Ransomware top of mind for IT at Rubrik Forward

IT leaders at Rubrik Forward 2023 describe the challenges facing their enterprises, both in preparing for ransomware and recovering from a cyber attack.

The increasing severity of ransomware attacks and the dwindling sizes of IT teams will increase the role of third-party SaaS services for cyber recovery.

Speedy ransomware recovery, visibility into the performance of IT environments and the use of generative AI could be differentiators for SaaS products, according to speakers at the virtual Rubrik Forward 2023 event Wednesday.

Backups are becoming a more common target for cyber attacks, especially as the number of data silos increase on premises and in the cloud, said Kate Kuehn, chief trust officer at Aon Cyber Solutions, a management consulting firm based in London.

Knowing what data is important, how it's protected and what threats it can face are all important considerations for enterprise backups. Outages of business-critical applications without backups can sink an enterprise.

"[Enterprises] are protecting the wrong data, they're protecting the wrong things," she said.

Ounce of preparation

A cyber attack in April 2021 knocked out most of the IT systems of Colchester Institute, a vocational college in the U.K., for about a month, including the internal email system and the school's application program.

In the days following the attack, school administrators declined to say if student information was compromised but did bring in third-party support to recover systems, according to local media reports.

Chris Armitage, data storage and continuity officer, Colchester InstituteChris Armitage

In the trenches of the recovery operation was Chris Armitage, data storage and continuity officer at the Colchester Institute and a conference speaker.

Specific losses included the school's VMware vCenter Server and ESXi hypervisors. Recovery itself took 30 days, as Armitage compiled spreadsheet after spreadsheet of what applications ran on which servers.

"These spreadsheets contained the priority servers [with the] applications and services that we wanted to bring up first for our college and our business," he said.

Our biggest issue was not knowing if any of our snapshots were clean. That made our recovery process take a lot longer.
Chris ArmitageData storage and continuity officer, Colchester Institute

The Colchester Institute IT team ultimately needed to rebuild the entire IT environment, testing snapshots and servers within an isolated recovery environment, a kind of digital clean room to test servers before redeploying them into production.

 "We had built everything from scratch," Armitage said. "Our biggest issue was not knowing if any of our snapshots were clean. That made our recovery process take a lot longer."

Other enterprise IT professionals speaking at Rubrik Forward hadn't suffered from cyber attacks, but they were preparing for the possibility.

American Family Insurance (AFI), a Fortune 500 insurance company headquartered in Madison, Wis., is moving more of its IT operations to a hybrid cloud.

Overseeing that shift is Nate Brooks, technology services manager at AFI, who said the company is currently managing 500 AWS accounts. It uses Google Cloud Platform for AI capabilities and Microsoft Azure for its virtual desktop infrastructure.

Brooks has used Rubrik to secure his backups and set policies for data retention and usage across previously siloed data.

Nate Brooks, technology services manager, American Family InsuranceNate Brooks

"Not everyone is trying to go to the public cloud, but there's a unified drive to use it in intelligent ways," he said. "We have to facilitate the same [policies] across environments where a group might spin up a thousand servers in a day. Having a unified way to secure those [instances], govern what's happening and look at what's going on [has] been extremely important for us."

He said the use of immutable storage and granular file recovery enables faster recovery in case of user error, while the Rubrik API helps connect the multi-cloud environment to the platform.

"The extensibility with the APIs in Rubrik allows us to lock down what changes can be made to the platform," he said. "We can, in broad strokes, lock things down and make sure they adhere to all our policies and obligations that we have."

AI future

Bipul Sinha, Rubrik co-founder and CEO, and Charlie Bell, executive vice president of security, compliance, identity and management at Microsoft, said generative AI is coming to Rubrik -- and soon.

During his keynote speech alongside Bell, Sinha demonstrated an integration of ChatGPT with Rubrik for Microsoft Sentinel, with ChatGPT preparing a general ransomware response plan and seeking a common pattern to the sample attacks. The demonstration follows a ChatGPT integration promoted by Rubik rival Cohesity last month.

The use of generative AI in security could also help with the skills shortage in cybersecurity, Bell said, as the enterprise could take more chances on junior employees who are assisted by AI rather than demanding -- and paying for -- veterans.

"We're going to get folks who weren't able to get into this industry and enable them," Bell said.

Tim McCarthy is a journalist from the Merrimack Valley of Massachusetts. He covers cloud and data storage news.

Dig Deeper on Data backup and recovery software