Index Engines On Why Cyber Resilience Has Become A Boardroom Issue

[00:00:00] And if you are listening and you're responsible for security or IT, you will know the reality that most of your risk now sits inside SaaS apps and browser activity. That gap is exactly what NordLayer is addressing with its new business browser. So instead of bolting security on from the outside, it builds it directly into the browser itself.

[00:00:22] This means you can control access, monitor activity, enforce policies and reduce shadow IT all from one single place. And most importantly, it does it without adding deployment headaches or complex onboarding. You get things like browser-based data loss prevention, SaaS access control and zero trust browsing, but delivered in a way that your team can actually use.

[00:00:46] So if you've been trying to simplify your stack while improving visibility, please check it out at nordlayer.com slash browser. What if the real cybersecurity question is no longer how do you stop every single attack, but how fast you can recover when one gets through?

[00:01:10] Now as ransomware becomes more and more aggressive, more automated and more business driven, resilience is now moving from just a technical concern to a leadership priority. So today I'm joined by Jim McGann. He's the CMO at Index Engines. And we'll talk about why cyber resilience now matters as much as prevention.

[00:01:34] And also why leaders need to think in terms of return on risk and why knowing that you have clean data could be the difference between a bad day and a business ending event. But enough from me. It's time for me to officially introduce you to Jim now. So a massive warm welcome to the show. Can you tell everyone listening a little about who you are and what you do?

[00:02:01] Hey, Neil. Thanks for having me today. My name is Jim McGann. I'm the chief marketing officer. I'm responsible for obviously marketing as well as strategic partnerships at Index Engines. We have a core product, which is CyberSense, which is in the cybersecurity space, which is front and center and near and dear to many people's hearts these days. With the activity that's happening out there.

[00:02:28] I've been with the company for quite a few years where we've seen our product evolve from really understanding enterprise data to really taking action on enterprise data to have confidence that it's good to know that you can recover and keep the business operational.

[00:02:47] And, you know, with bad actors, you know, lurking in your data center and for a lot of organizations, they're probably sitting in there today to be able to know that you can recover and that you have good data. So I think, you know, what we focus on in a nutshell basically is that less about stopping an attack and more about saying, I know where I have clean data. I know where I can recover and I can do this quickly and efficiently.

[00:03:16] And that's becoming, you know, the most critical component of cyber resiliency. And it feels this year that cyber attacks or cybersecurity have gone mainstream. I was watching an episode of The Pit recently and that took down an entire hospital for a shift, you know. And we've been talking about ransomware for so many years and even now ransomware attacks are becoming more aggressive, more targeted.

[00:03:40] So why do you think that conversation needs to shift from just pure prevention to maybe more resilience and recovery? You know, it's the old adage. It's like, why are they robbing the banks? It's like, that's where the money is, right? So, you know, I mean, unfortunately, organizations like health care, you know, education, those that really, they've done two things that are create a target on their back.

[00:04:07] They haven't invested enough in cybersecurity and security tools. Their budgets and IT are very lean and mean. But they've also embraced access, you know, internet access and access to their data center. So they're opening it up basically to their customers and their patients and so on, partners, but also to the bad actors.

[00:04:28] So there are, you know, there are countries allegedly, you know, Russia, you know, now Iran is in the mix thanks to what's going on. North Korea, China that have, are really supported by their countries and they make money and they, it's a successful business for them.

[00:04:55] So, you know, it's ramping up because it's not only been successful, but the biggest thing has been ransomware as a service. So lowering the bar and AI, combination of AI and ransomware as a service is lowering the threshold for anybody to get into the mix here.

[00:05:13] So if you're a non-technology person, you could call these organizations, which are formal companies that are ransomware as a service organizations and say, hey, I want to execute an attack against this healthcare provider or this retail organization or this manufacturing firm. And they will do all the heavy lifting for you. But also AI as well. I mean, you can go to AI today.

[00:05:39] AI, there's a lot of good about AI, but there's also the bad actors are leveraging it that you could build, you know, ransomware variants that are far more sophisticated than they have been in the past using these AI tools. So, you know, you can go and say, hey, this organization, I'm in their data center. I know they use XYZ for preventative tools. They use this for backup software. They use this for their production databases.

[00:06:06] Build me some, you know, ransomware variants that will circumvent, you know, that those tools and have the maximum impact. And that's what they're doing. So to answer your question is, you know, they're ramping up because the infrastructure and the technology is out there allowing them to do that. And you mentioned there those lean and mean IT budgets and that heavy focus on the return on investment of any tech project.

[00:06:32] Now, maybe it's because a few were burnt on those AI projects that didn't make it out of pilot phase. But you've introduced this idea of return on risk. So tell me more about that and how businesses should maybe think in practical terms when making those cybersecurity investment decisions. Well, it's kind of reframing the question, right?

[00:06:54] And I think our – and you speak to the infrastructure and IT folks and folks that are managing data center environments all the time. Their purchase decisions are based on ROI. You know, if I buy this storage, what is going to be my return on investment? If I buy these databases, if I buy this infrastructure, what is the return on investment? And those are the conversations you'll have with your leadership when they need to write a check.

[00:07:19] But if you flip that on its head and say it's less about the return on investment and the return on risk. Because if you are a healthcare organization or a financial services firm and they shut you down for a ransomware attack, it's not only the downtime, but it's the recovery cost, the reputational damage, the regulatory penalties.

[00:07:42] So I know in NMEA and there's DORA and there's other regulatory requirements and penalties that are associated with that. And lost customer trust. I mean, if you go to your hospital or healthcare organization and they leak all your medical records, you know, you're going to think twice about going back there. You're saying you can't protect my information and my privacy, so I'm not going to go back there.

[00:08:06] So, you know, the average cost and there's tons of different numbers for recovery can be in the millions. So if you're looking at the ROI for buying storage and saying, oh, this is cheaper than, you know, brand X, Y, and Z, that's a very tactical decision, right? But if you're looking at return on risk saying, hey, you know, I need to buy storage, but I'm going to buy this because it's more expensive, but it has cyber resiliency built in and allow me to recover.

[00:08:36] That's the way organizations need to think. It's a battle. It's a war out there. The bad actors are using nuclear ballistic weapons. And, you know, organizations need to say they need to ramp up and say, this is a risk situation that I need to control and participate with. And buy the right technology that's going to help me support that strategy.

[00:09:00] And we will have many people listening from organizations that maybe still treat ransomware as, hey, that's an IT issue. But what changes when boards start viewing it as a business continuity and operational risk? There's been a lot of changes over the years. A decade ago, maybe they struggled to see the value in what if kind of scenarios. But I think that's changed. But what do you see here?

[00:09:24] Well, you know, back even a few years ago, and it still happens today, you know, when you go into a meeting and if you've got the team that runs storage, the team that runs data protection, the team that runs security, and different aspects of, you know, the team that runs the data center. And I've been in meetings like that. Like, well, we don't really need to do introductions. You all obviously know each other. And it's like, no, we've never met. Okay.

[00:09:54] So, you know, what return on risk or what cyber resiliency strategies? And if you look at in the US, they've got the NIST framework, which is kind of a structure around this, is it collaborates and brings different teams together to work and collaborate on cyber resiliency.

[00:10:11] Because if you go in and if you talk to someone that's managing the storage or infrastructure and say, well, you know, if we have a ransomware attack, I'm just going to call the backup people, disaster recovery people, and tell them to recover. It's like, well, how do you know they have a clean copy of data? And, you know, if they're recovering, you know, a multi-day old Oracle database or SAP database, what's the impact on your business? And it's like, it's not my problem. It's their problem. It is your problem.

[00:10:39] I mean, everybody needs to contribute to this. And the companies that, you know, have the cyber resiliency strategies where all the stakeholders are brought together and everybody knows what they need to do in case of a ransomware attack and never takes ownership of it. We have a customer that's a very large city in the US and it's their transportation subway system, you know, and that's a high value target.

[00:11:03] And their, you know, folks, the person that's in their data center that's responsible for this in terms of cyber resiliency, he speaks to the board, you know, and the board asks those questions. And we do have customers where the board asks a question. It's a simple question. How quickly can we recover when we get attacked? And how do we know that what data was impacted and how do we know where the clean data is?

[00:11:31] And we constantly talk to customers that when those questions are asked, they don't have an easy answer for that. And they need to go to the board and say, we don't have an easy answer. And they need to be open and honest with the board and say, we don't have an answer, but we need to build one. And it needs to be funded. And a lot of our customers funding comes down from that level and they could throw money at the situation.

[00:11:56] But part of the cyber resiliency strategy is governance issues and regulatory issues. And that's the stuff that they're going to care about and reputation issues. So all the stuff that the board cares about is wrapped up in this. So, you know, we talked to folks and they're like, well, how do I get funding for this? It's like, we'll talk to your board. And if they don't, if your board doesn't understand this or care about it, then, you know, you're exposed, you know? So. Yeah.

[00:12:26] And I think we're seeing attackers more and more are actively targeting backup systems and even disable security tools in some ways. But how can companies be confident that their recovery data is actually clean and usable when they need it most? Because when it goes down and nobody can access that data, that's when people take it seriously. It's usually too late.

[00:12:48] Well, the flaw, I mean, the organizations that think that they have disaster recovery strategies in place and have been in place for decades, and that's good enough. The fatal flaw there is those were built for something like a fire or a flood or something that's going to, you know, physically wipe out a server or, you know, the networks in there and to recover from that. A cyber attack is very different.

[00:13:15] You know, they're specifically attacking data and locking your data down. So if you go and you use backup software to recover and you put a bunch of data back online, that data is going to be fine because no one's really touched with it or manipulated it or modified it. So you're like, well, let's just get that data back online and we're good. You know, the bad actors are going in and they're manipulating the databases, files, you know, so that they're not usable.

[00:13:41] And again, and a lot of them, as you mentioned earlier, are corrupting or deleting backups. Totally. We have one customer that he was at a previous organization and he got a multi-factor authentication message on his cell phone on Saturday morning saying, hey, you need to, you know, allow me to log in. He's like, that's weird. No one's in the data center who's doing this.

[00:14:06] So he got in his car, seven o'clock Saturday morning, drove to the data center and just looked and said, let me see if the backups are okay. They were gone. Gone. And then he's like, let me check servers. Servers were down. Everything was destroyed. He was almost in tears talking about the situation, but he said the next 33 days were the worst days of my life. I spent the entire time at work rebuilding. I mean, rebuilding Active Directory, rebuilding the network infrastructure, finding the last good copy of clean data.

[00:14:36] So, you know, he moved over to a new organization. They had a resiliency strategy that they put in one of our partner solutions, the Dell Cyber Recovery Vault with our CyberSense product. He gets an email every morning that says, hey, the data scan is validated. It's clean. It's good for recovery. And he goes about his day and he's like, I have confidence. I have clean data. So backup doesn't do that. Or, you know, the infrastructure that's in place doesn't do that today and validate the integrity of your data.

[00:15:03] And that's what needs to happen to know that you have confidence that you've got clean content and can recover. Right. Incredibly grateful to the team at Denodo for backing the Tech Talks network and helping us produce over 60 interviews a month. And if you are looking for better ROI from your lake house, this message is going to be worth hearing. Because Denodo helps reduce complexity, control costs and accelerate time to insight.

[00:15:33] And it does that by connecting all of your data sources in real time. So make your lake house work harder with Denodo. And you can do that by simply visiting denodo.com. Yeah. And you mentioned the CyberSense product there. I was reading a little about this before you joined me on the call today. And I was reading how it's built around detecting data corruption with an incredibly high level of accuracy.

[00:15:56] But I'm curious, what are the common blind spots organizations typically have when it comes to validating data integrity? Well, it's a complex job. We know we've been doing it for a number of years. And back in the day, way back five years ago, the bad actors were using these bulk force, bulk encryption algorithms that would just encrypt data randomly throughout the data center. And it would be very easy to detect.

[00:16:25] You know, if all your server was encrypted, you know, you would see that. Now what they're doing is they're doing, you know, byte level encryption inside files enough to manipulate it and make it unusable, but not enough to be easily detected. You know, so I mean, some of the tools I use, others use to detect it is looking at changes in like compression rates. So if it's highly encrypted, the compression rates change dramatically.

[00:16:55] Or looking at threshold changes where there's a, you know, increased number of files that have been deleted or added and so on. The bad actors know that that's what they look for. So they work around that stuff. So what we've done is we've embraced AI for many, many years where we actually have a detonation lab, which is isolated, obviously, where we download all the latest ransomware variants that are on the market.

[00:17:23] And there's thousands every day. They're not brand new ones. They're changes of names and changes of encryption algorithms or, you know, modifications. So thousands every day, they're detonated in the lab automatically. And then we test our algorithm to make sure that that type of corruption is detected. So even if it's very stealth, you know, hidden inside of a file or hidden inside a database. And we've had that validated at 99.99% confidence.

[00:17:50] And I think what we learned early on is the only way to fight the bad actors is to study what they're doing. It's like if you're, you know, if you're looking at a, you know, if you're in the finals of a football championship, you know, what you're going to do is you're going to study what the bad actor, what the competition is doing and see what they do. And that's what we're doing with our tools is we're studying exactly what the bad actors are doing every day.

[00:18:16] And if it changes, then we could use AI to update machine learning algorithms and so on so that customers have that level of confidence. And I think if you're making purchases, you know, having SLAs and there's been SLAs on storage and, you know, the 4.9s, 5.9s, 10.9s, whatever it is, to have SLAs around ransomware recovery is where the industry is changing. And that's why we're doing, you know, costly testing.

[00:18:42] And I think we should highlight here that there are very real world consequences from what we're talking about, whether it be revenue loss to disruption of critical services. So maybe to bring that to life, can you share how cyber resilience directly impacts business outcomes beyond just security metrics? I'm sure you've got a long list of tales or war stories from your time in the field there, but anything you could share?

[00:19:07] Yeah, I mean, securing data is something that, again, does get to board level and executive levels. You know, it's a risk and it's a liability, you know, especially if you're certain industries, you know, in healthcare, obviously, in financial services, even in manufacturing. I think organizations really need to understand at the senior executive level how advanced these bad actors have become.

[00:19:37] And again, the war stories, some of them can't be shared, but they'll make your toes curl. You know, there was, you know, an example of what's happening now is with the deep fakes is, you know, a organization. I will mention who they are, but the CEO is getting messages from the CFO saying, I need money transferred, which is, was normal business practice.

[00:20:05] But it seemed a little bit strange the way that they were communicating. So he said, let's get online on a video chat and discuss this, right? Went online, CFO was there talking to the CFO, voice, base, everything was fine. Wasn't him. It was a deep fake, you know, and that's, that's possible. And the fact, I think organizations need to understand that they're already in your data center.

[00:20:32] I think protection and trying to keep bad actors out is an admirable task, but you have to assume that it's, it's going to fail. You know, the MGM grand attack in Vegas was gotten through a help desk, you know, so they manipulated the IT help desk to give them the admin password for the network. You know, there's no security tools in the world that are going to stop that. That's, that's human behavior. They're, they're smart.

[00:21:01] Another horrible case study is a customer that was attacked. The first thing they do is they have a team meeting with their insurance company, with all the recovery people. There was like dozens of people on this meeting. There was a zoom meeting and they went down and did introductions. And there was a person on there like, who is that? It was the bad actor trying to understand how they're going to recovery on the, on the meeting about recovery. And they're like, so, you know, honestly, it's, it is a war zone out there.

[00:21:31] It's not getting any better. You know, ransomware as a service. AI is, is turbo charging the, this whole industry and customers aren't prepared. I mean, they're running old software. They're not patching it correctly. They're having open access through open networks. It's, it's, it's, I'm not saying it's easy for them, but it's, they're not making it difficult to get in.

[00:21:55] So I think, you know, not giving up on the preventative stuff, but focusing on the data and the integrity of the data is something that boards understand and senior executives understand. And when you ask those questions is like, how quickly can you recover? Oh, we have backup software. It's like, how do you know that data is good? Uh, I assume it's good. It's like, that's not a great strategy here. You need to validate integrity and make sure you have a clean copy so you can get back in production as quickly as possible. Right.

[00:22:26] Wow. So many great examples there. And I think it's so important to share because I think very often we see stories like this on our newsfeed or an item on the news and you think, oh, wow, that's scary. Well, Hey, it wouldn't happen in my organization, but that, that very real situation. I have a CEO thinking he's talking to his CFO and can see, see him looking at his eyes, but it is a deep fake. It's very real, isn't it? Very real. And I think if, if you're in an organization where they say it won't happen to us, you know, hope is not a strategy as you know.

[00:22:56] So, I mean, it will. And I think, you know, these, these folks are rummaging around looking for entry points and, you know, if you provide them access, they're going to go. And, and, you know, they're not going to, they're not going to ignore the small players. I mean, we see attacks at small educational, small school systems, small regional governments, the folks that haven't invested in, in the technology that they need to.

[00:23:21] And these folks know it's an easy win for them, whether it be, you know, a $50 million ransom or whether it be, you know, $50 million ransom. They know another, another story is that when they're in there, they've, they've, they find cyber insurance policies. They'll find it. They'll know how much they're insured for in terms of cyber. And that's what they're going to ask for in terms of the ransom. They're not, they're not stupid. They're very well educated. They spend 24 seven just building strategies to do this.

[00:23:48] And if organizations aren't spending that same amount of time and using the same types of technology that they are, they can continue to be vulnerable. Right. Wow. And for organizations that are still focused on just keeping the bad guys out, keeping those attackers off the network, what is the first step that they should take today? Maybe to create a strategy that assumes compromise and then ensures that they can recover quickly because as you said, just, just hoping or just, we will keep the bad guys out is not enough anymore.

[00:24:17] Is it? Yeah. There's a number of organizations that have just lots of information on that. I mentioned in the U S there's the, um, the, the, the NIST and cybersecurity NIST framework. It talks about the different, you know, five, not a six with, with, uh, governance added phases and workbooks and strategies. So there's, there's a lot of great information out there that, that organizations can provide that, that'll help them build a strategy.

[00:24:45] But I think if, if you're not getting the support at the senior levels and, and having conversations, like you mentioned at board levels or CXO levels about this, um, about recovery and what's going to happen. Um, then, you know, then you, you know, you're, you're going to struggle. And when you do get it, when you do get attacked and it, you know, people say it's not if it's when, right. When you do get attacked, just be prepared to live and breathe a recovery process.

[00:25:13] I mean, ask the question, what will it take to recover active directory? And what will it take to recover the network infrastructure? We have customers that just are in such fear of this, that if they get attacked, they'll just wipe out every server, every desktop, every laptop, and buy new ones. Cause they're just worried that they're infected. Um, and it's, it's, um, you know, multi, multi week or multi month. You saw, I mean, um, Marks and Spencer, you know, retail organization was attacked.

[00:25:42] They couldn't take orders, you know, and that shuts their business down. And then also they were down for, for months. They were not fully back for months. And that's, you know, what is the impact? You know, if you ask a simple question is what happens if we're down for five days or 10 days or 20 or a month, what does that mean to the business? And I've heard from organizations, you know, fortune 500 organizations saying that if they're down for five days, they're out of business.

[00:26:10] You know, so, you know, those are, nobody wants to have those conversations, but those are the ones that need to happen. Right. Yeah. And I think it's a powerful moment to finish on. And for anyone listening though, that wants to continue the conversation with you, learn more about index engines, the cyber sense product that we mentioned there, or just keep up to speed with some of the announcements that are coming out there from what you're the work you're doing. Where would you like me to point everyone listening? Sure. Yeah. I mean, our website is index engines.com. Um, our product cyber sense.

[00:26:40] We integrate with the, um, enterprise storage environment Dell, um, in both their cyber recovery bolt, which is linked. To their data protection products, um, as well as their production storage, which will be, uh, being launched soon at the Dell technology world coming up in May this year. Um, we're partnered with IBM and their flash storage. Um, so the idea is when customers acquire storage platform, cyber sense is built in.

[00:27:09] So it's kind of an insurance policy that's built in. Uh, we're partnered with, um, Hitachi and partnered with, um, Infinidat, which was just acquired by Lenovo. So all the major storage players out there, um, you can buy storage from them that has cyber sense built in. And again, it's kind of like, uh, the Intel inside of knowing that your data has integrity and that you can recover. And a lot of our partners have these cyber resiliency guarantees built in.

[00:27:35] And, and that's the decision we started talking about return on risk to circle back is that's the questions they need to ask is what's your guarantees or resiliency strategies here when you buy these storage platforms. So index engines.com is where you find us. There's links to our partner sites on there as well. Well, I think the message there is clear boards and executives who treat ransomware as almost a core business continuity risk focus on return on risk, not a one-off IT project.

[00:28:04] They're the ones that will come out ahead. I'll include links to everything that you mentioned. Now encourage people listening to check you guys out and see if you're at the events as well. Be great to get some face to face time, but just a big thank you for shining a light on this today. Really appreciate your time. I appreciate the time. Neil was good conversation. If today's conversation proved anything, I think it's that backup alone is no longer enough.

[00:28:28] And in a world of ransomware as a service, deep fakes and attackers who actively target recovery systems, confidence in clean data has become a business survival issue. And please, if you remember one thing from this episode, remember that story of the CEO talking to his CFO or assuming he was, but it was a deep fake. He sounded the same. He looked the same. It was a video.

[00:28:55] These are very real threats that we're seeing out there now, not just a rare story on our news feed. And a big thank you to Jim McGann from Index Engines for joining me on the Business of Cyber Security podcast. And for everyone listening, ask yourself if your organization was hit tomorrow, they are in the system, they are on the network. Could you say with confidence exactly where your clean data lives? And how quickly could you recover?

[00:29:22] Have a think about that and let me know what you've got in place too. I'd love to hear from you all. TechTalksNetwork.com. You can leave me an audio message there or send me a DM. Plus this 4,000 interviews. There's plenty of insights from experts all around the world. So that is it for today. I'll be back again real soon waiting in your podcast feeds with another episode. But until then, thank you for listening and I'll speak to you soon. Bye for now.