As we all know too well, the incidence of ransomware attacks is on the rise. With conservative projections that a ransomware attack happens every eleven seconds, it truly is a matter of if, not when. And, the organizations that face attacks run the gamut from healthcare to service provider to consumer to enterprise IT. Most recently, Ferrara, a Chicago-based candy manufacturer best known for producing all-time favorites like Atomic Fireballs, Everlasting Gobstoppers, Nerds, Pixy Stix, Red Hots and SweeTarts was only able to resume limited production for orders for Halloween after ransomware hackers encrypted its systems.
We spoke to Jerome Wendt, Founder and Principal at DCIG, to learn more about ransomware, recovery and the role that initiatives such as R-Score can play in helping companies better prepare. DCIG is a leading independent analyst firm that focuses on enterprise class technologies from on-premises to the public cloud and everywhere in between.
Q: What makes initiatives like R-Score interesting?
JW: In my work as an analyst, I get press releases from multiple companies saying, “There’s a new threat. Here’s another threat. Here’s something else you need to be aware of.” The number of threats keep coming and it can be daunting to think where to start. The first question to answer is knowing where do you begin to make sure you are prepared in your infrastructure. Yes, I understand ransomware is a threat. But where should I begin? No one has piles of money sitting around looking to shore everything up all at once. So knowing where to prioritize, where to put money and resources and where to get the most bang for the money you need to spend is critically important. That is no easy task with many companies. That’s where R-Score comes in. It helps to give you a good starting point of where you are at and how best to understand your needs within your environment. If, for example, you score a 995, you’re going to feel pretty good that you have everything under control. However, if your score is a 675 then you know you have some work to do. You may need to take action quicker and it helps give you a sense of how quickly you need to be prepared to respond.
Q: Where do you see applicability for R-Score?
JW: It’s applicable across industry segments and any organization that wants to get a handle on where they stand vis-à-vis a ransomware attack. It’s applicable for organizations looking to see where to start to organizations that want to assess where they are today and need to go in future. Perhaps an organization does not have the budget or resources for high paid consultants, well now they have a service that can help them better understand what to do. I feel most government and educational institutions are frequently the most targeted as well as hospitals. They may tend to run lean on IT staff or a fleet of young IT staff to sort through the problem. Like I said in the independent assessment of R-Score, you can get a pretty quick read on where things stand by taking the initial survey in 15 minutes. If you’re interested in a deeper dive, there’s a more involved assessment available as a free consult that I would encourage companies to consider.
Q: We know you do a significant amount of work in the industry, and you work with a number of companies across the data protection spectrum, enterprise and storage IT to name a few. Also, as a former end user at a large financial services organization, you know the end user experience better than most. Why has ransomware become such an organizational imperative?
JW: For a while now, it has seemed as if solutions like backup are a solution looking for a specific problem. It's not that people did not need backup. You have human error. People delete information by mistake. Or, you may have something like a natural disaster. But natural disasters tend to happen so infrequently. Ransomware changes that. I started looking at ransomware and its implications for IT a few years ago. I spent time researching ransomware really carefully and I looked at how often it occurred and how many companies were experiencing it. At the time, it may have been one in three companies were experiencing a ransomware attack of some sort. Even then, if you start projecting those statistics out over time, you are looking at every company facing an attack within three to four years. It’s true. it's not a matter of if you will be affected by ransomware, it's a matter of when. You just can’t ignore it anymore. That is a huge shift in the industry. And, this all has real world implications. I just finished research on VMware backup solutions. There’s a significant emphasis now on solutions that handle instant recovery and data immutability. Five years ago, instant recovery was kind of talked about in passing. And, immutability was not even on the radar screen. Now they're the top two features every company talks about in their latest releases. The reason they’re focusing on these features is that their customers are telling them if you don't deliver a way to address these issues, how we can recover from and how we can protect your data from ransomware, we will find solutions that can address this. It’s more than just features and functions though. You need to understand what you need to do in the event of a ransomware attack and how prepared you are to recover from it. That’s where R-Score comes in.
Q: Besides ransomware, what else are you focused on at the moment?
JW: There are two areas in data protection I’m focused on at the moment. Kubernetes for one. If you look at the industry now, I'm hearing more and more how organizations are using containers, and everything is becoming serverless. That really is the way large enterprises seem to be going. I actually just started contracting with a company here in the Midwest, to help them basically develop the documentation for all their developers until they can really grow and transform their business in ways they couldn't even think about ten to fifteen years ago. They have decided to skip the whole virtualization phase, they're going right into Kubernetes. The other area is video surveillance. It has always been a core component of protecting one’s physical surroundings. But more companies want to derive additional value from their video surveillance data stores by better analyzing their video data. These analytics will likely create new opportunities for operational and security improvements, among others.