Episode Transcript
[00:00:24] Speaker A: Hello and welcome. My name's Simon Hill.
Today we're going to be having a discussion around cybersecurity. I'd like to firstly just introduce two of my friends. We've got Darren and Rob.
We'll be discussing and running through the value proposition from hpe, Zerto and Insight and how we can help our clients and customers understand the threats that are out there today. What I'd like to start off with, Rob, if you don't mind, just do a brief intro to yourself and if you wouldn't mind explaining from your view what you feel clients are experiencing today and the threats that they're having to deal with.
[00:01:02] Speaker B: Yeah, of course. So I'm Rob O'Connor. I've got two roles at Insight. I work in our chief Technology office as responsible for security and compliance and I'm also chief Information Security Officer for emea. So yes. So cyber security at the moment, what we hear and see from our customers, it's a really difficult time for them, I would say. There's two key forces acting on our clients and they're sort of sandwiched in the middle of the two. The first is around just the general geopolitical situation at the moment. So we see all of the problems going on around the world and that's not limited to kinetic operations on the battlefield. It spills over into cyberspace as well. So you've got nation state actors who are attacking other countries and the organizations in those countries.
And that's been around for a while. We've had, we see targeted attacks on certain companies and countries due to their political stance or affiliations.
But what we're seeing more of now is those organized crime groups.
And that's changed the game a little bit because it's not just targeted attacks. Any organization now can be attacked indiscriminately by ransomware.
It's no longer the big names. Every organization has almost got to provide an enterprise level of security to stay ahead of the ransomware threat.
[00:02:27] Speaker A: Yeah, I think there was a government study that I read where it said 50% of businesses are being attacked and I think 74% of businesses, large businesses, are being attacked as well. So it is obviously a threat. And Darren, you've vastly experienced in this area as well. So do you want to just quick intro and then give your viewpoint on the pains that people are experiencing today?
[00:02:50] Speaker C: Yep. Thanks, Simon. Yeah, I'm Darren Walton, I'm the channel manager for Zerto and HPE company. And what Zerto do is we bring to market a market leading range of tools around data protection and cloud mobility. So what we don't do, as Roger saluted to, we're not a cybersecurity company. What we do is we enable organizations to recover from a cyber incident or maybe just an internal incident because a lot of incidents are still internal. Just good old fashioned human error still cause a lot of problems for companies.
And I've worked in the cyber industry in the past in my career. There's some fantastic cybersecurity companies out there doing some fantastic work. You know, I have a lot of time for these guys to do some brilliant work. But it's the old adage, if you're an organization, you have to get when you're defending against these external attacks and these threat actors, the old adage is you have to be right 100% of the time. The bad guys out there, the bad actors, the black hats, call them what you will, they've only got to get lucky once and they're indiscriminate. And the far these you can now get ransomware as a service packages that even come with a support package. So organizations have to be very vigilant. And again despite, and I've still got friends that work inside but despite those companies best efforts, I think there's been a mind shift. I've seen a mind shift in the last four or five years from organizations of all sizes in all sectors where the conversation or the mindset it's kind of moved from. It's not if I get caught by a ransomware attack, it's when. And as you just alluded to, the amount of attacks are growing year on year. They're becoming more severe, more frequent, more virulent. The cleanup costs are getting worse. You only have to look online at some of the attacks that happened in the uk British leivists and novice. You know this thing isn't going away because the guys either, as Rob said, it's a geopolitical thing, they will keep coming. The bad actors are making so much money, they will keep coming. So whilst the cyber guys are doing fighting the good fight on the one hand, what Zerto were able to do is if the worst should happen and you do get caught, an organization gets caught, your priorities really too from our perspective is how quickly can I get those key systems back up and running? So if you run in a hospital, you don't have to start canceling operations. You run an e commerce company, you can work out in the nearest penny how much you're losing. You're in finance, you're in a supply chain. So Zertos thing, if you like, it's usp, to use that really old phrase, is we can get an organization's key applications back up running within 8, 9, 10 minutes, and the amount of data they can potentially lose can be measured in five or six seconds. It's world leading, it's industry leading. We've done it for the best part of a decade now, and it's really coming into its own. I've been in the company so long that when I joined Zerto, ransomware wasn't even a thing. We talked about disaster recovery. It could have been a fire, it could have been a flood, it could just be in a case of human error. But with the rise and rise and we can't see the rise of ransomware tailing off at any point soon. And now we're part of the HP organization, we're selling to organizations of all sizes in all sectors because these threats are indiscriminate, but they have to be dealt with because otherwise the implications for organizations are often too scary to contemplate, really.
[00:06:04] Speaker A: Okay, well, the way that I would envisage this sort of conversation taking place was I wanted to shape it around a value proposition. So the joint value proposition between Insight and hpe, Zerto, and admittedly there's other ecosystem partners on both sides as well. So now from my point of view, a value proposition starts with the client's pain, which you've just described a couple of them, and the impact and ultimately the cost to them. So thinking with that as the baseline, what solutions are available for people to look at to help them with, you know, a potential threat and things like that. Rob, I don't know if you could just elaborate on that a little bit from earlier site point of view first and then. Darren.
[00:06:48] Speaker C: Sure, absolutely.
[00:06:49] Speaker B: And just before I get into that as well, it's probably worth mentioning the growth of the regulatory environment at the moment.
[00:06:55] Speaker A: So talking about this earlier, wasn't it?
[00:06:57] Speaker C: Yeah, Dora and Steel, exactly.
[00:07:00] Speaker B: So while a lot of organizations have have wised up to the fact that the business interruption is something that they need to counter, those that haven't will soon be forced to buy Nistu, Dora and all the rest of these regulatory changes.
But yeah, in terms of how Insight would help a client to identify a roadmap or a journey to protecting itself against cyber threats, particularly around the data space, we need to look at. And we'll come on into more detail around the sort of Deserto tools, but the approach that we would take first is to try and prevent the ransomware threat from happening at all. And the reason that we'd need to do that is that these organized crime groups that are running these ransomware as a service offerings, they've changed their business model. So as they've recognized that people start deploying good backup solutions, obviously the hit rate for those targets paying the ransom has started to decrease. So they've started doing techniques like double extortion, which is where they'll extract all of the data from the company before they do the encryption. So then if the company says we're all good, we'll restore from backup that data's already left the organization, and it'll then get auctioned off on the dark web. We're starting to see things like triple and even quadruple extortion. So triple being where if the company won't pay the fee, they'll go to the individual customers that have had their data stolen and see if they'll pay. And they'll even look for things like the SEC reporting. In the US you have to report a breach. If that company hasn't reported a breach, they'll go to the. The ransomware group will go to the sec, and they'll report that company on their behalf. So there's a number of different evolutions of the policies of these groups. That means you really want to stop that from happening in the first place.
[00:08:54] Speaker A: I know you're coming onto the point, but just as you're describing things there for me, it seems the more sophisticated the systems that are put in place to protect, the deeper and more sophisticated the criminal groups get.
Layer on layer on layer of place. Yeah. And I mean, just going back to the piece about where Insight would engage with the client, then. So let's explain. So let's think of this scenario. A customer is either. Darren, you talked about this. Sometimes they come to you, it's a little bit too late. Zerto may have already positioned as a proposition to acquire.
[00:09:33] Speaker C: Yeah, regrettably, if the attacks already occurred, we can't bring that data back. What we do, if they're using Zerto before the attack occurs, we can't prevent it, as we mentioned. But the cyber guys are doing a great job trying to prevent that. As we say, we can get them back running as business as usual within 8, 9, 10 minutes.
And we work in a unique way. We're different from backup. Organizations still use backup. Backup's got a great role to play in organizations, and we sit side by side. But what typically happens just to pick a Round number for the maths is easier. If we go to an organization and they say, got 100 VMs, it's a nice round number. We'd engage and say, okay guys, of your key applications. So in health, in banking, they'll all have one or two, maybe three or four key applications that businesses pivot around and without those applications they're really in trouble. We'll identify what those applications are, we'll identify what the implications would be if those applications aren't available for an hour, two hour, three hour, four hours, and then we would then just license or they would run Zerto on those key servers, which is Normally they've got 100 servers, it might be 30, might be 40, and then for the remainder, the backup that they're using currently is perfectly adequate. So that's the way we kind of, we work it. And we've got an example on our website and I think it's on the Insight website.
It's an organization, it's based in the Netherlands and a couple of years ago they got hit by Cryptolocker. Compared to today, Rob, it's quite a primitive attack, but it took them to recover from that. Took them two weeks, two whole weeks they lost. They think it was a guessing around 12 hours worth of data. Then they deployed Zerto and lo and behold, the guys come back again. Because in terms of not if, but when, it's also the add on is sometimes how often, because they can come back and they got hit again a couple of months later. And it's all publicly available. It's on our website, it's on the Insight website. The second time they were back to business as usual in less than 10 minutes and the date of the loss was less than 10 seconds. So you go from two weeks to 10 minutes. That's significant improvement. Because when these things happen, as we see, there's usually two strands in an organization. There's a cyber guys that figure out how did it get in, where's it got to, how do we detect it, how do we isolate it. Then they'll do the forensics to figure out how it got in and take the remedial action to make it to stop it happening in the past or in the future. So but then organization, I think, right, we're running an operating theater, we're running an airline, we're running a bank. We have to get applications back up and running as quickly as possible. And that's the piece that Zerto does. Yeah, and it's a very valuable piece for these companies. Who still, regrettably, will get caught and do get caught.
[00:12:15] Speaker A: It sounds like it's inevitable at some point that you're going to get hit. I mean, even on the figures that I pulled from the government study that was done, you know, 12 months, 74% of businesses are going to be attacked. I get that they're being attacked and that some of the systems are putting in place of preventing the attacks from getting anywhere. But ultimately you're likely of being hit and then put under ransom. So, Rob, just again, we partway through, we were talking and then, so if, let's think about next steps, then I just want to cover off one little bit as well. There's a technical deep dive webinar that is supporting this conversation. So customers will be able to run through that, listen and see all the fancy details. And I think there's three areas of Zerto that they'll run through on that. But assuming that we have a client customer that is interested in talking to us, how do Insight start the engagement with them? What sort of assessments or workshops do you run, Robin? And then how do you then take the client through the journey to get him to the point where maybe Zerto got involved?
[00:13:14] Speaker B: Okay, so clients can be part way through the journey already, maybe themselves. But let's assume for the sake of argument, a client's come, they've just heard about ransomware, and they want the hand holding from the beginning to the end. So we'd engage with a workshop to understand more about their business. So you mentioned understanding their critical applications. What are the critical applications that that business needs to run, and what's the maximum tolerable downtime if those were to fail?
We've talked about the problems of getting the information back. Many organizations, some organizations, especially smaller ones, never recover from a serious ransomware attack. Their business viability can be ended through one of these. So we'd work on that governance of what data do you hold, what's most important, how much do you need access to it before we get into any of the technology? Then we'd move into prevention. So we'd look at what technologies that they have in place around things like data loss prevention. So making sure that data can't leave the business be exfiltrated for those double and triple extortion attempts. And we'd look at putting some protections on the critical endpoints. So laptops and servers and things like that might have tools like endpoint detection and response installed, and that gives that early detection of a ransomware attack might even block some of them as well. But it gives you that early visibility that something's going on, that maybe if one of your lower priority systems has been attacked, you can detect that, shut it down before it spreads to those critical applications. So that gives the customer the best possible view of how to protect from the threat, reduces the risk.
But like we said, there's never 100% protection. So that's when we get onto how do we react to these things when they happen, how do we respond, how do we recover? And that's where we'd get into the conversation of Zerto immutability and all of those things that when the worst happens, you know that you've got a tested plan that you can bring that data back and bring the applications back with it.
[00:15:16] Speaker A: Okay. Well, last night I was fortunate to have a couple of pints with Darren. Nice pints of Guinness orange juice, orange juice of stout are available.
But we was having a little chit chat about a microbrewery, I think was something he was discussing.
And then was it a large finance organization as well? And I was just thinking, Darren, actually, could you give us a real life example of a project maybe, or a customer where, if you imagine where Rob was discussing there about the workshop's been done. We've looked at the threats, the preventions. I'm just thinking from a Zerto point of view, you know, if there is a case study or a customer, that reference where British Library was one.
[00:16:02] Speaker C: But yeah, there's been. We've got quite a lot of these. Just to mention the point that, yeah, it's close to my heart and Artisanborough is close to my heart. I only found this out from a colleague. And it comes back to this idea that these attacks are completely indiscriminate. So at one end of the scale, Zerto protect a lot of the large North American airlines, so why not mention names? But there's one of the airlines, they know that if they lose a particular system, the cost of that business is $1 million an hour, per hour, every hour. And they protect about 7,000 VMs with Zerto and they can get those things running within minutes. And say, as Simon alluded to, had a conversation with a colleague of mine lately. And so there's a little microbrewery near me, employs six people, they have five servers, but everything they need to brew beers on one. If they lose that server, they can't brew beer, they can't bottle it, they can't ship it, and that's going to cause them a major crimp in their cash flow. So it just shows the indiscriminate nature of this. And the way we kind of engage with organizations is, as we said previously, all organizations got backup. And backup's great, but we'll engage and ask an organization, okay, you got backup, that's fantastic. You've been using backup for some time. You've got all your cyber in place. And we do it as a consultative thing. Do you mind us asking, then asking the CISO or some guy in the organization, or some guy in the organization, how confident are you that you could recover from a ransomware attack if the worst.
If the worst, we don't wish it on you. How confident are that you could recover? And as Rob said, some of the smaller companies simply can't. It can be the death knell. Okay, and then how long do you think that's going to take offline for a day, two days, three days, four days? And I've heard everything from two hours, at which point we're going, it looks like you got this covered. I've heard weeks.
And then we ask them what the implications for the business are. You've got internal and external shareholders, you've got clients, you've got customers. And then again, as Rob referenced now, you've got NIST 2 and you've got Dora. Some of these regulations which are really driving a change in behavior for some of these large organizations. So NISTU is around essential and critical. So it's scary things. It's like food production, transport, banking, water. These are things at a national scale where if suddenly, as we said last night, you go to a large supermarket chain on the high street and there's nothing on the shelves, that is not a good scenario. So we talk about that and then what we normally ask is they'll take us through this. They're quite willing to talk us through this. And then we might ask. Another supplemented point which I missed out at the start was you've got disaster recovery plan. Great. How often do you test it? Yeah, because sometimes it's like most plans and it sit on a shelf. How often do you test it? What was the outcome of that test? Did you pass the test? And when you get into things like dora, particularly DORA is a complicated set of regulation articles I think they referred to, but in there is your ability to bounce back. And the way you do that is test. So it's test, test and test again. So when the guys responsible for this in an organization and reporting to their own board or to external auditors or to Dora and say if the worst happened, you say, we will be back up and running within 15 minutes. Data loss 10 seconds. Say, show me. Use a Zerto. Use this really powerful testing tool and you show them in real time. Yeah, that's really powerful. So the companies know that if the worst happens, that they've got the ability, they've got that. It's not a very technical phrase, bounce back ability. And that's where DORA really kicks in. And that's driving a lot of behavior. And then the final thing our guys tend to ask is. You've told me exactly. You've been very open, which is great. You sometimes are asking some difficult questions and sometimes they genuinely don't know, but they might come back and say, it feels like four working days to get the systems up and running and it feels like we might lose 10 hours data just clicking in and out there. And then we just ask one supplementary question, which is, okay, so today you've told me that. Thanks for that information. Can you just answer the fairly simple supplementary question? Are those SLAs what the business today needs and wants, or are those the SLAs today that your IT organization are able to deliver? We're looking for that gap and I've seen some fairly scary gaps. And as I say, if they say it's that and we're happy, we thank you very much. You got it all covered. All good. But some of those gaps, and that's where we start looking. You've got a big gap to where you are, to where you'd like to be. You've got Dora and NIST2 bearing down on you. And other sectors have different sets of regulations and that's how we do it. From a consultative point of view, what have you got? Where would you like to be? And that Zerto can help them get there and reach that compliance point.
[00:20:42] Speaker A: Okay, that's perfect. Thank you for that. I mean, I've one final question before we move on to next steps and things coming in the future. But is, and thank you for describing what you have with me in that way, because the question or thought I have here is people are well aware that they're going to get attacked. You know, decision makers, ultimately this is their responsibility.
I'm just wondering what's. What stops people from doing it? You know, it's. You see my point? And I'm thinking if you come across, you know, there may be customers who are watching this now and they may want to talk to us in a little bit more depth about that. But ultimately there's a decision where an organization or an individual is going to weigh up the risk versus yeah. And I just wondered from your point of view, have you got any thoughts on that at all?
Because I'm intrigued to just wonder why do people not do this?
[00:21:35] Speaker B: I think from my perspective there are always day to day business challenges which manage to get above the priority of something that might happen in the future. I think any organization that has been hit by one of these and has seen the pain, that priority soon shoots to the top.
The other thing I would say with the likes of NIST2, there are some personal sanctions on C Suite members for negligence if they don't do some of these things. So hopefully that will focus the mind a little bit. It does need to be moved up the agenda and I think C Suite are worried about these things. It's a board level discussion now. And to be able to, to test and prove that not just you brought your data back, but you brought the applications and it's actually usable in a known timeframe that suits the business.
There's not much else that you can do that will give that level of confidence. So it really should be a top priority.
[00:22:35] Speaker A: Darren.
[00:22:36] Speaker C: Yeah, we see. Because what we do is quite unique.
We've been doing this for a long time. We're not back. We do in a whole different way.
Zerto was originally founded by a couple of backup veterans, worked in a lot of the big backup vendors and they just were convinced you could do things in a different way. And as we said, this was 10, 12 years ago. Ransomware wasn't even invented, it was disaster recovery, business continuity. Something happens, you bring it back really quickly.
So that's what it was always designed to do and we do it very, very well. I guess our biggest competition, it sounds flippant, I don't mean it to be, is do nothing. We talk to organizations, they'll talk about the cyber, you know, we can advise on that, but it's not our business.
And then we talk about the scenario we've just been through. You've got backup, that's great. Do you mind me asking if. What would be how does it work? And then we find a gap. But there's. Sometimes they will just say thanks for that. Yeah, we've got a million other things to do or we haven't got the budget. Now what we don't do, we make a point of doing this. At Zerto we absolutely are stickless for this. We don't use the old fear, uncertainty and doubt. We don't pedal the wheels out to get you.
Everybody needs to know now. When I was in cyber the first time around, many years ago, you really had to explain this. It was also back in the day, a real reluctance amongst organizations to talk about it. Many organizations now are helping the industry in general by being open. One of the coolest things, you mentioned it very quickly earlier. One of the coolest things I've seen recently was regrettably the British Library got hit at the back end of 2023. Now those guys have done a fantastic piece of work. They've issued a white paper, it's freely available on the web, runs about 12 pages. Like me, if you're a bit of a geek, I read it all. And they're very open, very candid, really honest piece of documentation. I think at the end there's about 15 or 16 recommendations for other companies to learn from. And that peer to peer conversation probably does hold more weight than a vendor or a reseller telling them they've got that peer to peer piece.
And that's the way we kind of do it. We don't tell people the world's out to get them, we just say, look, there's more organizations open up about it. I mean that Snowbis thing recently, the blood testing guys in London, that had a big knock on effect in some of the big hospitals in the city. Because organizations have been very open, very candid, bringing it to the market. Other people think, okay, if it's out to those guys, it could happen to us. And that's starting to drive a change in behavior. And of course you've got Dora, what if you, if you non compliant and you get caught, is it 2% of your global company's turnover? That's a big number.
You know, I had this conversation there but you know, if you're the person in that hot seat responsible for that, I don't think you can do jail time. But it could be considered a career limiting move.
[00:25:25] Speaker B: I guess you can be struck off from underneath to.
[00:25:29] Speaker C: Yeah, yeah, so this thing's got some real, real teeth.
Because as I say again without talking about fear, uncertainty, doubt, when you look at some of the critical infrastructures that all nations need to run, you've got to make sure those things are as secure as they can be in the first instance and then you have a credible plan that you can absolutely rely on to get things back to business as usual as quickly as possible should the worst happen. And that's where we sit in that space and the business is going really, really well. And as I say, it's just fighting the good fight every day. The cyber guys, ourselves, people like yourselves, just trying, we're never going to beat it, but it's just trying to keep it at bay and just make sure we all have credible defenses in place and credible responses to when the sadly, the inevitable happens.
[00:26:19] Speaker A: Well, I think that's how this could maybe this particular conversation, it is a journey, you know, next steps. We have the webinar that I've discussed there is HP Discover coming up pretty soon as well.
And I think maybe my thought here is I'm hoping people watching this will be intrigued enough to think, okay, I'm going to talk to Simon, I'm going to talk to Darren, I'm going to talk to Rob. Through partnership and conversation, we can at least help people get on the journey. So any lasting thoughts before we say goodbye to everybody? And I think I would just sum.
[00:26:55] Speaker B: Up, you know, it's a multi layer defense. So prevent, protect, detect, bit of governance around it.
Don't assume it won't happen because it is happening, it will happen.
And let's just have a chat about it, right? Let's talk about your businesses, the risks that you've got. We can give a little bit of input from other things that we've seen other customers do and we can have an honest, open conversation about how we can help protect against those risks and.
[00:27:27] Speaker A: Move them on the next path. Darren?
[00:27:28] Speaker C: Yeah, and I think to reiterate what I said earlier is from an organization's perspective is just sit down and have that honest conversation with yourself without sitting there talking to yourself. Obviously, if the worst should happen genuinely, and it can be difficult conversations genuinely, how confident are you that you could recover? How long do you think it would take to recover and be honest about what the implications could be for your business? And if those responses are not what the business wants or not what the regulators want, reach out to you guys, have an initial consultation, all those guys are at the back end as a subject matter experts and just try and make sure that those companies are in a much better position for what's coming. Absolutely.
[00:28:08] Speaker A: So thank you, Darren. Rob, it was a brilliant conversation. Glad to take part in it and listen to both your stories as well. I think it's important though that our clients understand that there is next steps to this and where we can take them on the journey. And there's three elements to this. The first one is a security workshop hosted by Rob and the team, supported by myself and Darren. So if there'll be an email there'll be a web link on the, on the site as well that you can register your interest on that front. We also have a Zerto webinar and that is a technical deep dive of the product, the systems and the solutions that are available.
Also in there there's an assessment which we can run for you, the Zerto assessment run by a company called Capametrics. And then finally to finish things off, we have HPE Discover, which is HPE's worldwide event. So the latest greatest from HPE and partners coming together, I think there's 40,000 consultants and IT professionals from around Europe. So any, any, not just security, will be there. There'll be other elements as well. So I suppose the key finishing piece of this is please, please come and talk to us. You know, we want to help, we want to help you get to the next step and ultimately want to help you be protected.
[00:29:22] Speaker C: Gentleme.
