Just recently, one of my customers—a large K-12 School District—was hit by a major ransomware breach. Just how major was it? The breach was so major that the whole (and I really mean the WHOLE) data center was inoperable. Primary data and backup data was encrypted beyond usability. Management systems of production devices and the backup application systems were compromised beyond recoverability. Active Directory and authentication capabilities were locked out. The result was that the data center became a bunch of bare-metal hardware with blinking lights.
IT and school district management personnel were left holding the bag, and they likely had visions of the unemployment line circling in their minds. The feeling is just as severe as if you were hit with a natural disaster and lost all your belongings. The situation was grim, and they were left wondering where they could begin to pick up the pieces.
A couple weeks prior, I conducted a Data Center Resiliency Workshop. The district scored well on Compute, Storage, and Virtualization—but Data Security, Data Protection, Disaster Recovery were at basement levels. The report came as no surprise to the district, as it understood the limitations of what it had. The workshop was a way to document the risks and roadmap the priorities and improvements. We all recognized that the needs were extremely urgent, but as we all know, major improvements don’t happen overnight or in a couple of weeks. Nevertheless, the district agreed to put together an immediate plan of action, fix the low hanging fruit, and continue to work through the long-term solutions. For us at ConvergeOne, it was a testament to the fact that the workshop does bring a lot of value to the customer.
A few weeks later, the unthinkable happened. Well, not really unthinkable—the situation was a ticking time bomb, but we didn’t think an incident would happen so soon. Many cybersecurity engagements that ConvergeOne works with customers on look at the perimeter and internal measures to combat malicious intrusions and breaches—from firewalls, IDS/IPS, identity engines, multi-factor authentications, anti-virus, and so on. All great proactive security postures.
However, one thing that needs to be part of that discussion (but sometimes goes is ignored) is data protection/data recoverability. I consider data security as the first line of defense and data protection as the last line (or, the data of last resort). However, in the example we’re discussing in this blog post, the breach was a step ahead of the customer’s data center security and data protection situation. If you think about it, the party responsible for the evil deed was more strategic in its methods than the school’s IT department. The perpetrators were looking at the big picture more holistically than the victim.
With the help of ConvergeOne, the school district is on its way to rebuilding—rather than recovering—from scratch. We are engaging in several discussions around not only securing the first line of defense, but also designing a robust data protection plan to protect the data so even if the backups were compromised, there is a secondary air-gapped copy of the backups as a last line of defense. This will allow recoverability in the worst-case apocalypse scenario in the data center.
The truth of the matter is that your data security strategy has to keep up and stay ahead of the bad guys. Most importantly, data protection has to be part of that discussion. IT organizations cannot move forward with a one-legged strategy and expect to be able to run without stumbling eventually. You need a holistic approach to fending off the bad guys, because we already know those evil dudes attack at all sides.
Is your organization prepared for
a ransomware attack?
By the end of 2019, the global impact of ransomware is estimated to be over $11 Billion, with a business attack occurring every 14 seconds. Organizations of all sizes are looking at proactive approaches to avoid, detect, contain, and remediate ransomware in case of an attack. The ConvergeOne Ransomware Readiness Workshop focuses on your organization’s readiness to handle a ransomware attack.
Topics: Data Center
