While backup and recovery products are important, organizations should be looking to go steps further to stay safe in the face of cyberthreats. A Unitrends GM provides details.
Cyberattacks are growing fast and getting more sophisticated. For optimal data protection, every business, from SMBs to the enterprise, needs to be thinking beyond simply cybersecurity.
"The idea that one could do something on the front end to prevent [cybercrime] 100% of the time is a fallacy," said Mike Sanders, general manager of Unitrends, a backup and recovery vendor based in Burlington, Mass. "And that's where backup and [disaster recovery] comes in."
But just having backup and recovery tools is not enough. Testing them is critical for confidence.
"Backup's great. Putting the data on a disk, putting the data in the cloud, all that stuff is fantastic," Sanders said in a podcast with SearchDataBackup. "But if you're not testing the recovery and making sure that you can get access to that data again, then it's all useless."
And what about new kinds of ransomware that can infect your backup and recovery tools? You better be testing and prepared for that unfortunate trend.
Unitrends has a major focus on data protection against cyberthreats, Sanders said. While it's common to think of natural disasters when it comes to disaster recovery, organizations should have cyber top of mind as well.
Mike SandersGeneral manager, Unitrends
"We're also able to tell if devices get ransomware, and give alerts and ensure that the backups aren't affected," Sanders said.
The recent Unitrends Compliance Manager and Unitrends Security Manager are geared to go beyond basic backup and recovery tools. Unitrends also just launched a Cloud Backup product for remote devices.
In the last year and a half, IT management provider Kaseya acquired both Unitrends and cloud-to-cloud backup vendor Spanning.
"We're really able to cover the gamut of what a company would need from a backup perspective," Sanders said.
Kaseya also provides remote monitoring and management (RMM), endpoint management, and network monitoring and management.
To learn more about Unitrends' integration with Kaseya, how to handle the question of paying a ransom to get data back, and other best practices for backup and recovery tools, listen to the podcast above and read the transcript below.
Editor's note: The following transcript has been edited for clarity and condensed.
Frequently there's a major data breach or cyberattack making news today, whether it's accidental or intentional. How can organizations stay ahead of these cyberthreats, specifically regarding their backup and recovery plans?
Mike Sanders: From a backup perspective, we are the last line of defense against that type of attack. There are a couple of different aspects. You get a lot of insider threats where people either willingly or unwittingly release data into the world. But where we see a lot of focus on the DR side is on ransomware, where there's actually data destruction.
There's still a lot of misconception around ransomware. There's this idea that malware, ransomware and these different destructive styles of attack are executed by individuals. And that's really no longer the case. If we look at cybercrime today, it's the fastest growing and it's certainly the largest form of crime. It actually outpaces marijuana, cocaine and heroin at about $3 trillion. So it's a massive, massive business today already. As a result, those hacks are just getting more and more sophisticated.
So the idea that an organization could do something on the front end to prevent it 100% of the time is a fallacy. And that's where backup and DR comes in because there are just so many examples even recently of large and small companies getting taken down by it. In fact, I think the threats are probably larger on the SMB side.
One thing we hear sometimes is that smaller companies -- if the ransom request isn't a huge amount -- will often pay to get their data back, just to get it over and finished. What do you think about that response versus falling back on your backup and recovery tools?
Sanders: If we look at the different types of attacks that have happened over the years -- for example WannaCry, which made ransomware a household name -- they focused on enterprises. But there were a couple of issues that made WannaCry unsuccessful. Somebody was able to find a kill switch relatively early. It was just a mistake on their part. They used one Bitcoin address and nobody could really feel confident that when they paid, they'd be able to track it.
But the real issue that made them so unsuccessful was [how they went after enterprises]. If you look at the amount of dollars that they made compared to other ransomware attacks that were similar, the estimate's about $120,000, as opposed to something like Cryptolocker that's done $3 million or potentially more. And the reason for that is, when you go after enterprises, they have backups and they actually test their backups. They do the things that are necessary on an ongoing basis to feel confident that they're going to be able to recover in a timely fashion and that the data is there.
I would say probably north of 75% of SMBs don't have a BC/DR plan. When they get attacked, they really don't have a choice but to pay. And the other 25%, they're probably not really confident in their plans. From what we've seen, of the ones that do have it, about 50% of those do not feel confident or did not have the expected result when they went to use their recovery plan.
This all comes down to testing. Backup is great. Putting the data on a disk, putting the data in the cloud, all that stuff is fantastic, but if you're not testing the recovery and making sure that you can get access to that data again, then it's all useless. When the clock is ticking and you have to make a decision, you're not going to risk it. You're going to pay. That's what we're seeing with the SMBs. The reality of it is, when we surveyed our managed service provider (MSP) customers, we found out that about 42% of the MSPs' clients were paying the ransoms. And even at that rate, 25% of them didn't get their data back. So paying still isn't a sure thing.
What are some best practices for testing, for SMBs and the enterprise?
Sanders: The best practices should be very similar. In our product line, we look at something that can do automated testing of the different applications that you're backing up. There are some systems out there in the world that will do screenshot verification and things like that. We can do that too but the reality of it is, if I have a SQL server, and I have all of my critical data on that SQL server, and I boot it up, and I'm showing a login screen, and I send a screenshot of that login screen, I know the server can boot to a login screen but it doesn't tell me anything about the sanctity of the data behind there.
So being able to actually go in there, run SQL queries, test the results and make sure that the critical data is available, that should be table stakes. You should be doing that for all of your backups. The issue with that, obviously, is cost. So you need a system that can automate that process. By using that automation, you can bring down the cost so it's something that you could do on a nightly basis, if you wanted to. That way, if you ever do get hit with something like a ransomware or some sort of destructive behavior where somebody gets in and they destroy your data, you've got the faith that you've got a recent successful test that actually shows that you have the things that matter to you. The data that actually matters to you came back.
We've talked about ransomware. We've mentioned data breaches. What do you think is the next wave of cyberthreat and what can organizations do regarding their backup and recovery tools there?
Sanders: I'm not a crypto expert but with the decline in the value of cryptos, I would imagine we're going to see a focus on other things. What we have started to see in the marketplace that is really scary is a focus on the backups themselves. So cybercriminals, knowing that going in and destroying the data from individual machines, especially on the enterprise side, is not enough, they're looking to rotate their attack vectors to the backups as well because if they can get both, then they're back in the game.
Something like WannaCry -- which, again, wasn't super successful because of its focus on enterprise -- would've been incredibly successful if they were able to bypass the defenses of the backup and corrupt those as well. So it's going to be really important that backup platforms can stand up to that.
Backup vendors Unitrends and Spanning are both Kaseya companies now. For Unitrends, it's been a little over a year since the acquisition. How would you say things are shaking out at this point? Are they much different from before?
Sanders: From what I'm seeing, there are a lot of good things coming from this. We're working through the different products with Unitrends Compliance Manager and Unitrends Security Manager, which are rapid-fire tools also owned by Kaseya. We're seeing a lot of use between those different things to bring a lot of value to our client base.
With Kaseya's vision of IT Complete, the idea is that the person who makes the decision on what RMM a company's going to use, and the person who makes the decision on a backup product for an SMB, typically are going to be the same person. So bringing them a bunch of different tools that are integrated in a meaningful way … is really resonating with clients and has been resonating inside the Kaseya user base for a long time.
The users of Kaseya have decided that having something in a single pane of glass is what's critical for them. And that's why they've made the decision to purchase an RMM that has the kind of breadth that Kaseya has. Bringing other products that tie in directly to that same multifunction user or multifunction administrator is something that, again, has been really well received and is something that we're going to continue to drive to as a business.
We wrote last year about the Done Deal Program that provides MSPs using Unitrends with a guaranteed new paying customer. Has that generated many sales at this point?
Sanders: It's generated a bunch of sales. We launched that towards the end of last year so it's still a relatively new program for us, but we are super excited about it. Right now, I think it's better than it's ever been. We have a bunch of Done Deals that have been fulfilled but we have a continuously better process around it. We're starting to hit an even quicker stride in that particular arena. And it just totally matches with the way that we do business as Unitrends.
For us, it makes all the sense in the world. We would love to have MSPs working together with us on those Done Deal transactions because it means that we have a company that actively uses our product and is an expert in our product in that sale with us, and working together with the SMB that's looking to potentially purchase. It's a different story when you're working with a company that hasn't ever walked a mile in the shoes of using the product to actually deliver backup. In these cases, we're able to work together with these MSPs who are servicing maybe 50 to 100 endpoints with the product already. They've seen a pretty broad spectrum of what's out there and they can really bring a lot of expertise to the table.
What do you think data protection customers are in need of most at this time?
Sanders: The number one issue is the inability to do the different types of backup that users want to do in one place. We talked to so many companies that are using a bunch of different technologies to meet their backup needs. They're using one company for cloud-to-cloud. They're using another one for their roaming. They're using another one for their applications. They're using another one potentially for physical versus virtual, public cloud versus what they have in their server closet. I think that there is a real opportunity and I think we're probably the closest to realizing it, to bringing all that together in a single platform.