‹ All episodes

Cyber Crime Junkies

How To Plan For Ransomware

March 20, 2024 Cyber Crime Junkies-David Mauro Season 4 Episode 36
Cyber Crime Junkies
How To Plan For Ransomware
Info
Cyber Crime Junkies
How To Plan For Ransomware
Mar 20, 2024 Season 4 Episode 36
Cyber Crime Junkies-David Mauro

This episode includes cyber security leader, Chris Gardner a data security and recoverability expert with Rubrik (www.Rubrik.com) and we know it’s something cybercrime junkies will enjoy because it addresses the crux of cyber crime:  data protection and ransomware.

We dive into what to do after ransomware attack and how to plan up front so you can get your data back after ransomware.

Opinions of Chris are his own, not those of Rubrik. Connect with Chris on LinkedIn: https://www.linkedin.com/in/cmgardner/

 

 


Try KiteWorks today at www.KiteWorks.com

Don't Miss our Video on this Exciting KiteWorks Offer!

Try KiteWorks today at www.KiteWorks.com

Don't miss this Video on it!

The Most Secure Managed File Transfer System. 








Share
Apple Podcasts Spotify Amazon Music Podcast Index Overcast YouTube +
Show Notes Transcript

This episode includes cyber security leader, Chris Gardner a data security and recoverability expert with Rubrik (www.Rubrik.com) and we know it’s something cybercrime junkies will enjoy because it addresses the crux of cyber crime:  data protection and ransomware.

We dive into what to do after ransomware attack and how to plan up front so you can get your data back after ransomware.

Opinions of Chris are his own, not those of Rubrik. Connect with Chris on LinkedIn: https://www.linkedin.com/in/cmgardner/

 

 


Try KiteWorks today at www.KiteWorks.com

Don't Miss our Video on this Exciting KiteWorks Offer!

Try KiteWorks today at www.KiteWorks.com

Don't miss this Video on it!

The Most Secure Managed File Transfer System. 








This episode includes cyber security leader, Chris Gardner a data security and recoverability expert with Rubrik (www.Rubrik.com) and we know it’s something cybercrime junkies will enjoy because it addresses the crux of cyber crime:  data protection and ransomware. We dive into what to do after ransomware attack and how to plan up front so you can get your data back after ransomware. 

what to do after ransomware attack

This is the story of Chris Gardner and What happens when a ransom attack occurs and how to get your data back.

Opinions of Chris are his own, not those of Rubrik.

Topics: How To Plan For Ransomware , how to plan for a ransomware attack, get your data back after ransomware, what happens after ransomware, how to prepare data for a ransomware attack, what to do after ransomware attack, ways to get your data back after ransomware, data back up after ransomware, data protection and ransomware, how immutable back ups help, how immutable back ups work, data back up and ransomware, ai implications in cyber security today, best anti ransomware protection, best practices for businesses to limit cyber liability, best practices to limit cyber liability, best ransomware protection for enterprise, best security practices for business, best ways to limit cyber attack liability, how intelligence gathering is critical to security, how to limit cyber attack liability, how to limit cyber liability, latest security expert insight, newest ways to limit cyber liability, ways to limit cyber liability, zero day attacks explained,

how to plan for ransomware , how to plan for a ransomware attack, get your data back after ransomware, what happens after ransomware, how to prepare data for a ransomware attack, what to do after ransomware attack, ways to get your data back after ransomware, data back up after ransomware, data protection and ransomware, how immutable back ups help, how immutable back ups work, data back up and ransomware,

Connect with Chris on LinkedIn: https://www.linkedin.com/in/cmgardner/


D Mauro (00:03.03)
All right, well, welcome everybody to Cybercrime Junkies. I am your host, David Moro, and we're joined today by fellow local Hoosier here in the heartland state of glorious Indiana, Chris Gardner. Chris joins us in the studio. He's a cybersecurity expert and ransomware backup restorer. He's an executive with the leading backup company Rubrik, and he's an expert in immutable backups and ransomware recovery,

unofficial meme lord for Rubrik. So Chris, welcome to the studio, man.

Chris Gardner (00:39.268)
Thank you, David. Very glad to be here.

D Mauro (00:41.106)
No, we're really excited about having you. So share with the ladies and gentlemen and the listeners kind of a little bit about your background. Like how did you come to eventually be with Rubrik in your current life?

Chris Gardner (00:59.236)
Well, to not give away my age, let's say before 2000 is when I got my start into IT sales. And at the time it was mostly networking, but my first sale was actually a couple of Cisco PIX firewalls. And I had no idea what I was doing or what they even did. But my boss said something about it. What obscures the IP addresses on, you know, on premise so that the hackers have a harder time of getting in. I'm like, okay, that sounds great.

D Mauro (01:01.814)
took.

D Mauro (01:24.17)
Yeah, that sounds cool.

Chris Gardner (01:26.096)
So over about a period of eight years, if there was a product with a Cisco badge on it, I sold it. And Cisco was very active in acquiring security technologies and companies. So I was selling their software, their intrusion detection systems, all those things. And that I was excited by the new technology, especially security technology. So that's how I got the security. Now a lot of my career has been data center, unified communications, that type of thing, but there was always a security background.

But I would say in the past five years, I got a lot heavier into it. I was at a value-added reseller where security services and consulting was a big part of our play. And selling managed detection and response systems and security information systems became a big part of my life. When COVID hit, things got very interesting. And at the time, I had three large clients. And due to COVID, two of them stopped spending money. So that...

caused me to look around and I was approached by a gentleman that I knew from our my Dell EMC days. He said, hey, I'm getting promoted at Rubrik and I need someone to replace me. I said, well, okay, you know, I make a lot of money. And he said, well, okay, tell me what your best year was. And I told him, he said, that's what I made my first year at Rubrik. And I'm like, okay, I think I'll talk to you. And he gave me the story and he talked about the clients and he talked about, you know, what Rubrik's mission was and the mission was to

make sure that after a cyber attack, our clients had their backups to recover from. I'm like, well, that sounds like a really good mission. And I started it roughly just over two and a half years ago. And it's, it's been everything he said it was, you know, people, we have a product that people need, we're helping people, we're helping, you know, pipeline stay open, we're helping banks be able to deliver their services. It's, it's just been a great, a great move for me.

D Mauro (03:20.054)
Well, and it really is. I mean, the income aside, I mean, the issue is so critical. When there's a ransomware attack or other malware attacks. We're seeing the evolution of ransomware where it is deleting the backups or encrypting the backups or taking copies of them, right. And many of these ransomware gangs are going straight to the extortion methods and things like that. So

what Rubik does is different, right? Like it is completely separate. So can you explain to us kind of what does immutable backups mean?

Chris Gardner (04:01.06)
Okay, so when we started over nine years ago, we really started as a better backup and recovery mousetrap. The goal was to make sure that we could back up faster but recover faster because data volumes were getting bigger. And if you have a one terabyte database, it can be very, from a time perspective, and you'll be able to edit this, from a timing perspective, it can take you a very long time to recover one terabyte database. So we built a system that

was hyperconverged and we could do that very quickly. What we started to see five, six years ago is as these ransomware attacks spun up, our clients said, hey, Rubrik, we're so happy. Your backups were there after we got attacks. And so we were able to recover and that was fantastic. And the reason that is, is that in our file system, there are no delete commands. And when you go in to our system, someone can't get in and say delete, and then the backups are gone.

That can't happen with us. But as the hackers started to evolve their tactics, we started layering additional capabilities on the system to make sure that it was immutable, meaning that the backups can't be blown away. So question for you, David, if I'm an administrator, I could go into a backup system and I could hit delete on a backup. Is that early? Is that an immutable backup in your mind?

D Mauro (04:59.999)
Right.

D Mauro (05:22.628)
No.

Chris Gardner (05:23.852)
Yeah, so those are the types of things that as we evolved, we looked at, we need to look at the ways that a hacker could make a backup go away. For us, it can't be deleted, but you could in theory expire it early. So we made sure that administrator can't expire early unless there's a huge process and other people have to prove it. The other, you have to look at some of the external attacks that these hackers do. If you're...

Backup expiration is based on network time protocol. If a hacker can go in and fast forward your network time protocol to two years in the future, expiring all your backups, are your backups really immutable?

D Mauro (06:00.806)
Okay, so backup just for a second. So what you're telling me is that so threat actors can break into a network undetected, and then basically speed up the timeline so that the entire network thinks it's two years in the future, right? And then the backups would have expired. Right? Yeah, I mean, I

Chris Gardner (06:07.838)
Mm-hmm.

Chris Gardner (06:18.53)
Mm-hmm.

correct.

D Mauro (06:23.918)
I knew that they did that, but I guarantee a lot of our listeners didn't know that they do that. And what you just talked about is you guys have addressed that issue as well, right?

Chris Gardner (06:33.864)
We have what's called a monotonic clock. So when a backup is taken, a stopwatch basically clicks and it says, okay, you've told me that I need to keep this backup for 30 days. I will expire that backup in 30 days based on my stopwatch, but not on an external network time protocol that I'm seeing. So you could tell me it's 20, 2050, but I'm waiting 30 days to expire.

D Mauro (06:49.082)
Excellent. So if they if they adjust that

Wow, that's fantastic. That's so they've really thought about a lot of this stuff. So so often we see organizations that don't test their backups, they don't know the details of their backups. So when you're having these conversations, are you having them with executives at that level?

Chris Gardner (07:00.823)
Right.

D Mauro (07:19.786)
I'm sure you are, but I mean, in general, I'm thinking of a best practice, like the business owner of a small to mid manufacturer, and he asks his IT guy, do we have backups? Are we good on backups? And they don't like, they say yes, but they're not really getting into the details like what you're talking about, because there's so many poor backup solutions out there that don't actually save organizations during a ransomware attack.

Chris Gardner (07:49.916)
You have to consider how backups were originally architected. The goal was to save data, save a lot of it, and compress it. Because when they moved away from tape, they started putting backups on disk. Tape's a lot cheaper than disk, so how can we cram all this data, and compress it, and de-duplicate it? And so that's what the goal was. That's great for when you're saving the backups, but what happens when you actually need them?

So if you're pulling that backup off a disk system that's got a head up top, and then as you keep adding shells to disk, it keeps getting slower and slower, it's gonna take you a very long time to recover that. In our system, it's a hyperconverged scenario. So you've got, every time you're adding disk, you're adding a processor and you're adding memory. So the system gets faster as it grows. So when you have a hacker get in, it takes out a database that's three terabytes in size, instead of it taking, you know,

D Mauro (08:18.839)
Right.

Chris Gardner (08:48.292)
two days to recover with a legacy system that's not architected for the reality of being able to recover fast. And ours, it could take a day, four or five hours, whatever that is. But we have to go back and understand what is the system architected to? We're architected to make sure that your backups will be available. We understand that there is a hacker behind your firewall and physically it's architected to recover extremely quickly.

D Mauro (09:13.994)
That's fantastic. That's fantastic. And so I would think that it's really important for this type of backup discussion, right. And this is not an ad for rubric in any way, but it's more the element of actually having backups do what executive leadership believes they can do right or should be able to do having access to that data in the time of need.

It probably it really needs to be part of that whole data breach planning, right? That incident response plan.

Chris Gardner (09:51.044)
That's exactly right. Would I tell clients, prospective clients, that ultimately what I sell is just a tool? That tool is useless if you don't know how to use it. I could go get in a Ferrari, but there's no way I could make it go 180 miles an hour. I would kill myself and other people around me. Not that Rubrik is as complicated as a Ferrari, but still, you've got to have the processes and the people's experience in place to know how to respond. It's like Mike Tyson says, everyone's got to play until you get punched in the mouth.

D Mauro (10:04.178)
Right, as would I.

D Mauro (10:19.124)
Right.

Chris Gardner (10:19.384)
So when ransomware punches you in the mouth, what are you going to do? Is your instant response plan sitting on a server somewhere? What if the hacker grips that server? My plan's gone. So that response plan's gotta be printed in a binder and sitting in locations where people can go get it, or it's in a system that's totally separate from your system. When you start getting into instant response scenarios, we tell our clients, make sure that rubric

D Mauro (10:32.599)
Right.

Chris Gardner (10:48.252)
is written into your incident response plan. And this could be any of the other backup recovery programs out there. But what will happen, what we see in a lot of the attacks is a customer has a third party incident response company and they're not aware of what the backup recovery system is. We had a client in the Midwest a few months ago, they were attacked and they didn't call us for a week. And they're like, hey, we have a real problem here.

D Mauro (11:05.367)
Right.

Chris Gardner (11:17.432)
You know, we've been down for a week and our response was, guys, you need to call us immediately because one, there are things we can do to immediately mitigate the problem, make sure that your system doesn't fill up, all these other things we can flip. But two, we can help you with the assessment process, help you as a response company tell you, hey, by the way, you're using Rubik's Mauer detection threat hunting capabilities.

We can go in and help you isolate when that threat came in and where it is so that you can recover. It will help you recover. It will help you find sensitive data. Whether it's Rubrik or someone else, your backup and recovery provider has to be written in an incident response plan so you can have the best chance.

D Mauro (11:58.758)
Absolutely. And when you say that, when you say written into it, you mean like the details of it, right? Like, kind of like who to contact, what, you know, what is being backed up, what the information is in order to access it, things like that, so that they have a step by step guide, I would imagine.

Chris Gardner (12:16.712)
Exactly, that's got to be in there. But another part of it for the TAC is understanding what the priority is because most of the encryption attacks we see are pretty widespread and they could be encrypting a system that is mission critical for you where you will have zero money coming in. Or, exactly, or they're encrypting a system that is your employee benefit program, which, you know, that's...

D Mauro (12:33.534)
It stops production. Yeah, it interferes with healthcare treatment.

Chris Gardner (12:46.296)
fine to be down for a week, but why should you spend time on that if the revenue generating applications are one you need to have up immediately? So getting ahead of the attack and understanding in what order and what priority should I be recovering my applications is also important because you don't want to spend your time on things that aren't mission critical. Let's get the mission critical things back up. You know, one thing, David, that we talk about a lot with our clients is...

RPOs or recovery point objectives and RTOs or recovery time objectives. So if I know that... Go ahead.

D Mauro (13:19.07)
Right. So, so let's explain. Yeah, do you mind if we just take, take a take a second and what, what are each of those? Like, whenever we mentioned acronyms, I always want to explain it to everybody.

Chris Gardner (13:28.803)
Okay.

Chris Gardner (13:32.484)
Sure, so recovery time objective means, let's say that my sales program goes down. How long does that need, can that be down before I have to have it back up? So typically if you're working with a service provider, let's say Salesforce, and they might say, hey, if we go down, we'll have our recovery time objective or service level agreement to get that back up for you is eight hours, right, okay. So that's fine in a...

I'll call it a standard disaster recovery scenario. Let's say you lose your internet or somebody kicks a server and things go down. And okay, I can recover from that. But when you start getting into a cyber recovery scenario, everything goes out the window because there's your hacker behind the firewall. So that's recovery time objective. Recovery point objective is how much data am I willing to lose, right? So if I take a backup every 24 hours and I'm...

D Mauro (14:19.746)
how much data is, right? Yep.

Chris Gardner (14:29.384)
I'm attacked and my server data still was wiped out. I can go back to the last backup that I had. So if it was 23 hours ago, I've just lost 23 hours worth of data. Right, so that will affect how often you may say, for this application, I need to back it up every hour. Or this application, I need a real time replicated copy of it. Now that replicated copy may not be protected from ransomware, but you know, how...

D Mauro (14:38.828)
Right. You just lost a day's worth of work, right?

D Mauro (14:49.163)
Right.

Chris Gardner (14:58.808)
how granular can I get with the backups, how often so that I could make sure I don't lose as much data, more data than I can afford to lose.

D Mauro (15:07.774)
Right. Well, how do you how does business continuity work in that scenario? So you just mentioned, you know, if you need real time backup, how can that be protected from a ransomware attack? Like, how is that orchestrated? Not not getting into the technical aspects, but in general from a high level.

Chris Gardner (15:29.84)
Yeah, so based on today's technology is extremely hard to do real time protection from a ransomware attack because normally you're going to be replicating for real time you're replicating data from one side to another or one system to another. But it's impossible to back that up, you know, immediately like every second. So there's probably going to be some sort of data loss. But it depends on where you replicate

D Mauro (15:52.93)
Right.

Chris Gardner (15:58.484)
Rubrik does have some real-time replicating capabilities, but most of our clients will use other systems. Zerto is one that's very popular to make sure that's replicated real-time. Some will also use the embedded capabilities of their storage systems. So when a storage system goes to make a write, it'll make, actually split that write. It will write it to one side and then write it to the other side at the same time. Again, a cyber attack could take off.

out both of those sides, but at least, you know, in a disaster scenario, you've got that available. But then once that's, again, you've got to look at how often can I back up and it's going to be based on the type of application. You know, some databases, you can't back them up all the time because you've got to edit that out. I don't want to go down there. It's getting technical and I'm going to get over my skis. Yeah.

D Mauro (16:35.052)
Right.

D Mauro (16:44.654)
Oh, yeah, no, absolutely. That's perfectly fine. All right, so note to me in the future, we're going to edit this part out. So that's fine. Yes. So I just want to can you just clarify, like you guys have it so that it's separate, so that an attacker can't launch. But when it's real time, they could. I just want that clarified. You know what I mean? Like, make sure that's not fuzzy in anybody's mind.

Chris Gardner (16:52.864)
Yes. Yeah.

D Mauro (17:14.902)
How do we do that? How would you like me to ask that?

Chris Gardner (17:20.118)
Ask it again.

D Mauro (17:21.226)
Yeah, do you guys, do you, let me ask it like this. When advising clients and somebody, a client mentions that business continuity and spinning up immediately is very important, but you also have to make sure that there is protection from ransomware, right? So is there a time segment between those two that is usually acceptable for?

business leaders.

Chris Gardner (17:51.128)
It depends on the application itself. You know, there are, if you're a credit card processor and, you know, seconds count, you know, you've got to take that into consideration with your business continuity plan, understanding from a technological perspective, what can and what can I protect from a time perspective and build that into your business continuity plan.

D Mauro (18:14.966)
Got it. So it really depends on the individual stakeholders risk appetite, right? Like depending on the application that they need, certain apps need, you know, a closer period in time to not lose any data. Others have a reasonable amount and they can stay safe and stay protected should there be an attack like a ransomware attack. Makes perfect sense.

Chris Gardner (18:39.381)
Yeah, that's correct.

D Mauro (18:43.958)
Yeah, excellent.

Chris Gardner (18:44.068)
Yeah. The other thing about business continuity that I'm working with the Fortune 500 client right now and part of their cyber recovery project, you know, they got ahead of things. They define which applications were most important, what had to come back first. But they also define what do we do if we don't have systems at all? What are the manual and paper processes that we have to do? I think a lot of organizations don't consider what am I going to do during that downtime?

What can I recreate manually? And this company's case, what they determined was 60% of their applications and 80% of their data are minimally required to run their business. They can't even go to paper. So that influenced their spend because they understood we've got to spend enough money in terms of tools, people and process to make sure that we can have the best chance of recovery.

D Mauro (19:26.588)
Really?

Chris Gardner (19:41.484)
Now we talked earlier about recovery point and recovery time objectives. Again, they understand that compared to standard disaster recovery, RPOs and RTOs, they can't guarantee anything when it comes to cyber attack, but they are do everything in their power to make sure they can reduce that RPO and RTO.

D Mauro (20:02.11)
Well, it's so important because a couple of things that you just mentioned, let me unpack that. So we talk all the time about 30 years ago, right? Not giving away my age either, but 30 years ago, we had two versions of everything we did, right? We had our real life version and then the computer systems were essentially like a copy of it, right? Like it was a little bit convenient. It could speed things up, but in the same sense, if they went down or if there was a glitch, we were fine. We still processed every

Chris Gardner (20:13.275)
Ha!

D Mauro (20:32.49)
Right? I mean, most organizations still operated in the physical realm. Today, things have changed so much so that when systems are down, we can't even function most times. You know, like when you think of the typical health care scenario, right? I mean, you still used to have nurses walk in with the physical chart, right? And they could tell what type of medicine and what dosage would be given. And they might be recording it.

Chris Gardner (20:44.452)
Mm-hmm.

D Mauro (21:00.61)
digitally later, et cetera, but should those systems go down, they could still render medical care. Now they can't, like everything's on a tablet, like all of their systems, when those things go down or get encrypted, they can't render, like they can't provide the right chemotherapy or the right medications and things like that.

Chris Gardner (21:22.708)
I think it's similar in retail. You some of the higher profile retail hacks. And I, before I got into IT, I was in retail for an office supply store and we would train our cashiers. Hey, if our systems go down, you know, here's the manual credit card machine you have to use. And here's our price books. But eventually we just got away from that because we couldn't keep printing price books that were this big in every register. And as you had, we had so much turnover in our retail ranks having to train someone all the manual processes.

D Mauro (21:24.606)
Yes.

D Mauro (21:37.824)
Right.

D Mauro (21:44.16)
Yeah.

D Mauro (21:49.09)
all the time.

Chris Gardner (21:50.52)
we got to the point if the system went down, we're shutting the doors and sending people out.

D Mauro (21:54.802)
Yeah, absolutely. And another interesting point that you brought up is the importance of including the backup team in your incident response planning. We talk all the time that organizations in general in the US in particular don't do enough incident response planning. There's always a confusion. Well, I've got my disaster recovery plan. No, no, we're not talking about a flood or an outage, right? We're talking about a data breach. And they're different plans different

Chris Gardner (22:23.172)
Mm-hmm.

D Mauro (22:23.302)
different scenarios and tabletop exercises are critical, you know, almost like fire drills. But the key is to not only have law enforcement engaged in that incident response planning because you don't want, when every minute counts, you don't want that to be your very first call to federal law enforcement because you don't want any unnecessary delays. But it's so important to have your backup.

program and team engaged in that incident response planning because that's when those critical conversations need to happen ahead of time

Chris Gardner (23:01.246)
100% agree.

D Mauro (23:02.45)
Yeah, that's absolutely phenomenal. So how are, you know, what are, let me ask you this. In what you see, what are some of the most dangerous threats to US organizations right now? I mean, I understand ransomware continues to grow and it continues to evolve. We're seeing some ransomware gangs.

not even care so much about encryption as much as just exfiltration and then the extortion. It's that blackmail. It's just traditional crime. Right? What do you guys see? You guys see so much.

Chris Gardner (23:30.084)
Mm-hmm.

Chris Gardner (23:41.888)
We're seeing exactly that. So the dwell times or the amount of time that a hacker is in the environment has really gotten down to 11 days, five days, six days. So they're doing quick hits. They're getting in once they find the next point. They're finding the data, they're exfiltrating that, and then they're holding the data hostage. Like you said, they're not even bothering with encryption events, at least for the criminally minded. Nation states get in and they cause the damage. But the typical...

D Mauro (24:08.063)
Right.

Chris Gardner (24:10.488)
hacker criminals are just ransoming the data. The other thing we're seeing is that they're logging in, they're not breaking in. So they're compromising individuals. All right, you look at Okta was recently compromised. That's something that our company does for multifunction access to our system. We have our own system. We don't rely, you can integrate with the other MFAs out there.

D Mauro (24:19.146)
Right. Social engineering, multi-factor authentication fatigue, things like that.

Chris Gardner (24:40.224)
But we don't trust them either. Everything is zero trust. I know zero trust is an overused term, but we really take that to heart. We have our own MFA system that cannot be, at least to this point, has not been breached.

D Mauro (24:43.198)
Right, you-

D Mauro (24:47.758)
Yeah, that's good.

D Mauro (24:54.154)
Right, absolutely. Where do you think we are in our country in terms of, from what you see, in terms of having more, and I'm not a fan of regulation, right? Like, because that goes against everything that our country's built on. But I see in the finance sector that has compliance regulations, right? They tend to be...

a little bit more advanced, clearly well more advanced than certain other verticals. Where are we headed do you think? Just high level.

Chris Gardner (25:33.7)
I think we're headed towards more and more regulation. I work with an airline right now. And one thing I see that is good, I think a lot of regulation is turning towards making sure that the sensitive data that an organization has is obfuscated to some way, cryptid, tokenized. The airline I'm working with, they've had a mandate from TSA that they gotta be able to classify their data by a certain date. Again, that's something when you're evaluating backup recovery systems,

D Mauro (25:50.923)
Right.

Chris Gardner (26:03.588)
A backup and recovery system is a good way to get ahead of, where is the sensitive data in my environment? Because if you think, if I'm backing up your on-premise data, I've got a copy of it. And what we will do is we can go into that data and identify for you, hey, you've got PCI data here, payment card industry, you've got social security numbers that are open and not encrypted. The same thing is applicable in the cloud as well. When you look at data growth, we're seeing

D Mauro (26:18.914)
Right.

Chris Gardner (26:31.656)
On-premise data is growing about 40, overall data is growing 40% a year. On-premise is growing about 20% a year. In the cloud, it's growing 73%. And in SaaS applications like a Microsoft 365 or a Salesforce is growing 145% a year. Well, that's where your sense of data is also growing as well. So how can you get a handle on where is my sense of the data, who's got access to it, and is it protected? So there are a lot of companies out there

D Mauro (26:50.122)
So the amount of data that organizations...

D Mauro (26:56.511)
Right.

Chris Gardner (27:01.732)
provide solutions for that. A lot of those solutions are expensive because they want you to install agents on everything. I'm not saying that those aren't necessary, but what we see organizations doing is, well, we'll spend that money on part of our environment because we can't afford to do it everywhere. But if I'm backing it up or another company is backing it up and they can look in the downtime, hey, I'll tell you what's out there and who has access to it. That's a great way for people to.

D Mauro (27:07.711)
Right.

Chris Gardner (27:28.62)
to get ahead of these attacks by making sure that the data is not even out there to be compromised in the first place.

D Mauro (27:34.846)
Right. So the statistics that you just mentioned, that is the amount of data per organization, like growth, year over year growth of the amount of data or is that individuals?

Chris Gardner (27:43.948)
Yeah, so.

That's year over year and I take those from a study that we did back last year in June with the Wakefield Research Institute. And we also gathered information from our 5,000 of our clients who were evaluated 35 exabytes of data. And the survey also included 1,600 IT and security leaders from 10 countries. So this is where those statistics came from.

D Mauro (28:09.774)
Okay, so yeah, that's good. Wow, that is a significant amount of data growth. I mean, we hear we've interviewed a lot of incident responders, those that get called in during the ransomware attack, for example, and what their view is unanimously, depending on, regardless of what company they work for, whatever, is people just have too much data and they don't even understand where it is. Like they,

Chris Gardner (28:38.039)
Right.

D Mauro (28:38.922)
they it's usually after the fact when they're like, Oh, yeah, there's another copy of it over there. Right? Or there. Or there's this old system that they just hold on to. And they just keep records from eons ago, just because back in the day, when we had file drawers, right, we still just keep all that paperwork, because you just never knew when you needed it. But is that a manageable risk? Is that something that you guys are seeing as well?

When they're asking you to back it up? Yeah.

Chris Gardner (29:07.604)
It's a huge problem. Yeah, and the problem is that the data is everywhere. It's in SaaS applications. It's in clouds, multiple cloud that's on-premise. And the approach is to find the sensitive data are usually fragmented in multiple tools and there's no single source of truth. Rubrics on a journey to help people get there. We're not there, no one's there. I think we've got to leg up and everybody, but that's going to be top of mind for folks that are in.

D Mauro (29:12.492)
Right.

D Mauro (29:29.387)
Right.

Chris Gardner (29:36.236)
government's risk and compliance roles at these companies, we've got to find that data and make sure it's obscured. One of the Fortune 500s I work with, they attempt to tokenize and encrypt everything because they're dealing with healthcare data. They're highly regulated, but they had no single source of truth. So for them, it's a very expensive proposition, meaning that, yeah.

D Mauro (29:51.338)
Right. Very critical. Yep.

D Mauro (30:00.582)
What do you mean by that? Yeah, what do you mean by that?

Chris Gardner (30:04.224)
So if I want to know, do I have sensitive data in Azure, for example, I've got to go to these tools. And do I need to, do I have sensitive data in AWS? I've got to go to these tools. What about the data we have at Epic or Salesforce or Workday or in our on-premise applications? There's just so many tools. There's no one that can say, if the federal government walks in and says that this company, how much sensitive data do you have exposed? Well, give me a month and a half to figure that out so I can go pull all those reports.

D Mauro (30:31.838)
Right. Yep.

Chris Gardner (30:34.008)
from all these places. So getting to a point where they could centralize and understand, hey, this is my one or two or three reporting systems to make it easier to get that information out. It's gonna be critical. I mean, and I know you've seen this, David, after attack, organizations now, depending on how they're regulated and by whom, have a mandate, you have to report the exposure of sensitive data within a certain number of days. And again. Mm-hmm.

D Mauro (31:00.118)
Well, yeah, and the new SEC ruling said like four days and right like how like they have no idea even where their data is half the time.

Chris Gardner (31:03.896)
Right.

Chris Gardner (31:08.82)
Right, so a lot of times they have to assume, yet we say we have to assume it's everything because we don't know anything.

D Mauro (31:15.282)
Right. That's an interesting phrase. We have to assume it's everything. We have to assume they have everything because we don't have anything. Yeah. Oh my gosh. Well, this is why it's the Wild West, isn't it? This is why it's so interesting. I mean, it is, I mean, to me, it's, it's all about, it's, it's just crime fighting. It is the

Chris Gardner (31:19.788)
Yeah.

Chris Gardner (31:25.73)
Right.

Chris Gardner (31:30.667)
It is.

D Mauro (31:41.074)
you know, following some of the cybercrime gangs is like watching the mob, the mafia from the 80s, like they're organized, they're executing only they're doing it at scale. They're doing it much more in a more sophisticated manner. But I really love and we will have links to rubric in the in the show notes and links to your information as well. What's what's on the agenda for rubric? What, what new initiatives you guys have coming up?

Chris Gardner (32:10.98)
So historically, our goal has been to be the backstop. You know, we're your vault. We're your last defense against cyber attack. We're gonna keep your data safe. But we're getting into the prevention side of it. It doesn't mean that we're gonna do away with the need for the traditional security tools that the company investing because you need multiple layers of security. But particularly for some of the smaller to medium sized companies that maybe can't make that investment, what are things that Rubrik can do to help?

D Mauro (32:31.947)
Of course.

Chris Gardner (32:39.652)
from a prevention perspective. I mentioned earlier, helping a organization understand where their sensitive data is so they can get ahead of that. Well, what's the next step? Can we help them integrate that into some sort of workflow, a ServiceNow or something else so that, hey, we just identified this sensitive data, kick it over to ServiceNow, creates a ticket, someone goes and they deals with that unprotected data or deals with the fact that, you know, as JNR has access to our financial data if you want to. We're ahead.

D Mauro (33:07.598)
Right. Well, I'm seeing that. Yeah, you just you just brought up something. I just want to go down one quick rabbit hole before we wrap up. What is the deal like some of these some of these breaches that we've seen in the last year in particular, somebody in some department, right gets socially engineered, and then they're able to get all the way to like financials, the source code, they're like

Chris Gardner (33:09.164)
That's your.

D Mauro (33:35.114)
our organizations, are you seeing like, our organization's not aware that, because I know the employee was not aware that they could get access to this because they didn't have the foresight or the criminal intent to do it. But what are you seeing? Like, are you seeing anything in the industry or, do you know what I'm asking? Does it make sense? It's like the, it's the configuration of the networks and the complete lack of zero trust.

Chris Gardner (33:44.452)
Mm-hmm.

Chris Gardner (33:55.636)
Yeah, I mean, you.

Chris Gardner (34:03.852)
Right. And you think about where we came from, you know, when we first started providing IT, it was, hey, let's give everybody access to everything. And that's how systems were architected. And we've learned that you can't do that anymore. You've got to have role-based access. You know, if I am a janitor and getting my email, I should not have access to financial, to HR, to any other systems at all. But when you consider, you know, the state of IT for the past 20 or so years, you know, since the dot-com bust.

D Mauro (34:12.202)
Right.

D Mauro (34:16.914)
No. Right.

Chris Gardner (34:33.792)
You know, you can't fill jobs anymore. And there's so much turnover, and especially in the security, there are hundreds of thousands of open positions. There's just not enough people to be able to make sure things are done correctly. So what do we do? We turn to AI, we turn to tools to help us with those items, but we're not there yet. You know, it's such a massive undertaking. So you've got to, again, I go back to your organizations that have governance risk compliance teams, and it's their job to figure out what tools and...

people and processes can be put in place to ensure that people don't have access to things they shouldn't. And that when our vice president leaves the company, that we've turned off his access to everything the minute that we terminate them. There's all those things that come into play to make sure that they control the access. And as you discussed earlier with the SEC, there's regulations coming to make sure that happens.

D Mauro (35:25.058)
Yep. Fascinating. Hey, Mr. Gardner, thank you so much. I really appreciate this discussion. This was really, really interesting. Immutable backups through rubric, very, very excellent offering, excellent security layer, and the importance of having the backup conversation and the backup information included with specifics.

Chris Gardner (35:31.512)
Thank you, David.

D Mauro (35:54.578)
step by step guides in that incident response plan. Great advice, man. Really, really, really helpful. So great.

Chris Gardner (35:59.98)
Thank you. And again, David Rubik's a tool. You've got to bring on the consultants to help you as well. I mean, that's so critical. Organizations like Gears I know do that. Got to have that.

D Mauro (36:05.07)
Yeah, of course. Yup.

D Mauro (36:09.842)
Absolutely. But great. Yep. Excellent. Excellent discussion, man. Well, thank you so much, my friend. We will we will this will not be our last time speaking. So we will talk again soon. Thanks, buddy.

Chris Gardner (36:18.628)
Thank you, David.

Chris Gardner (36:24.28)
Have a good day.