Hit by Cyberattack? Don't Be Afraid to Ask for Help
When you've been hit, insurance companies won't be eager to help. ISPs usually are, though.
Enterprises hit by ransomware or other cyberattacks probably feel like everyone is against them. Starting with the threat actors, of course. And ending with the insurance companies, who will pull out all stops to find a way not to reimburse victims.
They start up front, demanding that organizations follow specific practices regarding security, reporting and more. They require your systems be audited and pass every last metric. They require attestations, documentation and so on. If an organization is found to be out of compliance after an attack -- even if that compliance is insignificant and was in no way related to the attack -- it's out of luck.
But you can ask for help from one source and it will probably be granted, said cybersecurity experts Dave Kawula and John O'Neill Sr. in a recent online summit put on by Virtualization & Cloud Review.
That source? Your ISP.
Specifically, the experienced security experts who deal with this stuff on a regular basis said an ISP can -- and usually will -- boost your bandwidth to help you recover and keep recovery costs to a minimum.
The dynamic duo of cyberattack remediation were sharing their expertise and hands-on, in-the-trenches experience in this week's online summit titled "Enterprise Cloud Backup & Recovery in 2022 Summit," a three-part, half-day event. They were speaking about ISPs in the first session, "Top Trends in Cloud Backup & Recovery Heading into 2022," now available for on-demand viewing.
Kawula, managing principal consultant at TriCon Elite Consulting, offered the ISP advice while discussing how providers don't charge for data ingress (putting data into the cloud), but do charge ("boy, they will charge you!") for data egress -- pulling it back out.
"So in the event that we have to hit that big red button and we want to fail back over to production, there is a cost from a networking perspective to pull your data back out of the tenant," Kawula said. "And one of the big things here is that in the event of an emergency, let's say you did have to declare an emergency -- and I know, John, that we've had to go through this with customers before -- is where you know you're in that ransomware event, make sure that you're calling your ISP, your service provider, because there's quite likely a possibility that you could get a speed bump on your service with just a software switch, versus actually having to physically go bring out new hardware, routers, devices, things like that.
"There's quite likely a possibility that you could get a speed bump on your service with just a software switch, versus actually having to physically go bring out new hardware, routers, devices, things like that."
Dave Kawula, managing principal consultant, TriCon Elite Consulting
"And they'll temporary bump you up because like, 'Hey, I've caught an emergency, we've been a cyberattack here. And you know, we're in crisis mode, can you please bump our pipe from 100 meg to a gig link?' So last two times I've had to make that phone call, in less than 60 minutes I got the phone call back: 'Okay, try it now.' Sure enough: 10x of speed. 'How long can we keep it for?' 'Keep it for as long as you need, we're actually not even going to charge you for it, just get your business back up and running.' And I can't speak to [any specific] ISP as for what they would do -- it's just that's been the experience that we've had; they've been so helpful trying to get our businesses back online, John."
O'Neill Sr., chief technologist at AWS Solutions, agreed.
"Dave, absolutely," O'Neill Sr. replied. "And Thomas [summit attendee] put in, 'boy, they will charge you.' And my suggestion with that is develop in advance a great relationship with your ISP. Understand who your account executive is there. Talk to them, let them understand your business. Make them a partner, not just a vendor. You know, Dave, we've been involved in over two dozen events, just in the in the last six to eight months. And over 80 percent of those where we asked for a speed bump, we were able to get without any charge. And these are, in most cases, fiber connections, where they use an on-premise switch and a remote switch -- and they're just bandwidth limited at the ISP.
"Because we've had a relationship in most of those cases, they were like, 'Hey, we want to help you. We understand you've got enough stress going on. We don't want bandwidth to be a stress, here you go, we're gonna cover that.' And they were able to do that."
John O'Neill Sr., chief technologist, AWS Solutions
"And as we said, they you know, you call and have a conversation, and because we've had a relationship in most of those cases, they were like, 'Hey, we want to help you, we understand you've got enough stress going on, we don't want bandwidth to be a stress, here you go, we're gonna cover that.' And they were able to do that."
Of course, some ISPs may not be so accommodating, O'Neill Sr. warned. In that case, it's up to the organization to look at the total situation and determine if the costs to increase the bandwidth for speedier recovery are more than what it costs to be down for a specific time period.
"You can make a decision of whether it's worth it to pay for that. But, you know, we've been very, very blessed in that -- in the events where we've had to call and ask for it. They've been very forthcoming, and they haven't stuck us with big bills at the end."
The duo covered many more topics in their one-hour presentation, of course, and left the audience with some pro tips, which were fleshed out completely in the presentation:
- Do not store data in your backup targets in a folder with the word BACKUP in the path
- Protect your backup targets
- Install Advanced Persistent Threat Protection
- Enable threat protection in the cloud on storage accounts and data
- Stop increasing the footprint of local on-prem cold data
- Tier up to the cloud
- Scaling in the cloud is much easier than on-prem
- Remember supply chain issues
- Invest in your staff. Ensure that you are training your IT Staff on modern Backup and Recovery Procedure. These evolve and are not typically as static as traditional DR
There are benefits to attending such online summits live, though, including the ability for question-and-answer interaction with the presenters for specific situations. To that end, here are summits coming up this month:
David Ramel is an editor and writer for Converge360.