The Silent Cyber War

The Silent Cyber War

This is a reprint with permission from author John Humphrey, Principal X42 Ventures LLC.

The Silent Cyber War Has Begun

Overview

The silent cyber war has begun. Instead of battle lines being drawn in faraway lands, a silent war is being waged in cyber space every day. According to Dee Smith, CEO of Strategic Insight Group, we are in a new frontier in cyber warfare. This is not just geopolitically but between new sorts of actors, who have access to the weapons to hack and create real damage in the physical world. Smith says that the average American company is attacked 4 million times per year, or 7.6 times per minute. In the financial services arena, these institutions are attacked a billion times per year, or 1,920 times per minute. Finally, even the U.S. Post Office is under a constant barrage with more than 4 billion forays in 2016. Spilling over on the individual front, three CEOs I know were hit by ransom ware and were forced to pay in Bitcoin in order to get their data back. We are under assault and need to mobilize with strategies to prevent these penetrations, conduct forensic reviews when encountered, and provide for data recovery after we are violated. It is not a case of if, just when. The time to prepare is in the rear view mirror.

Prevention

The threat vectors are growing from hacktivists who are politically motivated, to cyber criminals who are financially propelled, to nation states and terrorist cells constantly on the prowl. Eighty-two percent of hacks are conducted by hacktivists, but they are only one percent effective. Cyber criminals using tools like ransomware represent fifteen to seventeen percent of attacks, and they are twenty percent effective. Finally, nation states are responsible for less than two percent of attacks, but they are effective ninety-eight percent of the time. So how do we protect ourselves? What is our first layer of defense? At the individual level, common sense and personal responsibility are your guides. Always use licensed software which is being updated with regularity. Hackers expose vulnerabilities in operating systems so pirated software is at high risk. Check your software updates every day. For those who work at home, implement a personal firewall and keep your machines off when not in use. Keep your passwords complicated and create a mental model for regularity of change. This is a pain, but it will serve you well. At the enterprise level, there is Global Data Sentinel (GDS) which has a public and private encrypted key schema that protects corporate data and documents with a proprietary technology. If data is hacked, stolen or compromised, GDS can revoke the encryption key and the data cannot be accessed. GDS even allows companies to secure data at the file level from employees who may try to take corporate information. Whether using good common sense and hygiene relative to our personal data or leveraging a tool like GDS, individuals and companies need to be prepared through a strong dose of prevention.

Forensics

When a breach does happen, an individual or a firm needs to have somebody to call. On the individual front, one needs to leverage tools like Lifelock or white labeled equivalents. At the corporate level, one needs individuals who do this for a living. Monitoring tools at the enterprise level need to be put in place to effectively prepare for a zero-day event. GDS has tools that allow monitoring inside the company, but also allows administrators and executives to determine exactly who is accessing data within the enterprise. SpearTip, headquartered in St. Louis, MO, provides cyber and counterintelligence services to companies from $100 million to one billion. A group steeped with military intelligence backgrounds, SpearTip provides security assessments, breach response and managed security monitoring. Whether responding to an immediate attack or placing monitoring agents within the enterprise, SpearTip can assist companies who desire to prepare for attack, who have recently been attacked, or who want continuous monitoring to prevent attack. Knowing who or what is attempting to steal or destroy your corporate data is critical to preventing catastrophe. If you don’t have forensic tools, it is difficult to recover and/or prevent these intrusions from happening. It is also impossible to prosecute bad actors in the judicial system without good evidence. Companies need partners who specialize in this type of work and SpearTip is a competent and vigilant firm.

Recovery

The last line of defense is data recovery. It happened. Your data is gone and you cannot restore. Individuals should keep multiple backups ranging from tools like carbonite, to drop box and external hard drives for each of your PCs. These are all low-cost solutions when faced with the prospect of losing your data. I have one friend who has a Mac that is not connected to the internet so if his data is compromised he has a backup hard drive and a machine from which to boot. Don’t be afraid to keep hard copies of account and passwords physically secured offsite so loved ones can access your life, if necessary. I know people who print quarterly statements and lock them in a fireproof safe. At the enterprise level, companies should move well beyond their traditional backups. With many companies leveraging cloud services from Amazon Web Services or Microsoft Azure, it is easy to be misled into thinking they are covered. Think again. Companies should have multiple levels of backups including physical offsite storage. Global Data Vault leverages data backup infrastructure from Veeam and provides a comprehensive data recovery strategy, including offsite tape storage. With the phenomenon that catastrophic loss of operating systems and data is now a reality, companies need physical, non-networked solutions to balance out a data- recovery strategy. Global Data Vault should be an arrow in your cyber protection quiver.

Conclusion

We live in a brave new world. As technology advances continue to flatten the world and improve our lives, we must be increasingly vigilant. The book Zero Day, by Mark Russinovich, is a fictional tale of how bad actors can create havoc in the physical world of companies, airplanes, power grids and governments. Not too long ago, it took nation states to declare war on one another and destroy infrastructure by military means. Today, the war is in cyber space and the potential to damage our physical world is real. Great emphasis is being placed on anti-virus software, however, these tools are only made to prevent known threats. We know new techniques are being created, deployed and implemented with disastrous results. Imagine a day when your data is destroyed, your operating system inoperable and your business unable to function, invoice or pay vendors and employees. This day is called zero day and it is not fear mongering to warn you to prepare. Start with these three areas: prevention, forensics and recovery and you will be well ahead of the rest of the world. I have had the opportunity to spend time with the CEOs of Global Data Sentinel, SpearTip and Global Data Vault; their tools, techniques and people are first rate. The war has begun and we must prepare.

John Humphrey is a principal at X42 Ventures. X42 Ventures works with mid-sized companies by providing digital strategies and technology platforms to speed the development of web, mobile and eCommerce solutions. www.x42ventures.com.

Global Data Sentinel empowers organizations to protect, share and manage their valuable data even after it leaves their possession. www.globaldatasentinel.com.

SpearTip is a Cyber Security and Counterintelligence Firm providing Incident Response, Penetration Testing and Managed Security Services. www.speartip.com.

Global Data Vault provides for all your DRaaS, cloud based Disaster Recovery and Veeam Cloud Connect and Veeam Replication needs. www.globaldatavault.com.

 

What is Veeam Backup

What is Veeam Backup

Backup and recovery solutions are vital to your organization, but backup solutions that used to work effectively may no longer do the trick in today’s ever-changing computing landscape, especially if your firm relies heavily on virtualization. Veeam backup offers backup and disaster recovery solutions that make an ideal fit in the virtual environment.

Backup Solutions That No Longer Work

Tape backup has been a longstanding solution.

Tape restores take far longer to complete when compared to a restore from disk – or the even faster alternative – using the backup as the primary. That’s not even possible with tape.

Tape solutions mean that finding the data always means finding the right tape. That’s time consuming and risky.

With tape there is the risk of obsolesce of the media when the tape software or drive gets upgraded.

Finally, tape solutions simply cannot provide the guaranteed availability that every modern business requires.

 

Enter Veeam for the Virtual World

Veeam works in the virtual environment by backing up virtual machine images instead of files, storing the images in a secure, central location. If disaster were to strike, the VM images could be rebooted nearly instantly, rapidly restoring the machines with a recovery time and point objectives of fewer than 15 minutes for all data and applications.

How Veeam Works
Veeam’s software runs through what is called a hypervisor, which is a layer of software that allows for multiple VMs to be run on a single, physical machine. Veeam’s first task is to take full backup of each virtual machine. It then subsequently uses caching and duplication elimination processes to only store new information in the VM images.

Veeam Benefits and Options

The Veeam Availability Suite provides five main capabilities. They are:

  • Rapid recovery: Choose exactly what you want to recover and how you want to recover it.
  • Avoidance of data loss: Near-continuous data protection coupled with streamlined recovery methods
  • Verified recoverability: Veeam stands by its ability to recover every application, file or virtual machine, with no exceptions.
  • High visibility: Receive alerts and enjoy continuous monitoring to become aware of issues before they can affect operations.

The Veeam Availability Suite combines two products into a single solution: Veeam Backup & Replication for restoring and replicating information and Veeam ONE for monitoring and reporting. A smaller version of the Veeam Availability Suite, known as Veeam Backup Essentials, is available for smaller businesses that may not need the suite’s full capabilities.

Headquartered in Switzerland with main offices in Ohio, France and Australia, Veeam was founded in 2006. It has since become the go-to backup and recovery solution for more than 183,000 customers across the globe.

 

Veeam backup

Global Data Vault at VeeamON 2015

Global Data Vault at VeeamON 2015

The team from Global Data Vault hit the strip in Las Vegas last week, exhibiting at the datacenter availability event, VeeamON 2015. VeeamON 2015 connects the world’s leading IT experts and visionaries to learn how to ensure Availability for the Modern Data Center™.

Global Data Vault served as an event sponsor of VeeamON 2015, hosting a booth to share how our Veeam Cloud Connect with full disaster recovery service differs from the competition: Our solution is fully-managed and monitored. We also offer an EZ Dash web portal view of your protection. Plus, our risk-free 30 day evaluation is a great way to test-drive our expertise – and then enjoy our simplified pricing based on the size of the VMs on your storage.

VeeamON wasn’t all business however. Embracing the Star Trek theme, VeeamON featured the legendary William Shatner as master of ceremonies at the closing event. We felt it only fitting to show our sense of humor by giving away these punny shirts.

veeamon-1

veeamon-2

 

 

Would you like to see highlights from VeeamON? Register for the recap here

 

 

 

Does Your Cloud Disaster Recovery Service Come with Hidden Fees?

Does Your Cloud Disaster Recovery Service Come with Hidden Fees?

When it comes to picking a cloud disaster recovery service provider, you can make an easy choice by simply picking the one with the lowest rates per GB, right? Not so fast. Even if a cloud disaster recovery provider quotes you mere cents on the dollar per GB, the provider may have a costly lineup of hidden fees that aren’t obvious until you get the bill. A few key questions can help you avoid these fees by choosing a provider that includes them.

Top 4 Questions to Uncover Hidden Fees

Are there additional fees for a recovery environment? A recovery environment is essential when your network goes down and you have no access to the usual resources that keep your business’s computers up and running. These include computing power, memory, storage and bandwidth, all things that are part of a virtual data center your cloud disaster recovery plan can provide. Your question is, however, does the provider include access to this virtual data center in the base cost or will you be charged an additional monthly fee and/or a per-use as the need arises?

Are there additional fees for your retention? Service providers can offer a fixed monthly price based on how long you need to retain your data, while others may adjust your rates and fees based on your data’s daily change rate. The daily change rate refers to the percentage of your data that’s expected to change on a daily basis, a rate that varies by industry, nature of the data and other factors.

If loads of data change on a regular basis, you may end up paying loads of extra fees to keep your backup up to date. This holds true even though it’s rare for businesses to need to recover its entire cache of backup data when recovery services are required.

Will you be charged additional fees for a failover event? In theory, cloud disaster recovery services were created to give you support, backup and access to resources you need in the event of a total disaster. In reality, service providers may charge additional fees if you ever need to take them up on those services.

Is the cost of local protection for fast, local restores included? Even if you’re paying a big-time monthly rate for big-time cloud disaster recovery services, you may be subjected to additional costs related to the local data storage or “repository” or “appliance” required to support fast local restores.

Suddenly the low cost per GB can add up to an astronomical amount of money if these four services aren’t included in your cloud disaster recovery plan. A Global Data Vault plan includes all of these services – and more. With no hidden costs, no vacillating calculations and no surprises if you actually need to use the services your plan was created to provide.

GDV makes it easy to pick a cloud disaster recovery provider by offering one lower monthly fee for everything. It doesn’t get much easier than that. Contact GDV today.

What is Cloud Disaster Recovery (Cloud DR)?

What is Cloud Disaster Recovery (Cloud DR)?

What It Cloud Disaster Recovery?

Often shortened to DR, disaster recovery is a plan put into place if a disaster hits. Cloud DR refers to a component in your disaster recovery plan that involves the use of a cloud environment.

The Cloud Component

The cloud component of a disaster recovery plan can involve various strategies that use a cloud environment.

  • Online or Cloud Backup: Using an online backup system lets you store copies of your data in an offsite data storage environment at regular intervals. You can choose which workstations and servers you want protected, perform an initial data load, and then use only incremental backups that keep your data current and secure.
  • Disaster Recovery Failover: Disaster recovery failover provides a cloud-based environment that is a complete rebuild of your infrastructure that sits ready if you should lose access to your primary IT infrastructure.

Benefits of Cloud DR

Using a cloud environment in your disaster recovery plan comes with a number of critical benefits:

  • Speed, with instant restore capabilities
  • Security, with an off-site, protected environment
  • Scalability, with the ability to grow your cloud solution right along with your business
  • Compatibility, with the ability to work with a number of different servers and systems

One more benefit of cloud DR is the overall low cost, especially when compared to other DR strategies. Cloud DR can be used in combination with other techniques to fully fortify your company and keep your data safe.

Related Resources:

 

WAN Acceleration for all Cloud Disaster Recovery Customers

WAN Acceleration for all Cloud Disaster Recovery Customers

Global Data Vault is adding “WAN Acceleration” for our customers with physical servers – we already provide this for virtual environments and the results have been terrific – in some cases data is now moving 50 times faster. So now we’re adding it for all of our Cloud Disaster Recovery customers.

WAN Acceleration for physical servers is important because it enables data transfers to our data centers at speeds ranging from 5 to 20 times faster than conventional transfers. Conventional transfers rarely take full advantage of available bandwidth because the methods used to check for errors and acknowledge clean data packet transmission are not optimal for moving large amounts of data. Our WAN acceleration tools solve this problem – and thus improve the speed at which data is moved into our secure data centers – all leading to greater quality and higher reliability for our customers’ disaster recovery capabilities.

This picture shows the WAN acceleration setup for virtual environments:

The keys to this improvement are in two factors:

1)     We keep track of data at a block level in a “global cache” and then simply do not resend data that is unchanged since the last backup and

2)     We implement a communications protocol that is far more efficient for moving large amounts of data over long distances over the WAN.

We view quality in terms of RTO’s and RPO’s, which unlike most businesses is very quantitative. WAN Acceleration allows us to restore to more recent points and with faster restore times, keeping our customer’s data more current in our data center and locally.