go ahead.

[00:16:13] - Demetrius Malbrough

Tell me something I don't know. Where do you think this whole market is going? Something like futuristic that we don't know about the environment? Where do you think it is headed?

[00:16:25] - Jim Garn

Well, that's a good question. I think a lot of it is in many ways, I don't know what the idea of disaster recovery is. I don't want to say if it's a commodity, but it's kind of like a meat and potatoes type of business, and we do what we do, and we do it well. I think the places where we will continue to grow is, like I said, looking to be smarter about anticipating and identifying where there are potential issues. Because, again, some of the companies have already jumped into that space where they're doing a lot more analytics of the data that's being backed up to look for those types of signatures and to be able to look for that stuff. So I think near to midterm, a lot of it's going to be continuing to see how we can better protect our customers and give them advanced warning of things that may potentially happen.

[00:17:32] - Demetrius Malbrough

And maybe one more question. Are you having any conversations around like storage and maybe the different tiering models of storage and storing some data on tape or, for low cost, cheap, long-term, is it secure in storing it in the cloud? Are you having any of those conversations or it's just all straight disaster recovery and not a whole lot about the tape in the cloud?

[00:18:01] - Jim Garn

Well, we're always working with customers that we speak to that are using tape.

[00:18:10] - Demetrius Malbrough

Okay.

[00:18:12] - Jim Garn

We think that what we provide, whether it be through one of our devices, because, again, our offerings are fairly flexible. We have, like I said, an appliance-based solution. We manage our own private cloud. So you can either do replication of the cloud or you could actually do a direct to cloud disaster recovery solution. So we're always working with customers and talking to them about the different methods of storage. One of the things that we are not is we are not a backup company, right? So, I mean, backup has become extremely cheap, and that's just not what we do. If we do offer a customer a backup option, it is in combination with a solution that will immediately spin up and be ready to run in five minutes for the customer to get back online and back in business. So that's what we do. If we get into a situation where we're talking to a customer and they just say, I just want to back it up, we're probably going to suggest to them that they look at organization companies that just provide backup. We do have companies that do tape, but in some ways a lot of those companies that are still using a tape backup are looking for ways to get off of a tape backup.

[00:19:42] - Jim Garn

And again, with all of the different storage methods and types these days and a lot of it getting fairly reasonably priced, it seems like people are getting more and more away from that. We do have people that are doing things in the public cloud, whether it's Azure or AWS. So we do have customers that are doing things, obviously moving some of their applications to the cloud. And again, those are things that we can provide disaster recovery for. So we can provide disaster recovery for customers that are using the cloud to run their environments. So to answer your question, yeah, we are encountering those, or running, we're having those discussions with customers to find the best solution for them.

[00:20:32] - Demetrius Malbrough

Yeah, I remember everyone was like, bashing tape, tape is dead and it's going away, and I think we go through a cycle, like, every so many years, where we think something's going to cease to exist. And maybe we're there with AI in ML with some of the things and innovations that's happening around that. But also, just looking at your background, there's a lot of books there. What are you reading now? Or what's your favorite book? Give us a book recommendation.

[00:21:08] - Jim Garn

It's funny you asked for books, but don't people just use Kindles anymore?

[00:21:13] - Demetrius Malbrough

See, I'm an old school book guy. I got to have it in.

[00:21:17] - Jim Garn

I love to handle books. One of the things that I didn't really put in the bio, I teach yoga, and I do a lot of yoga, so a lot of the books that I read are more about mindfulness. I'm reading a book right now about studying breath and how breath influences health and well-being, mindfulness, and mental health. Yeah, it's a book. It's Breath by James Nester, so it's not a real long book.

[00:21:52] - Demetrius Malbrough

But wow, you got to be in great shape to really take on yoga as a professor or profession.

[00:21:59] - Jim Garn

I do. In fact, I taught this morning. I had a 06:00 class. Yeah. So it's something I do more on the weekends than anything else when I have a little bit of time. It's a nice break from the day-to-day stuff.

[00:22:17] - Demetrius Malbrough

Well, it's been super informative and insightful having you on the show, and any final shout-outs and maybe your website or blog post, or follow on LinkedIn.

[00:22:33] - Jim Garn

Well, like I said, you're more than it we did recently do. If anybody's looking for information on a better understanding of the security document, that strategic document that the government did, and wants a half an hour recap of it, feel free to go to our website, Quorum.com, and take a look at it. Anytime I have a chance to shout out to the employees of Quorum, I always want to say thanks, because one of the things that's been great over the years since I've been here is that people stay with Quorum. They like Quorum. They believe in the product, and it's always great to have them on board and great to be able to spend time with them.

[00:23:21] - Demetrius Malbrough

And how many employees do you have?

[00:23:23] - Jim Garn

We're about 27 employees.

[00:23:26] - Demetrius Malbrough

Okay. Small. Okay.

[00:23:27] - Jim Garn

Yeah, we're relatively small. Like you said.

[00:23:30] - Demetrius Malbrough

Small but mighty.

[00:23:32] - Jim Garn

There you go. Absolutely.

[00:23:36] - Demetrius Malbrough

All right. Well, Jim, it's definitely been a pleasure. And before we go, I want to plug the Backup and Recovery Professionals LinkedIn group that I run. There are about 25,000 plus backup, security, storage, all different types of professionals within that group having great conversations. So just go to LinkedIn and search “backup and recovery professionals”, and you can join the group. And also, if you happen to be on Apple podcasts, please stop by Data Protection Gumbo and write a review for us, and that helps us out. So, Jim thank you again for being a guest on the show.