 The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers, this we know. This had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now the first major change was to recognize that the perimeter had suddenly been vaporized. Protection as a result moved away from things like perimeter-based firewalls toward more distributed endpoints, cloud security and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerges as a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies. More specifically, CIOs quickly realized that their business resilience strategies were too narrowly DR focused, that their DR approach was not cost efficient and needed to be modernized and that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello and welcome to why ransomware isn't your only problem, a service of theCUBE made possible by Druva and in collaboration with IDC. I'm your host Dave Vellante and today we're presenting a three-part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face in today's new world. IDC research vice president Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. After that, we're gonna hear from Curtis Preston who's the chief technical evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at Druva. Stephen Manley and Anjan Srinivas. Stephen is a 10-time CUBE alum and chief technology officer at Druva and Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how Druva is closing the gaps presented in the IDC survey through their product innovation. And right now I'm going to toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. Feel good when joins me next, the VP of research at IDC. We're going to be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on the CUBE. Hey, Lisa, it's great to be here with you. So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing the threat landscape changing so much. What is IDC seeing? You know, you really hit the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that ransomware that has everybody's attention. And it has the attention, not just of the IT people but of the business people alike because it really does have profound effects across the organization. The other thing that we're seeing Lisa is really a move towards cloud. And I think part of that is driven by the economics of cloud which fundamentally changed the way that we can approach disaster recovery but also was accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022 but within IDC we've been doing a lot of research around what are those impacts going to be? And what we find people doing is they want greater flexibility, they want more cost certainty and they really want to be able to leverage those cloud economics to have the scale up or scale down on demand nature of cloud. So those are in a nutshell kind of the three things that people are looking at. You mentioned ransomware. It's a topic we've been talking about. It's a household word these days. It's now, Phil, no longer if we're gonna get to talk. It's when, it's how often it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? Well, some of the research that we did is we found that about 77% of organizations have digital resilience as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more resilient, more digitally resilient. And to be able to really hone in on those kinds of issues that are keeping them awake at night, quite honestly. If you think about digital resilience, it really is foundational to the organization whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability and helping the organization to extract value from their data. And digital resilience, data resilience as every company these days has to be a data company to be competitive. Digital resilience, data resilience, are you using those terms interchangeably or data resilience to find something a little bit different? Well, sometimes, yeah, that we do get caught using them when one is the other, but data resilience is really a part of digital resilience if you think about the data itself in the context of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You really, you can't have IT resilience without data resilience. So that's where we're coming from on it. And it's strictly linked and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? Well, one of the biggest is what you mentioned at the top of the segment, and that is the area of ransomware. The research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally, being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it and they really avoided confronting that. Nowadays, so many people have been hit by it that that stigma is gone. And so really it is becoming more of a community kind of effort as people try to defend against these ransomers. The other thing about it is, it's really a lot like whack-a-mole, you know? They attack us in one area and we defend against it. So they attack us in another area and we defend against it. In fact, I had an individual come up to me at a show not long ago and said, you know, one of these days we're gonna get pretty well defended against ransomware and it's gonna go away. And I responded, I don't think so because we're constantly introducing new systems, new software and introducing new vulnerabilities. And the fact is ransomware is so profitable the bad guys aren't gonna just fade into the night without giving it a lot of fight. So I really think that ransomware is one of those things that is here for the long-term and something that we have to address and have to get proactive about. You mentioned some stats there and recently IDC and Druva did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concerning ransomware. Yeah, this was a worldwide study it was sponsored by Druva and conducted by IDC as an independent study. And what we did, we surveyed 500 is a little over 500 different individuals across the globe in North America, select countries in Western Europe as well as several in Asia Pacific. And we did it across industries where 20 different industries represented they're all evenly represented. We had surveys that included IT practitioners primarily CIO, CTOs, VP of infrastructure, managers of data centers, things like that. And the biggest finding that we had in this Lisa was really finding that there is a huge disconnect I believe between how people think they are ready and what the actual results are when they get attacked. Some of the statistics that we learned from this Lisa include 83% of organizations believe or told us that they have a playbook that they have for ransomware. I think 93% said that they have a high degree or a very high degree of confidence in their recovery tools and are fully automated. And yet when you look at the actual results, I told you a moment ago 46% have been attacked successfully. I can also tell you that in separate research fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't necessarily to be trusted. And so the software that they provide sometimes is fully recovered, sometimes it's not. So you look at that and you go, wow, on the one hand, people think they're really, really prepared. And on the other hand, the results are absolutely horrible. You know, two thirds of people having to pay the ransom. So you start to ask yourself, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. Everybody has a plan until they get punched in the mouth. And I think that's kind of what happens with ransomware. You think you know what you're doing. You think you're ready based on the information you have. And these people are smart people and they're professionals. But oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason, a lot of these have been successful. So that was kind of the key finding to me in kind of the aha moment, really in this whole thing, Lisa. That's a massive disconnect with the vast majority saying, we have a cyber recovery playbook, yet nearly half being the victims of ransomware in the last three years, and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience, data resilience, as we said, this is a matter of, this is gonna happen, just a matter of when and how often. It is a matter of, yeah, as you said, it's not if when or how often it's really how badly. So I think what organizations are really doing now is starting to turn more to cloud-based services, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of scanning, in terms of analysis, and so forth. So they're turning to professionals in the cloud much more in order to get that breadth of experience and to take advantage of cloud-based services that are out there. Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why is IDC staying this big shift to cloud where data resilience is concerned? Well, the first and foremost is the economics of it. You can have on-demand resources. And in the old days when we had disaster recoveries where we had two different data centers and a failover and so forth, you had double the infrastructure. If you're financial services, it might even be triple the infrastructure. It was very complicated, very difficult. By going to the cloud, organizations can subscribe to disaster recovery as a service and increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources, to be able to have the forensic analysis available to them, to be able to have the other resources available that are on-demand and to have that plan in place, to have those resources in place. I think what happens in a number of situations, Lisa, is that organizations think they're ready, but then all of a sudden they get hit. And all of a sudden they have to engage with outside consultants or they have to bring in other experts. And that extends the time to recover that they have. And it also complicates it. So if they have those resources in place, then they can simply turn them on, engage them and get that recover going as quickly as possible. So what do you think the big issue here is that these IPT practitioners over 500 that you surveyed across 20 industries, this is a global survey, do they not know what they don't know? What's the overlying issue here? Yeah, I think that's right. You don't know what you don't know. And until you get into a specific attack, there are so many different ways that organizations can be attacked. And in fact, from this research that we found is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the issue is once I have your data, what are you gonna do? I mean, there's no amount of recovery that is gonna help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and taking their chances. So best practice, things like encryption, immutability, things like that that organizations can put into place, certainly air gaps, having a solid backup foundation to where data is, you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place. Really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. Given some of the disconnect that you articulated, the stats that show so many think we are prepared, we've got a playbook, yet so many are being attacked, the vulnerabilities, and as the threat landscape just gets more and more amorphous. What do you recommend organizations do? You talk to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry we are vulnerable, this is gonna happen, we've gotta make sure that we are truly resilient and proactive. Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the consequences of ransomware, it's not just the ransom, it's the loss productivity, it's the loss of revenue, it's the loss of customer faith and goodwill. And organizations that have been attacked have suffered those consequences and many of them are permanent. So people at the board level, whether it's the CEO, the CFO, the CIO, the CISO, whoever it is, they're extremely concerned about these. And I can tell you they are fully engaged in addressing these issues within their organization. So all the way at the top, business critical for any industry, imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business, it's very profitable. But what is IDC's prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status-based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they really actually have a functioning playbook? I don't know if we'll ever get to the point where the C-suite is not involved. It's probably very important to have that level of executive sponsorship. But what we are seeing is, in fact, we predict that by 2025, 55% of organizations will have shifted to a cloud-centric strategy for their data resilience. And the reason we say that is, workloads on premises aren't going away, so that's the core. We have an increasing number of workloads in the cloud and at the edge. And that's really where the growth is. So being able to take that cloud-centric model and take advantage of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily. And to be able to take that cloud-centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. Got it. We're just cracking the surface here, Phil. I wish we had more time. But I had a chance to read the Dribba-sponsored IDC White Paper. Fascinating finds. I encourage all of you to download that. Take a read. You're gonna learn some very interesting statistics and recommendations for how you can really, truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining me. No problem. Thank you, Lisa.