B2B Tech Talk with Ingram Micro
B2B Tech Talk with Ingram Micro

Episode · 1 month ago

Ransomware Solutions and Protecting Office 365


An organization gets hit with ransomware every 11 seconds.

With data dispersed everywhere, it’s become increasingly difficult to know if your data is secure—and how to protect it.

Shelby Skrhak talks with Jeremy Snow, System Engineer at Veritas, and Gus Iannello, Technical Account Manager at Ingram Micro, about:

- The prevalence and impact of ransomware

- The vulnerabilities of Office 365

- Best practices to protect against ransomware

For more information, listen to the last episode with Jeremy and Gus and check out Veritas Ransomware Protection Solutions.

To join the discussion, follow us on Twitter @IngramTechSol #B2BTechTalk

Listen to this episode and more like it by subscribing to B2B Tech Talk on Spotify, Apple Podcasts, or Stitcher. Or, tune in on our website.

Mhm. You're listening to B two B tech talkwith ingram Micro, the place to learn about new technology and technologicaladvances before they become mainstream. This podcast is sponsored by ingramMicro's. Imagine next. It's not about the destination, it's about goingsomeplace you never thought possible. Go to imagine next dot ingram micro dotcom to find out more. Let's get into it. Welcome to B two B tech talk withingram Micro. I'm your host, Shelby skirt hawk and our guests today areJeremy Snow system engineer for veritas and gas. I en ello technical accountmanager for ingram Micro. Gentlemen welcome. Thanks for having us. Thanksfor having us. Shall be. Well. So today we are continuing our conversationabout ransomware and also protecting office 365. So here is the fact that Ithink would keep our listeners up at night. An organization gets hit withransomware every 11 seconds. So I guess let me ask what and why does that keepyou up at night? Sure. Well, you know, that's a question I think a lot offolks are asking is uh, you know, how concerned should I be about ransomware.Right. And I would say, you know, this keeps me up at night because I'mconstantly worried about my data and we have data everywhere. Now it's on prem,it's in the cloud, it's on removable storage devices with this decentralizedworkforce. It's on laptops and peripherals traveling all around andbecause it's so dispersed, it's become really hard to not only know if yourdata is secure, but you know, locating vulnerable data that may be exposed toan attack, understanding what data is considered to be sensitive or needs tobe brought in to to be compliant with a certain regulation or business standard.And because it is so hard to to understand that about your data now,it's really understand hard to understand what the impact of aransomware attack will be. And and like you said, ransomware is happening allthe time now. So it's not a matter of if, but when you will be hit fromransomware and if you don't have good control of your data, you really aren'tsure what the impact will be, whether it's a large financial cost damage toreputation or so bad that you you can't recover from that. Right? Well, youknow, having that data distributed uh you know, on the last episode we talkedabout data silos and dark data and you know, having so much data all over theplace that you know, it can be hard to really know the impact until you're init. And that's not that's not a good strategy because there's certainly youhave to be able to plan for those things. So jeremy when you're on theshow last time we talked about veritas strategy of protect detect and recover.So essentially this is building that...

...strategy for when ransomware hits andexposes a vulnerability. So can we talk about you, what are some of those highprofile ransomware cases that really exposed the blind spots that companiesreally should keep in mind? Yeah, absolutely. So I mean as you mentionedbefore, you know, when we spoke about our strategy protect detect and recover,you know, the first step obviously is protect and you know, Gus was talkingabout it earlier was, you know, you've got to protect your data, that's thefirst step. You know, when we talk about high profile cases, I meanrealistically any business is at risk for ransomware, um any type of businessto, you know, Gus was talking about before as well and alluding to is thatit could be a reputation of the company, it could just be a financial gain, butyou can have large organizations or small organizations and they're gonnacome after you, you know, you see different methods of how they do goabout this as well. Um you know, a lot of people think that ransomware isbased on someone you know behind their computer and sort of hacking away andtrying to encrypt maybe your password, but that's not really the case. It's,you know, what they're looking at is potentially weak points and as to yourpoint gaps, you know, vulnerabilities in the system and you know, usuallywhat that is, it's humans, um it's human error. So you know what we seefrom a let's say we're using Office 3 65 as an example, you know, you'relooking at phishing scams which are more generalist sort of emails to gainaccess and gain trust something that you may be c and it seems familiar toyou or spear phishing that directly sort of points towards you. So youcould have your actual name involved, some more personal information thatthey were able to gain on some type of social media. And then at that pointyou click this and you put in certain information may be a password reset andall of a sudden they have obtained your account and then maybe that's wherethey're able to bridge in and go in after everyone else as well. And atthis point, right, if they get access to your information, your data, theycan encrypt all this. And this is at the point where it's at ransomware. Soyou know, you you see all these large cases, you know, the colonial pipelinebeing, you know, one big ransomware attack. Another one actually was justreading about, which is funny, which is I think more close around yourneighborhood. Gus is the, it was the buffalo public schools. So you know,you you look at one industry which is, you know, fuel, but then you look atthe education, I mean they're really coming after anyone where they can getsome type of financial gain or some type of, you know, discrediting thatcompany's information, which also is sort of, you know, a financial gain ifthey're sort of devaluing the company or the company's losing money, sometype of financial loss. So again, you know, realistically when it comes downto it is that they'll come after any type of size of organization to getwhat they want. And you know, a lot of times they're looking at humans to sortof produce that air so they can gain access. Well, you mentioned it, I mean,you know, humans can be the vulnerability and and the the gap thatthe entry point basically that that you know, these hackers are looking for andyou mentioned a good point that these aren't just, you know, an individualbehind a computer kind of just, you know, hacking away trying to get into apassword. I mean these are...

...sophisticated, very complexorganizations that are launching these attacks. So I guess when we look atoffice 365 and the vulnerabilities that are out there, how vulnerable is it?And what then, are are the solutions that are possible? Well, you know, Ithink it's it's safe to make the claim. Uh that Office 3 65 is one of if notthe most used cloud based application. Right. So it's a complete gold mine ofdata, especially when you factor in things like teams and one drive likejeremy mentioned uh you know, phishing attacks on email services. Soessentially it's a huge target and one of the things that a lot of organizedorganizations still don't realize is that Microsoft has no responsibility inprotecting the data you house in it, this is known as the sharedresponsibility model and if you look through the Microsoft documentation,they have a chart that has information and data right at the top of it and itstates clearly that that is a Microsoft customer is your responsibility tomaintain its integrity. And unfortunately there are stillorganizations out there that have not put solutions in place that protectsthis data which continually makes them a target. And you know, that's reallywhere solutions like veritas net back up SaS protection comes into playbecause it is a a solution targeted to protect that data existing in the cloud.And what's cool is that it's cloud native, right? It lives in the cloud sothat you have a similar experience with your data protection that you do tothese, these SAAS applications, that's why a lot of folks are moving to them,right, You know, not having the physical footprint on site if you don'twant it. So putting solutions in place to to really strengthen office 3 65 notonly from ransomware but from things like accidental or malicious deletion.Right? You know, we have to protect our data from internal threats just as muchas we do external threats. So folks really need to start looking at ways toto secure that data and take more control of it, especially as it expandsand it's only going to expand, I wonder if um if either one of you can expand alittle bit on those, I mean, so you started to mention the uh you know,either accidental or malicious deletion. What are some of those, you know, again,you know those bullet points of concerns that probably our partners andresellers are hearing most from their clients. Yeah, I mean I guess if youwant, I can jump in on that one. No, Absolutely. So you know, uh as Gus wasmentioning that, you know, Microsoft is not responsible for any that this typeof data if it gets accidentally deleted or if there's any type of ransomwareattack and they supply a certain level of infrastructure to create aredundancy. So the services can still keep running but it's entirely up tothe customer to protect their data. So, you know, back to either accidentaldeletion or you know, some type of malicious intent or some type ofransomware attack. Um you obviously...

...need some type of backup strategy inplace to protect those workloads. So if I was a partner, I'd be asking mycustomers right away, I'd be saying, okay, well what are your workloads andand what is your plan right now? How are you protecting that data? A lot oftimes you're going to see these customers are like, why? You know, Ithought that my data was protected since it's up in my car, you know, it'sup in Azure and then they protect all this data and you know, and that's notthe case. So a lot of times it's more of a, you know, you're educating thecustomer based on what it's limited to, you know, the defaults as far as ifsomeone does delete a file accidentally, how long do they have to recover? Whichis a very short period of time. So these conversations really go into sortof understanding the customer's environment, so understanding whatworkloads that they currently have in their environment and how if they are,how they're protecting those and then from there. And that's the first stepas far as saying, okay, well if you're not protecting those workloads, part ofthe protect detect and recover, let's work on the protection point. And soyou start getting the place as you know, Gus also was mentioning was net backupsas protection. You know, being able to back up emails, one dr teams, this typeof information where if anything does happen from a ransomware attack toaccidental deletion, you'll have something in place to be able to revertback to the last copy in place for potentially several copies back incases, some type of corruption or needing an older version of that dataas well. So I would say definitely the partners is to be having theseconversations with their, with their customers and figuring out what theirstrategy is right now protecting their workloads. Yeah. And I just to add tothat uh, you know, we talked a little bit about How officers 65 really isbecoming a huge uh silo of data and customers that have specific regulatoryconcerns or you know, they have standards that they need to meet,really need need to be able to take control of that data. So they continuetheir regulatory practices that they have on site and on prem on their ownuh infrastructure and replicate that in the cloud. You know, always comes tomind is hipaa for me, you know, I did some time working at the VeteransAffairs Hospital and just the amount of sensitive data that these folks workwith continuously now that that's being dispersed, you know, into into somecloud elements really does does matter when it comes to making sure thatyou're following regulatory practices, having tools that provide you the samedeeper integration as far as not only back up, but, you know, data tagging oruh discovery classification, etcetera. So there really are more considerationsthat you you have to think about when it comes to regulatory practices whenwe're dealing with that data in the cloud. No, it's and I just want to jumpin there. And that's a great point gus is that, you know, it's it's one thingto have the data, but to your point, I'm not a lot of customers are actuallymanaging that data properly, whether it be unstructured, unknown data, personalinformation. Um, we're seeing similar...

...things like GDP are now being sort ofmirrored both now in North America at the California Consumer privacy act anddifferent regulatory acts as well. So it's a great point that it's not justabout protecting your data but also making sure you're falling into thosecompliance and that personal information and how it's being handled.What then do you think it is? I guess one of the biggest fallacies youmentioned the fact that there's this assumption that if it's in the cloud,it's backed up. But yeah, that's that's not necessarily the case. Would you saythat is probably the biggest education point that you guys are making or arethere other kind of blind spots that are really concerning? Yeah, I mean, Iwould say definitely that's that one of the first ones is that I've been onmultiple customer calls. Um and actually that was your first responsewas, well, you know, I got off at 3 65 in the cloud, so it's all protected andand then, you know, you go through which package they have, they may haveany three and 85 you know, we'll bring that stencil and say like this isactually what you're getting um with your subscription and they don'trealize that um, you know, that they're not protected if someone gets a hold ofthese accounts to encrypt their data that they're basically they're stuck.They're at a loss. Um, someone goes and delete this information and they don'treact to it quick enough that potentially they might lose that dataas well. And of course and any type of ransomware attack? You know, they mightgain control of your environment, you know, back to what, you know, Gus waseven speaking about is that maybe they take this information of your customersand now they use that personal information. This could be anythingfrom, you know, you know, your personal address, payment information, anythingreally sore that can ruin someone's credit or potentially just gain otheraccess to these clients. And you know, the ransomware sort of spreads outwardsso, and again, of course these are all, you know, fines and, and also probablylawsuits that go against the customer. So I mean it could be a giant mess. Sodefinitely I think educating the customer right away, just seeing whattheir level of knowledge is. And I always like doing that initially tosort of start off the conversation just saying, you know, what level ofprotection do you think you have currently with your subscription andthen that's where you sort of expose where there's that cloudy area wherethey weren't really sure as far as what was protected versus what wasn't. Um,and then, you know, you start opening up that whole can of worms of what else,you know, what other type of war close do you think are actually protectedthat really aren't? Well, uh, when we look at these solutions then um, youmentioned something about educating the companies, but also those companieseducating their own users. So along those lines, I mean what are some ofthe best practices that will really help partners provide real solutionsfor their clients jeremy? Yeah, so I mean from a practice standpoint,obviously, you know, when we talk about, you know, and we see a lot of thisinternal training at least happening within the within companies and even mycompany as well is that you know, there's no shortage of training when itcomes to protecting against ransomware. So internally from a trainingperspective it's it's more about...

...knowing exactly the content that'sbeing sent to you. Never never clicking something that you're not 100% aware of.So right away as you said, you know, the biggest weakness is the humanunfortunately, you know, we have high levels of encryption data at rest datain transit, you know, you have, you know, single sign on services, you havemulti factor authentication, these are all great and these are all methods toprotect against ransomware, but at the same time if anyone is able to gainaccess to your account or a high level account, all that encrypt, all thatencryption is basically pointless. So the first thing is the first line ofdefense is is training your employees first as far as how do I prevent thissort of question emails if you're on the fence or you're not 100% sure iswhat to do next. Right. Do you flag it and report it to your security team.But these are, you know, there's also an additional enablement on this whereemployees will get that type of training? Well, so um as we start towrap up this episode, um you know, you guys have your, your pulse on, oncybersecurity and ransomware and so I'd love to uh either expand on what youguys had mentioned last time as where you see technology going in the nextyear or maybe focus in on something that you've mentioned today. So jeremy,I'm gonna start with you. Where do you see technology going in the next year?Yeah, no, absolutely. Um you know, it's a great question and it's funny, Ithink about this almost on a weekly basis and I projected based on the thecalls that I have with customers in the discussions. You know, if you looked atanything like our topic today, about office 365, a lot of our mailboxes wereactually, you know, located on prem on servers. Um, we're seeing most of ourcustomers and clients now going up to the cloud. So if there's one thing thatI can sort of, you know, highlight is that we are seeing more workloads ifthey can be migrated to the cloud that they will. So definitely from an Office3 65 perspective, we're seeing a lot of people adopt that from a workloadperspective, you know, whether it's data center is trying to move specificworkloads off their hardware, this is another point, we're seeing a lot ofcustomers start evaluating, you know, if they can, from a complianceperspective, some, you know, governments want to keep their trafficall sort of siloed in a data center and they don't want it up in the publiccloud. But what we're seeing is a lot of customers evaluating that and thecosts associated to maintaining this on a data center versus not worrying about,you know, having to do perform the upgrades on the servers and maintain acertain level at the data center level, but just saying, you know what, let'sput the servers up there and run our applications and let's just worry aboutthe application. So I'm seeing a lot of, you know, and with Covid as well, right,with remote working, this is one of the big pushes, I saw at least thebeginning of Covid was, you know, people are like, okay, well we can'tcome to the data center, but having, you know, something in the cloud whereyou can work around makes life a lot easier. So, you know, that sort offactors in for the remote working. So, um, anything adopting cloud, as long asit's sort of balances with budget, I think you've seen a lot of work clothesgo there, guess how about you? Um, well, you know, I I really believethat there is going to be a renewed...

...focus on the, not only just thesecurity side of things, but specifically the data protection. Right?Because when you're, when you're talking about security, obviouslypeople think firewall, they think, you know, virus detection or ransomwaredetection, et cetera. And that is a huge, huge piece of it. But the dataprotection peace and whether it's backup or disaster recovery is justimportant. It's a it's a 12 punch if you will. And you know, in the past,when you talk to folks about backup or just general data protection there, youknow, attitude towards it was kind of well, yeah, we have a solution thatbacks up our data were good, but now with how sophisticated ransomware hasbecome and how frequent the attacks are, not only happening, but changing andand really evolving into becoming more of an issue to deal with that oldbackup methods really aren't secure enough to keep your data protectedfolks really need to consider what they're doing with their backups andand their data protection strategy so that it's modernized to handle thesethese new threats, you know, they need solution or backup solutions that workwith things like immutable storage so that their backups cannot becompromised. They need to have backup solutions that have some level ofability to do things like threat detection or audit access to the backupsystems so that we can have better controls about who's accessing ourbackup information restricting access right role based access, so that we canbring more folks into the backup process to help provide some efficiencyand optimization, but at the same time make sure that they can't access thecertain things that we don't want them to access. So, you know, folks who havea backup solution in place today, you know, in a year from now, maybe lookingto switch vendors or look for other other solutions within the vendors thatthey're utilizing, They provide these this functionality so that they reallydo have a strong protection plan and they're making sure that whenransomware does get in because like we talked about earlier, it's really amanager of when we can recover and we can recover quickly and they need to gowith vendors that have a really good track record hint, hint and gus youbrought up a good point. But you know, I think, you know, as we see a lot ofthese regulatory acts as far as how your data is handled, the finesassociated with these are, I guess let's call it motivating um, you know,customers to properly, you know, make sure everything's in check because, youknow, go online, you'll see some of the bigger organizations, you know, likefacebook getting hit with some of these fines and they're they're not cheap. SoI I think this is sort of putting in perspective and sort of exposing anissue where personal information now is starting to try to be handled a bitbetter and and sort of locking down your infrastructure, you mean meta.Right. My facebook Exactly, exactly.

We're going to take on Well that's areally great point jeremy especially when you factor in how much data growthis going to happen, not only just the next year, the next five years I talkedto customers a lot and one of the biggest challenges they have is isauditing their data right. So they may have tools in place that they can pullall the data that they need to do an audit but they don't have the righttools to to really sift through that data to see, not even just from acompliance standpoint, but like a business efficiency standpoint, right?You know, is everything have business value. Am I holding onto the rightthings. Am I getting rid of the right stuff? Are my storing everything asefficiently as possible. So these are these are all considerations thatmoving forward as data grows, you know, protection is a huge piece of it. Butsmart insights and audit capabilities into data and making decisions about itconsistently are going to be really important to be competitive. Yeah. Andjust to sort of finalize on that and I swear I'll be quite after that. But youknow, you brought up a good point that reminded me also that now we'restarting to see specific insurance associated to ransomware. So weactually see customers now that are trying to get ransomware insurance incase they're hit with ransomware and a lot of these analytics and havingdeeper visibility of your infrastructure to show to the insurancecompany stating that, you know, this is how we're sort of securing our data anda full report. This helps reduce that insurance. Um, so this is another topicthat you know, that I've actually seen come up a few times now in the last fewmonths. So you know, another thing that might come up, but I mean these are allsort of directing towards obviously having a better picture, a better planof your environment in a ransomware protection for sure. There might be aninteresting podcast in the future. Absolutely. Well, if our listeners wantto find out more about what we talked about today, how can they reach out?Sure. Well, you know, if they'd like to reach out to me uh Gus Ionela at ingrammicro dot com, I'd be happy to to provide them some more information,jeremy and I work very closely together, you know, him being on the veritas side,me being internal to ingram. So yeah, we can provide any information onspecific solutions. You know, even if if partners just want to talkconceptually right now about how they can build or play or strategy to helptheir customers with these types of challenges. Be happy to assist. Yeah.And on my end uh you know, if anyone needs me from my side as well, it'sjeremy dot snow at veritas dot com. But you know, I just mentioned we workclosely together so you get a hold of one of us will be happy to jump on acall and have a nice discussion on this fantastic stuff, Jeremy and Gus, thankyou so much for joining me. Thanks for having us. Thank thank you for havingus and thank you listeners for tuning in and subscribing to B two B tech talkwith ingram Micro if you like this episode or have a question, please jointhe discussion on twitter with the hashtag B two B tech talk. Until nexttime I'm Shelby skirt hawk. You've been...

...listening to B two B tech talk withingram Micro. This episode was sponsored by ingram Micro's. ImagineNext B two B Tech talk is a joint production with sweet fish Media andAnger Micro. To not miss an episode. Subscribe today to your favoritepodcast platform. Mhm.

In-Stream Audio Search


Search across all episodes within this podcast

Episodes (352)