The ultimate last line of defence against cyberattack

Andrew Dodd

Worldwide Marketing Communications Manager at HPE Storage

Welcome to this series of articles in which I will be discussing the lasting innovation of HPE StoreEver tape and LTO tape technology.

I finished the previous article by mentioning that a key benefit of LTO tape is allowing you to store your data offline and behind an air gap so that it cannot be corrupted by ransomware. In this blog, I want to dive deeper into the topic of tape and cybersecurity.

Are businesses expecting too little when it comes to cybersecurity?

A new report just published by Enterprise Strategy Group paints a fairly bleak picture of the current ransomware environment:

  • 47% of companies are experiencing ransomware attacks on a monthly basis or more frequently.
  • Of those who have experienced ransomware assaults, nearly 3 in 4 were negatively impacted in some way, with 50% saying this included data loss.
  • Over 56% of the companies suffering a “successful” ransomware attack say they paid a ransom.
  • And of those who paid, two thirds reported they were unable to recover more than 75% of their data, with a small percentage (3%) reporting less than 25% data recovery.

And this is success? Maybe we need a different approach to what appears to be a “could have been worse” mindset. What could underpin this different perspective?

A shapeshifting threat

Ransomware is in no shape or form a ‘new’ threat. What has perhaps changed is the level of public awareness following a spate of high profile ransomware incidents in North America and Europe during the last couple of years.  It’s one thing when a ransomware attack impacts a single organisation in a relatively localised way; it’s quite another when it literally brings half the country and large parts of the economy to a standstill.  

Oil pipelines, power stations, hospitals, ports and other strategic infrastructure leap to the forefront of everyone’s minds when considering the critical targets for ransomware attacks. But computer connectivity is now being built into just about everything. From cars to houses to factories, the Internet of Things is creating a society that is networked like never before. 

And where there are networks, there are applications, and where there are applications, there is data, on an unimaginable scale. 

Exploiting the potential of so much networked information provides opportunity for unprecedented societal development and no one wants to rewind the progress that has been made in this regard. But I think we also have to be honest and open in acknowledging that connectedness also creates vulnerabilities which did not exist in the past.

Some companies have tried to take a conventional approach to safeguard their assets by turning to the insurance market for cover. The challenge here is that cybercriminals are calculated, focused and relentless in the way that a fire or a hurricane are not. Ransomware doesn’t blow over if you can wait it out. And with premiums rising, insurers are also coming under pressure from governments to stop providing reimbursement of ransomware payments on the grounds that this kind of protection encourages, not deters, the criminals.

All round protection for an all round threat

As Arthur C. Clarke famously observed, any sufficiently advanced technology is indistinguishable from magic.  And sometimes, I think we place too much trust in cloud-based technology and forget the physical realities that lie beneath its miraculous abstraction.  The cloud is not a cloud.  It’s a network made up of different technologies - compute, storage, infrastructure, software - all of which have a key role to play and none of which are infallible.  In recent times, there have been so many reported incidents of ransomware that I think the following axiom is reasonable:

“the ingenuity of cybercriminals will always find a way to breach the ingenuity of cyberdefences: therefore everyone needs some tape”

I admit that statement may raise an eyebrow and I don’t want to seem fatalistic.  But advocating for LTO technology doesn’t mean starting some kind of  offensive against other storage alternatives.  That’s basically because I don’t regard cybersecurity as an existential struggle where only one solution or approach can be left standing. Yes, I believe that everyone needs some tape, but that should be in addition to the other complementary technologies that you deploy to build a circular fortress that guards your data on all fronts. 

It’s like selecting technical clothing to venture out into a storm. You wear garments in layers because each item of clothing - waterproof, soft shell, mid layer, base layer etc - has a specific job to do and provides a specific benefit.  Individually, none of them can cover all your needs (a waterproof won’t keep you warm, a base layer won’t keep the rain out), but together, they create a system that will protect you from the worst of the elements.

HPE Storage offers more!

Likewise, when it comes to ransomware, various HPE storage solutions have technology that contributes to keeping your data secure against cyberthreats.  HPE StoreOnce Catalyst API’s protect mission-critical data stores from ransomware attacks by providing data isolation and preventing ransomware from accessing backup data on the HPE StoreOnce array, thereby ensuring data integrity. HPE’s newly acquired Zerto solution offers the power, speed and convenience of continuous data protection so that you should always have a pre-ransomware roll back point for any data covered by its protection. HPE Apollo servers with Scality RING allow you to write immutable data to disk-based object storage.

And uniquely, what HPE StoreEver tape also offers, aside from colossal amounts of storage to help you navigate your data oceans, is the ability to put huge chunks of your data truly offline and beyond all networked interference. That’s important because bad things will always happen to good computers in unexpected ways, both your own equipment and – quite possibly - that belonging to your CSP or MSP.  And in a new study by ESG, an astonishing 61% of customers reported they recovered less than 75% of their data even after paying the ransom.  Having a complete, clean copy of your data safely stored offline using HPE StoreEver would allow you to fully restore data after a ransomware attack. 

Protecting the protector: keep your backups safe!

So deploying multiple barriers in a systemic approach to cybersecurity provides you with much stronger defences than any single one of them alone: the speed of Zerto; the flexibility of HPE StoreOnce or Apollo server-based object storage; the unassailability of HPE StoreEver tape. Together, that’s an incredibly formidable shield to put your data behind.

It’s worth mentioning that a number of ransomware incidents have demonstrated that cloud service providers are just as vulnerable to crippling ransomware attacks as their clients, and may even be targeted precisely because they give criminals additional opportunities for exploitation.  If you are hit by a ransomware attack, and depend on your cloud service provider to provide you with backups, where can you turn if they are also impacted by the breach?  

This brings me to my final point. It’s unwise to assume that thieves are simply after your data. They also want your backups too. The reason for this, of course, is that the cybercriminals know that companies will fall back to their disaster recovery protocols in the event of a ransomware attack. To prevent this escape route being viable, sophisticated hackers will often try to move laterally through a network to identify and then lock or erase backup data before making their final assault on operational systems. 

As the UK’s NCSC pointed out in 2019: 

“The NCSC has seen numerous incidents where ransomware has not only encrypted the original data on-disk, but also the connected USB and network storage drives holding data backups. Incidents involving ransomware have also compromised connected cloud storage locations…”

This is a threat because in a connected environment, the attack surface is so much wider and multi-faceted. Criminals will never stop learning and exchanging knowledge about how to target businesses and their intellectual property. Hackers only have to get it right once whereas you must consider for every possible vulnerability across your entire infrastructure. 

In a recent study, by Cybereason, 34% of UK businesses and 31% of US companies reported closure after a ransomware attack. The same report also pointed out that even though the majority of ransomware attacks do not result in business closure, a significant portion of companies are forced to eliminate some jobs.

A small price to pay for a lot of peace of mind

Faced with such devastating consequences, spending in the region of $30,000 on a HPE StoreEver MSL3040 tape library that could place PB’s of encrypted data beyond the reach of a remote hacker seems a modest price to pay for the extra peace of mind and security it would bring. In the end, it’s not really a technical consideration and more about your attitude to risk. 


Why use tape? If it’s that inexpensive and gives you extra peace of mind, why not use tape?

Some vendors or commentators assert that tape is too slow for restoring mission critical databases and other key applications and in a conventional recovery situation, they would be absolutely right. If you need to spin up a critical OLTP database as quickly as possible, or recover a handful of critical files, it would be really strange to use tape when there are better alternatives – such as a secondary disk array or continuous data protection solution. But if ransomware has completely locked you out of your data, I would argue that speed of recovery is secondary to the fundamental question of ‘Can we actually recover at all?’ 

Put another way: if you only have 10% of your data available with the rest (including all your disk or cloud-based backups) criminally encrypted, a couple of days extra to recover your infrastructure from a recent tape backup won’t really be that much of a burden.  That is the critical benefit that only a truly offline storage medium like LTO tape, one that can scale to petabytes or even exabytes, can deliver.

I don’t want to revel in other people’s misfortune, nor (I hope) will you feel that I’m trying to claim tape is the answer to every storage challenge. But when it comes to ransomware and damage limitation, I believe it’s abundantly clear that tape is still a phenomenally useful solution because it can be deployed as a lifeboat when every other part of the ship is underwater. 

Everyone needs tape!

In this respect, it remains entirely unique and that’s the reason why if you are deploying flash, secondary disk, HCI or cloud storage solutions, I would strongly encourage your business to consider keeping its LTO tape infrastructure.  That way, you always have the extra layer of true air gapped defence and the peace of mind that comes with it. After all, the whole point about the future is that you never know what might happen. By using tape, you greatly increase the chance of a positive outcome.

Ultimately in this strange, new world of cybercrime, you don’t need to wear a vest, deliver snappy one liners and walk barefoot over broken glass to thwart the baddies. You just need to follow the advice of the FBI:

“Backup your data, system images, and configurations, test your backups, and keep backups offline”

“Offline” for most practical purposes means on tape. And in my view, everyone needs it.  

In the next article, I’ll be discussing an often overlooked and misunderstood aspect of the tape value proposition: it’s outstanding reliability! But in the meantime, feel free to give me feedback in the comments here in LinkedIn or by following me on Twitter @tapevine. Thank you once again for reading!

Follow or contact us!

Sales Expert | Technical Support