The rise of massive ransomware outbreaks has led to a number of strategy changes, including the pivot of disaster recovery and business continuity companies into marketing their solutions as an effective way to stop ransomware. But are these products really going to solve the issue? Or just treat the symptoms of the wider problem?
Podcast: Play in new window | Download (0.0KB)
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS | More
On-Premises for Today’s Roundtable:
Panelists
Scott Driver
Bruno Wollmann
Moderator
Tom Hollingsworth
Join us on October 20–22, 2021 for another exciting Security Field Day event, where you can learn more about the premise of this episode. Also, follow us on Twitter! AND SUBSCRIBE to our newsletter for more great coverage right in your inbox.
On first blush, the title seemed like something that Captain Obvious would say. Of course data protection products don’t “solve” ransomware, and neither does any single product category. Nothing is going to SOLVE ransomware. It is a coordinated attack on all of IT, and we need all hands on deck to help battle it.
What I didn’t expect was for Tom to use this as a strawman argument to impugne the integrity of the entire data protection industry. “We’ve seen this time and again … We sell a thing, and whatever the current problem is, that’s the solution to your thing.” Somewhere else you said something like “they’re just doing the same thing and just marketing it differently.”
No data protection company that I know of is claiming their product is a solution to ransomware. So why are you suggesting we are?
A good backup and DR strategy – especially one specifically targeted towards responding to ransomware – is the ONLY way around paying a ransom if you have been infected. Just as it’s the only way to respond after ANY disaster or terrorist attack. No backup? No company. (I’m happy to list off the top of my head companies that ceased to exist simply because they didn’t have a solid DR plan.) I remember when ransomware first started rearing its head in 2014. I said “Why is anyone paying ransom? Don’t all companies backup their important data and servers?” Well, it turns out the answer to that is clearly NO. So yes, those of us who sell data protection solutions that can allow you to quickly recover after a ransomware attack are doing our best to remind companies that if they simply follow the best practices in this area, they stand a chance against these criminals. But NO ONE is saying we “solve” ransomware.
In addition, some companies in the space are developing specific solutions to the ransomware problem, such as Druva’s ability to scan the data you’re about to restore for the ransomware you got infected with. You talk like we don’t understand the concepts of re-infection, or that we’re just being opportunistic. We don’t care about actually solving the problem – only that we sell our “thing.” That’s a pretty big sweeping indictment of an entire industry that you clearly aren’t actively following.
As to the “last dollar” comment of Scott’s, I’ll say I simply disagree. Assuming I had no backup and no user training…. I would absolutely spend my last dollar on a good backup/DR system. Never mind the fact that every company should absolutely have both. But the thing w/user training is that it is ineffective and you have new employees to train every day. (I remember when I worked at MBNA. We would train all new employees that no one in IT will ever call you and ask you for your username and password, and if someone did, they were a hacker. We would then immediately call them all and ask them for the password. 20% of them gave it up without a thought.) The best user training will also never “solve” ransomware, nor will the best firewall or IDS, nor will the best security practices, or the best network monitoring tool. But if all of those fail, a solid backup and DR system is your only hope of ceasing to exist as a company. I’d spend my last dollar on that.