 Begin journey, navigating the road to cyber resiliency. Welcome to episode two of navigating the road to cyber resiliency, brought to you by Dell Technologies and their partners at Broadcom and presented by theCUBE. My name is Dave Vellante and if you watched our first episode, you know that we're delving into how to best protect your company and your critical data by developing the right strategies for your cyber resiliency via secure backups and recovery and cyber vaults, plus overall security education and awareness for all your employees. We have some great experts with us today. We're gonna walk us through how to improve your overall security posture and your cyber resiliency. So today we're gonna hear from Arun Krishnamurthy who's the Global Strategy Lead for resiliency and security with Dell Technologies Services with some expert security and cyber resiliency insights for you from his hands-on customer work with Dell Services. Now, Keith Bradley is the Vice President of IT and Security at Nature Fresh Farms. They're a fantastic Dell customer. They've got this incredible IoT and Edge story. They've got this computing infrastructure and they suffered a really scary ransomware attack and Keith will walk us through how they recovered and then hardened their defenses. And then finally, Michael M. Bruzzo, Systems Engineer, Worldwide Technology, WWT, Dell's partner of the year in 2022 shares some excellent insights into how to assess risk, set expectations and deliver better outcomes for your cyber resiliency. So without further ado, let's dive right in. Wow, organizations face a lot of obstacles when they're trying to get cyber resilient, multi-cloud data protection. Yeah, but it's a smooth ride if you're on the journey with Dell. You're funny. Oh, are there any chips left? Sure, here you go. Perhaps you've been hacked or you're just feeling exposed. For many customers, it's a bit overwhelming to try and figure out how to secure your entire estate or even where to start. Well, we'd like to help. We're here with Arun Krishnamorthy who is a wide range of experience across all aspects of IT management, generally in security specifically. Arun, good to see you. Thanks for coming in. Great to see you. Thank you for having me. So you're very welcome. So give us a quick overview of Dell services and specifically the cybersecurity piece in your role. Happy to do it, Dave. Super excited. Dell's doing a lot in the security space. We've been doing a lot for many decades. What we are doing now is bringing together some key services that will help our customers really tackle this big challenge in cybersecurity. We all know that ransomware is rising. Many of our customers are struggling and we see that across all segments, small business, medium business, commercial and even enterprises. Some customers may have a sock and dedicated teams. Other customers do not have it. But in general, this is a widespread challenge and it's really causing a lot of grief for our customers. We know it. The stats are probably more than half the companies don't even have a sock. And so Dell, what I like is end to end, small all the way up to large. And we could spend a lot of time talking about the challenges that organizations face and I think that's been well covered. But what we really want to do is share a framework. We have a slide actually that you and I were looking at earlier, Alex, if you would bring that up. And I want to understand sort of how you frame the conversation, what you've learned over the years. Sure. So look, cybersecurity is really a risk mitigation conversation, right? And what we've learned over many years of our experience working with our customers and really solving real problems for them, this is one of the blueprints that's emerged for us and how we engage and talk to customers. There's three critical things in the blueprint that will help our customers not only prepare, which is pre-breach, what do they have to do, and also help them think through, God forbid something happened, how do I recover my, this is kind of the cyber resilience conversation, which is how do I understand both scenarios and be ready for it? So the middle of this is this slide is where everybody has all the tools, right? We all know that, but start at the top here. This is where, what's interesting to me is you guys go in, you do a portfolio assessment essentially and evaluate the risk, is that correct? That is correct. So one of the most important things in cybersecurity is it is not just the CISO and their team that need to be worried about it. The top layer is what we think of business layer, risk layer, we want the business units, the IT teams, the application teams, the risk teams, the security teams, collectively working together and understanding what does risk exposure look for this company? And this widely varies between different companies because they are in different stages of maturity and they have different priorities. So we need to understand that risk appetite and exposure first, and then understand and build that strategy, right? How are we now going to tackle it? Where should we start and what does next look like? Can you bring that slide back up? I want to talk about the bottom layer now as well. So this is where you get into the architecture. Explain what you've got going on down here. Yeah, this is an interesting one. So this is your layer technology architecture and another way of looking at it is if you looked at some recent Zero Trust mandates, the NIST DOD model reference architecture for Zero Trust also talks about this at different pillars. With the remote workforce that we have today and the remote target destinations that workers are going, which is multi-cloud, you now have a very diverse distributed workforce accessing very diverse distributed applications, whether it's private, public, SaaS, multiple forms. So how do you now connect these different pieces together is where some of the new technologies are evolving? And one of the interesting challenges is in the old model, you had one data center, one firewall, you knew who was coming in. Once they came in, you kind of understood what they were doing, but in the distributed model, you have to build security posture along the way. If I'm a user with a laptop and I'm coming in, what applications do I access? Where do they sit? How do I traverse the network and how do I protect every piece of it? So what you're looking there is the technology stack and we want to make sure that every piece of that is protected. Okay, so this is like I said, overwhelming for a lot of customers. So we've got another graphic that I want to bring up because where do you start? Simplify, if you could bring up slide two, Alex. Simplify for the audience, where do I start? Like I say, I've been hacked or I'm afraid I'm going to get hacked. I come to Dell, what do you tell me? So when you look at it from a customer journey, our first priority is understanding what exposures currently customers have today and we want to make sure we want to solve for that. Wait, so great example. We had one customer that had multiple domains, multiple websites that had forgotten about it. So when we do our attack surface management assessment, we uncovered that these assets were out there exposed for the bad guys to operate on. So let's understand the open vulnerabilities you have and make sure that we address it. And while we are doing that, let's also take a protection point of view, right? Let's protect what you have. God forbid the hackers came in, we are protecting the data. So can we double click on that second pillar here? You know, that's something that we talk about often on theCUBE and that is the adjacency of data protection to cybersecurity. Our audience has heard that a lot. How are firms thinking about this adjacency? How do you think about it? So one of the critical aspects of data protection is the recovery component, right? Are we protecting the right assets? Do we understand what does a recovery scenario for a particular business process look like? So when we talk to customers, they have hundreds of applications, they have some business process that has to come up. God forbid they had a cyber attack. So understanding the priority of the applications, protecting the right data, isolating them, and then having the ability to bring them back in an organized manner is super critical. So you can now prioritize those resources for the most critical applications. And from a protection standpoint, we also extend beyond data protection, which is where things like zero trust come in. So William, we'll talk about that, but so you're essentially connecting the architecture to the business process. So there's a lot of dependencies, so multiple databases, there's maybe multiple tools that you've got to deal with. We always focus on the tools, but there's a lot of other things going on in the business. What about that third pillar? If you could bring that slide back up, that idea becoming more anticipatory versus being purely reactive. What are the keys there? You've got this manage proactively. Let's double click on that. So when you follow the journey and you have now protected your assets, you've closed some of the exposures, you've put the right controls in place, well you have to understand that every customer environment is dynamic. Users are going to come in, devices are going to come in, applications are going to come in, and the threat actors are constantly acting every second of the day. So you have to manage your security proactively. You have to make sure that you're doing active threat management, you're bringing in a lot of threat intelligence. And Dell, for example, we have a SOC that spans 75 countries. We have a lot of different threat sources. We are able to bring that intelligence and understand if you're being hacked, if you're being hacked, we know what the connective points are, so we can help you detect and respond very quickly. You know, one of the things that, you know, you see these frameworks like the NIST framework, which is great, but it's a lot, and I think organizations have trouble or operationalizing that. Is that something that you hear as a frustration and how can Dell help them actually bring this to reality? Yeah, so great question, Dave. The frameworks are an evolution of what the industry has collectively understood over many decades. So they are phenomenal guidelines for customers. So NIST, for example, has five functions, and if you balance your investments across the five functions, your security posture is gonna get better. NIST also has controls, understanding those different controls and how do they work. So with our services, we take a pragmatic approach. We have the frameworks as a reference point, guiding principle, but we also look for common cyber hygiene when we work with customers. There are some low-hanging fruits you can attack and immediately increase your cybersecurity posture and then worry about the broader framework alignment and regulatory and other alignments. How does all this fit into, everybody talks about zero trust, zero trust is everybody's on the path to zero trust, but it's very challenging. CISOs tell us it's gonna take three to five years, which is kind of depressing because they get a lot of other stuff to do. What's your take on zero trust? How does this all fit in? So first of all, zero trust is not a new concept. It's been around a lot. It's getting a lot of trust now because the cyber attacks are continuing to grow and we need to find a really solid architectural foundation. That's what zero trust gives. So when you look at many security programs, customers are running today. It's dependent on understanding a few good behaviors, but mostly customers are looking their needle in a haystack. Is there a bad behavior going on? What zero trust does, it shifts the paradigm, right? Let's focus a lot more on the good principles, good behaviors. Do we understand our users? What devices do they use? What applications do they have? And put the right technologies to make sure that we are enforcing those good behaviors and it reduces the burden on catching bad behaviors, right? So that's the fundamental concept, but there's a lot of vendors with a lot of technologies that also have some aspect of zero trust in it. What we are particularly proud in Dell is we are kind of bringing them all together so our customers have a better understanding of the roadmap. And the other thing is we find a lot of our customers at brownfield environments. So essentially where we are helping those customers is how do we take those existing investments and convert them into a zero trust type policy and architecture. Yeah, so you mentioned needle in a haystack. Sometimes it's like a needle in a needle. When people ask me why Dell, I'll often say that the company's obviously got great services capability, but I want to learn more about the ecosystem, particularly as it relates to security. So we have a third slide that I wanted to pull out of the deck because it really does talk to this. Big theme today in security is how do I reduce the number of tools I have? And there are a number of world-class companies that can help you do that, can help you consolidate, and there's some listed here. Talk about your ecosystem strategy. Yeah, that's another great question. One, like you said, it's a highly fragmented industry because each vendor is solved for a particularly difficult problem, but the burden is on our customers to put it all together. The other interesting thing about technology, security technologies is they are not working on their own. So for example, when you detect a threat, you want to cross-reference that to open vulnerabilities. You want to potentially cross-reference that to your penetration testing and how the controls are behaving. So what Dell is doing is we are working with the industry leaders. And Dell is becoming the MSSB, the systems integrator, and we are not just working at the level of putting services together, but we are working at the engineering level. How do I now have secure API-based automation? How do we bring these technologies? For customers, we want to onboard these technologies really quickly and how do they all work together? So we are playing a very pivotal role in bringing these leaders together and collectively we feel that we're going to have better message for our customers and solve it. You're making it easier in a very complex world. Arun, thanks so much for spending some time and coming into our studio. Thank you, Dave. Appreciate it. All right, keep it right there for more content on navigating the road to cyber resiliency. This is episode two. You really can't take a wrong turn on this road. It's very... What's the word? Modern? That's it. Modern. When you think of farming, what immediately comes to mind are the many challenges that farmers face. Planting, fertilizing, harvesting, drought, irrigation, and flooding, pests, parasites, and pesticides. But cybersecurity, backup, and recovery for farming, are not top of mind. No one expects to be hacked, but in fact, everyone should expect it. Even small to medium businesses, and unfortunately, even farms. Current stats show that a business is hacked every 11 seconds. By 2030, it's estimated that an attack will occur every two seconds. So yes, even farms have to pay special attention to cybersecurity. Tune in for a short subject documentary presented by Dell Technologies. Nature Fresh Farms. Navigating the road to cyber resiliency. A special presentation from theCUBE. I'm really looking forward to seeing that mini doc. It's going to be available at thecube.net right after this episode. We're back with Keith Bradley, who's the VP of IT at Nature Fresh Farm. Earlier this year, we had Keith on theCUBE and we took you inside the ransomware attack at Nature Fresh. We're pleased to have Keith back to help the good guys get more prepared. Keith, always a pleasure to see you. Dave is always great to see you too. My tomatoes are almost there, you know, but not quite as beautiful as the ones behind you. Okay, let's review for the audience. You got attacked. What were the initial signs or alerts that made you realize that you were under attack? The first set of alerts that came in were fairly easy to see. We got alerts that a couple servers came down, a couple switches went offline. And when I first seen the alerts, I actually thought we lost one of our core switches. It just felt like that to me. So I basically popped in and ran to the office and evaluate and see what was going on. I figured it'd be a quick switch at the switch, put a new one in place, program it, and this and that and the other thing. And when I got in the office, I started to look and I'm like, nope, everything's running. And then I tried to log in my computer and it didn't work. And then I walked by one of the other techs computers and I could see that dreaded ransomware screen up on the computer and I'm like, oh, that's not good. And as things started to happen, they continued to happen. And I just ran and I just pulled the plug on the internet and stopped the feed and started to evaluate where we were. That's your heart rate ticked up a bit. How did the attackers initially gain access? I think it was through an open port, wasn't it? Take us through what happened. Yeah, so what happened is we had a vendor set up a computer and they needed access to program it. So they needed to gain a port access to remote into it to control the computer and program it up. I had been on site in actually Delta Ohio or other facility for them to do this and I opened up the port. Port was opened on a Wednesday by the looks of the evaluation. They got it on Friday and by Saturday they were executing their attack on our network. Okay, so was there anything else that you discovered? I think you brought in an outside consultant in terms of like, so they get into the port and then what happened? Did they start traversing horizontally? Can you give us any more detail up to the point of which you got that ransom notice? So yeah, they started traversing the network horizontally. They kind of went all over. They spread out, they gathered more credentials from the system and at some point in time they gathered an administrator credential that got them further and then they kind of had the keys to the kingdom at that point in time. Once that happened, they traversed not only the Ohio network but they also went through our VPN connection to the Canadian office to the Mexico office, to the Laredo office and kind of took over everything. Once that happened, there was no stopping them. Okay, so you get a ransom note and you didn't pay the ransom. Take us through that discussion. Why didn't you pay? Did you ever think about paying? What was that like? When we first happened, we really didn't know what to do. We didn't know how to look at it and what to do. And that's when we started gathering our consultants both from our cyber insurance that we had and even Dell Technologies that came on site to help see things. Well, they didn't come on site but they did things remotely for us to help us gather what do we do next. There was a lot of conversations that the investigation firm had with the hackers to try to gain insight into what they got and to see what they got. But we decided that it wasn't in the best interest to pursue it and that was about suggested by Dowling Insurance but most cyber attackers to just don't pay it, it's not worth it. And that we were blessed enough to say that we were able to recover all the data that we were missing. So we didn't really need to pay them to get it in back. We just had to rebuild our entire infrastructure from the ground up and start going. So how did you manage to regain control? You know, there's how did you recover? How long did that take? So the initial recovery to get us back to bare minimum was so the attack started about 6 a.m., 7 a.m., so about 6 a.m., Saturday morning. We lost basically everything in its entirety. By about noon, one o'clock on Saturday, we were able to pick and shift product out of our distribution centers again by our backup and recovery software. We had nothing more than that. We just had bare minimum to run and see where things are. Then we started to actually evaluate, okay, where is damage? What do we recover? How do we recover? What are the next steps? And at that point in time, we'd engaged with Dell to say, hey, what do we need to do this and how do we do these steps? So it was a double dip. So they expedited our deployment of carbon black. So our carbon black was B in the middle of being deployed and now we just deployed it everywhere. Found out what was the hash for the attack and the other symptoms they were seeing and we just blocked it entirely out. Then we continued to just kind of rebuild things. And we continued to rebuild every moment of every second and it basically took us to about Monday, Tuesday or the next week to get back to a point where for the most part, the end users didn't know what even happened. The longest part for my team was rebuilding probably about 300 laptops from scratch and some of them doing it remotely. So it was a busy time. Wow, okay. So all this was a catalyst as we talked about in May to restart your journey to cyber resilience. What else have you changed as a result of this attack? So we not only changed how we look at things but how we do things. We now make sure that the vendors are much more compliant with our cybersecurity policy. We are much more adamant about what's open on our firewalls and how things are. We reevaluate and even though our backup solution worked to recover for us, we found that that six to seven hour window wasn't fast enough for us for recovery. So we actually went out and rebuilt our entire backup policy and how we backed things up and how we'd recover. Then we institute what we call a cyber vault which is basically a virtual air gap solution that not only protects your data but analyzes the data to see if there's any hackers laying in weight in the data that is going into this vault. So we really, really started to look at how do we back things up every day and actively saying we don't want to do this, we don't want to change the way we do it and this is how we are going to secure a network. So you compressed your, if I understand it, your recovery time objective if I got that right, did you change the RPO or were you comfortable with the amount of data that you were able to get back? We actually did increase it, we made sure we were backing up every single thing now. So every single thing that we did was totally backed up and recovered now. There were a few servers that we were kind of using but not needing to have recovered that we just rebuilt because we didn't do it but now we cover everything from a simple user's text file to an AI algorithm that we have on one of our servers. And your cyber recovery, your cyber vault is, you said virtual, so are you thinking about an offsite air gap? Is that something that's in the future? It's possible right now, again, the power effect that I manage that we're using right now, that's something we like always, we can keep expanding it from what we need. The next step I think that we would do is we would have an air gap to a one of our other locations so we would actually air gap to two different locations probably before going on the cloud, more because we have such a diverse area. I kind of like to say that we've built our own on-prem cloud to make things work. What would you tell somebody who, let's say was in the position you were prior to the attack, they see this discussion, they maybe see you at your Dell Tech World interview, what would you tell them, what advice would you give them? I would say to them is whatever you think you're doing today, it's never going to be enough. So you have to look at full size of the coin. How do I protect my network? And yet how do I recover when it happens? Because there is no if, it's always a matter of when. Like one of the things that I love from the intro was a ransomware attack happens all the time and by 2030 it's going to be every two seconds. So eventually one of those two seconds is going to catch up to you. So be prepared on both sides. Protect your network from the attack and be prepared to recover from the attack. Yeah, the statistics and the probability are not in your favor. Keith, you've always been a great friend of the cube and I know you've been loyal Dell customer that sounds like they were there for you and your time of need and you're repaying that with your customer loyalty. So I really appreciate you coming back on and telling your story. Yeah, I always appreciate value. And it's a good story to share as I feel like people don't want to talk about it. They don't want to acknowledge that it's happened. And if we work together, it's going to make it feel better for everybody. Fantastic. All right, keep it right there. We're going to have more content on navigating the road to cyber resiliency. This is episode two. Cyber recovery. Immutability. Isolation. Intelligence. Zero trust. Just face it. You'll never beat me at the cyber resiliency game. Pretty sure that was a tie. You wish. Data protection, DR, cyber recovery, architecture and much more on Michael. Well, the rest of it. Yeah, good to be here. So what's your role? Well, first of all, a little bit about WWT and what's your role there? So we're a large privately held, value-added reseller across the market. We were Dell's partner of the year last year. And really we like to engage with our OEMs and our customers to obviously facilitate, add value and bring our expertise to bear to help customers deploy the best data protection solutions that we can. And large is an understatement. I think it's known that you guys are like 17 billion dollar company. Yeah. Very substantial player. And really working to double every five years and just very focused on growing the business. This is a second scene. Objective, I love it. So simplification is a big theme in tech generally, but specifically in cyber security. When you work with customers, what are you hearing? Where do you help them start, how do you help them get started and how do you set expectations so that they're not trying to get too far out over their skis? Well, that's the important thing is setting good expectations, right? The first thing we need to do is look at what applications need to be protected, get a firm understanding of what needs to be protected, where the customers crown jewels, help them understand what their RPOs and RTOs need to look like to ensure that they're going to be able to recover the data appropriately and then develop a plan to execute on that and understand what those timelines need to look like so that when we do get into deployment nobody's surprised. Okay, so you start with sort of, is it a discussion? Is it an assessment? What's the starting point? Definitely start out with a discussion because you always want to have a conversation but then we can perform assessment, we do app rationalization studies, help understand the dependencies. Obviously if you're protecting a large application, you want to make sure we'll complete some parts that go in there are protected together, things of that nature and then make sure you're engaging the right stakeholders as well in those early discussions. Okay, so you've been at this for a while. I'm interested in the lessons learned from two perspectives. One is from the many, many years of experience you've had and then the second is post-COVID because pre-COVID people talk about zero trust but they really weren't serious about it. It was kind of a buzzword now, everybody's on the path and I think they're realizing, well this is going to take a while. All this hybrid work, remote work and I know people are coming back to the office but still a lot of people working remotely. So there's sort of lessons learned pre and post and maybe you can share those with us. Lessons learned pre, I think the biggest thing again is that especially in large organizations this needs to be a top-down scenario. If you try and work it from the bottom up it becomes very difficult because the first thing you do is walk in and tell everybody that what they're doing is not sufficient. When it's a top-down perspective you have to make sure that you engage both the security and the information teams and generally at the C-suite so it's the CTO, CIO and the CISO all have to be on board to make sure that that's going to work in a coordinated fashion. And then the other big overall lesson learned is don't try to boil the ocean from day one because that's going to result in a project nobody's going to be able to swallow. Post COVID really what we're encountering is that there's a much greater awareness in organizations on the need to manage that data and protect it. So what we're seeing is more awareness of security out to the edge and the fact that data is not just always going to be sitting in the middle of that big data center in some centralized location. Also we're really seeing post COVID a lot of customers have moved a lot of solutions to cloud-based and incorporating the cloud solution and understanding how to protect the data that's in the cloud as well as the data that's sitting inside the four walls. So what's interesting is it relates to stakeholders. Cloud has now become the first line of defense for a lot of companies and yet cloud is code so you get application developers that are actually being asked to secure the infrastructure. That's not their... Let me back down. No. In terms of the stakeholders how do you connect? You've got the infrastructure, you've got apps, you've got business processes are you bringing in the line of business people? Is it the app dev heads? How do you deal with that? That I think is eventually what needs to be happening but again at the beginning of the day the C-suite has to have a full understanding and then push that down from the top. This is where we're going in order to save the business. You have to remember when we're talking about cyber resiliency these are existential threats to customers' businesses. You may not be there tomorrow. This isn't oh we're down for two weeks because hurricane. This is oh all of our data has been encrypted. Oh all of our data has been ex-filtrated. It's a threat to the business that everybody has to be on board and often to that point it often comes down from the board because they have the fiduciary obligation to ensure that the business is going to be there. They're very much aware of these threats and the board and the CEO come to the teams and say this is what we need to do to make sure we're here tomorrow. How much education do you have to do at the C-suite level because I mean there used to be this mentality of oh you failed you're fired and I think that's gone away has it and how much education go on? Less now which is great and in fact at WWT we're really starting to lean into tabletop exercises for that. It's really nice we're developing a script that puts you in the room when a cyber attack occurs and walks you through a typical response so that you kind of get a day in the life and we found that when we do these kinds of tabletop exercises especially with folks in the C-suite they walk out with a much better understanding of the potential downsides of doing nothing and of what mitigation would look like. So it's like the empathy exercise but the C-suite and the sec ops shoes and oh by the way what do you do when your operations officer is backpacking in Maine when the cyber attack occurs? Well and how do you permeate that so you got top down and then I guess that trickles up and then you got the middle out meaning you've got all these let's face it bad use of behavior is going to beat good security every time so how do you create that security culture is that part of what you see organizations doing do you work that into this? It doesn't quite fit into the data protection value I mean the good news is from a data protection side I think for the last 23 years or so everybody's kind of understood that you have to have your back up so if we can get the information technology and security organizations on board the end user behavior of protecting the data is generally already there which is very helpful. Do you think people you must underestimate the scope of the problem and what it's going to take in terms of human capital and budget etc? Right and it's really important to start setting those expectations early understand what the budgeting looks like and more importantly what the timeline looks like because if you underestimate the amount of time you're going to need to spend to do app rationalization and understand what you need to protect you know the whole timeline goes down like a bunch of dominoes so getting those expectations set up front and that's something that we do a lot of with our customers and those out of scope expectations that may be in the executive's mind what's it going to take for me to solve this problem right how much give me a number and scary scary boil the ocean conversations what we tend to do in those cases is really start small say what do you need to rebuild your shop Mr. Customer start with putting that in a safe location tertiary copy offline and then expand to what's the data that the business will be gone tomorrow if you lose it and then move on from there so it's generally a kind of a better best good better best approach so as watchers of the Siri know a major focus has been the adjacency between data protection and cyber resiliency so we've been asking all of our guests where does data protection fit into that mosaic of cyber security well if you look at it and we've been doing it this way for a little while from the pillars of the NIST cyber resiliency model obviously we're recovery right we're the guys that you go to to get that data back and you know that's the key feature functionality where we play in and one of the biggest changes there is now we're going from a small scale recovery anticipation to a large scale recovery anticipation we got to get the whole business back as fast as possible but we also fit into some of those other pillars right anticipate one of the key things about backup is it touches every bit of data in the organization if you can start to do analytics against that backup data you can understand things like blast radius and infection time a lot faster so we definitely see a lot of our OEMs developing capabilities around that that we're then evangelizing to our customers and then on the back end of that whole NIST cyber security model of being agile and learning to respond and kind of you know skate to where the puck is going you know the bad guys are not sitting still they're learning they're developing constantly this is a constantly changing threat landscape and if you're not you know every time going through and analyzing where can we make this better what's changed that final pillar is I think really important to make sure that the data protection teams are engaged in you know so I do a lot of these types of interviews and people will often say you know look at the NIST framework how do we implement that and that's obviously good advice and there are other frameworks as well but customers sometimes have trouble operationalizing it actually you know driving it through the business so that it can be continuously improved do you find that as a challenge and how do you address that it's definitely a challenge because I mean organizations don't like to go they like to go okay this isn't a done pile we're through check we have a disaster recovery plan we have a cyber recovery plan and when you come back in and tell them you have to test it that costs money and you have to then sit back and well how has the threat landscape changed and how do we need to change it there's always going to be resistance to that because it costs money and it gets things out of the done pile and back into the to pile nobody wants to do that so yeah working with customers to help them understand that that needs to be done and modeling good behavior when we first met we were using the sort of football analogy you got two teams that are pretty equal you get a first down on every play you're not going to not punt and you use an analogy about watching film what was that they're going to watch your highlight reels from your previous games and understand what are you doing and that's the thing the bad guys are looking at all the stuff that we look at they're evolving their strategies and solutions you have to stay ahead of that you have to keep working and understanding and getting educated that is really really huge because again hurricanes are not out there looking for soft targets the disaster recovery and cyber recovery are related but very very different in that respect you're dealing with an active opponent who's evolving who's changing, who's looking at your highlight reels who's studying your plays and sometimes it goes all the way up to state level actors as the time of recording this we've got a lot of health systems in Connecticut that just have no information technology right now this is a scary scary landscape and we're not just spread and fought so taking that metaphor and sort of applying it as well I like the sports metaphor because a coach will come up with some new whatever like the west coast offense when it first came out and then the defense had to respond to that you see it now with AI I feel like when you work with a company like a large company like Dell they still have a lot of AI but they maybe had AI access to AI that the adversaries didn't have now all of a sudden chatGPT comes out the adversaries have, they start to the light bulb goes off do you think that in the near term that all this AI buzz helps the adversaries more than maybe the defenders it certainly makes it easier it lowers the barrier of entry right because if you're really clever you can trick chatGPT telling you how to hack a system and you don't have to have a lot of technical knowledge to do that used to be you at least had to understand the technology really well now you can have this AI spit out a script that will help you to subvert a system and if you can subvert a system you can subvert multiple systems etc etc so that's really the scary thing for me right now is it lowers the barrier of entry and makes this significantly easier to repeat we saw this with ransomware for a while where you could go on the dark web and you still can get ransomware as a service it's a business it's a volume business and that's still my biggest concern is ransomware for service or ransomware for state actors because all they have to do is succeed once and that's why we tell our customers you have to operate under the basis it's not a matter of if you're going to get attacked it's not a matter of if they're going to get through it's a matter of when they're going to get through because the good guys have to win every time and the bad guys only have to win once so what's the one thing that you would ask customers to not do and or do the one thing that I would ask them to do is to really take this seriously and make sure that at the very least you have a tertiary offline copy of the information systems and things like that switch records DNS I don't want to get too technical but the stuff you need to rebuild your shop that's square one that's the important thing and the one thing that I would tell customers to not do is to not don't make the ostrich play don't stick your head in the sand and hope this thing passes you by because hope is not going to be a solution for this problem you've got multiple databases you've got multiple tools it affects different business processes so you really got to think that through planning planning planning Michael thanks so much great having you I'll be right back to wrap up and share some news you're watching episode 2 of Navigating the Road to Cyber Resilience you know I don't think I've ever been on a road that's so simple to navigate well why do you think I let you drive oh you're hilarious Emmy okay today we learned about Dell's approach to integrated security and resiliency and what that means a room laid out key steps to take to become more mature in risk assessment and reducing that expected loss reducing that risk and the importance of a connected partner ecosystem and then we got into the anatomy of a real world cyber attack how one seemingly benign activity opened the door for a malicious event but most importantly how that experience reshaped nature fresh farms outlook on the security posture their processes and their entire culture for the better immediately following this episode tune in right here on navigating the road to cyber resiliency on this website for a special short subject documentary on nature fresh farms their operation their unfortunate ransomware attack and how they were able to successfully recover with help from their partners at Dell and then finally we heard how Dell's partners like worldwide technology as part of their critical connective ecosystem are helping guide customers along the right path assessing their risk setting the proper expectations for success developing individual plans and working hand in hand to deliver positive outcomes for better cyber resiliency that's it for today stay tuned for episode 3 which will be live in our Palo Alto studio later this year in December thanks for watching episode 2 navigating the road to cyber resiliency made possible by Dell Technologies in partnership with Broadcom we'll see you next time