Podcast: The "Kronos" Issue

In this episode of When Bits Hit the Fan, James and Taylor breakdown #1 on their 4 things every business needs and the Kronos hack updates. With the mass increase in ransomware attacks, how do you know your data is clean? Can you ensure the bad actors aren't already there? Your vendors are at risk just as much as you are. Can you ensure a vendor breach doesn't effect your business?

 
The following transcript was generated using an automated voice recognition tool. Some small discrepancies may exist between this written transcript and the original audio recording.
 
Taylor (00:06)
This is When Bits Hit the Fan, where we keep an eye on tech news, so you don't
have to and when bits hit the fan we bring it right to you. Each time a major tech news story breaks I, Taylor Uden, and James Schuler translate the facts and show you how it impacts your business. So if you feel like you're inundated with tech stories, let us guide you through when bits hit the fan.
 
[Music] ()
 
Taylor (00:32)
Hey guys! We had some long time listeners calling, requesting for us to ask the small talk at the beginning today so, we're just going to jump right in. Sound good?
 
James (00:40)
I really wanted to tell you though about my break. I have to skip that now.
 
Taylor (00:45)
Yes, you do. You may- you guys may remember last time we chatted, we talked a lot about the Kronos hack and the Log4j and all the things going in between, um, how it's all tied together, or maybe not. Whatever- whatever the news was, um, it's still lingering to this day today. 
 
James (01:02)
A month later.
 
Taylor (01:03)
What's happening.
 
James (01:06)
Yeah, a month later people aren't talking about Log4j as much as they are still talking about being impacted by Kronos. It seems that a whole bunch of healthcare systems really relied on Kronos and just- Kronos to make sure payroll went out. So there's still articles coming out all the time about what that restoration process really looks like. Um, are you kind of curious?
 
Taylor (01:29)
Well, only semi-curious. It makes me think though of the um, like, colonial pipeline hack where, or really any hack, you don't know what's wrong until like, months later like, where are they at? Where the bad actors at?
 
James (01:42)
There's- there's definitely a, some similarities. Maybe uh, one of those big ones though is that it looks like Kronos officials must have been responding to the issue with some level of unknown, or fear, uh, of the unknown. Um, I'll give you a couple of examples. For one, you've heard us tell it a hundred times, there's only- there's four things that matter. Do you remember what those are?
 
Taylor (02:03)
Clean copy of data.
 
James (02:03)
Right.
 
Taylor (02:04)
Proactive threat hunting.
 
James (02:05)
Yeah.
 
Taylor (02:06)
Visibility into security gaps.


James (02:06)
Right.


Taylor (02:07)
And an incident response plan.
 
 
James (02:09)
Yeah, Perfect! So those four things are still um, very relevant and definitely in this type of case, you're looking at the clean copy of data almost uh, solely because that's what they've now released, is that they've lost access to their production servers, the production storage, and then also their backup storage. Uh, we've touted before in previous podcasts that you've got to segregate your backups.
 
Network segregation has been a major topic, in fact, the White House memo we talked about a long time ago said that was one of those entry-level foundational items you have to do. Well, segregating your backups to a different network also matters. In fact, it's becoming far more popular to have a stale off-site copy, completely unplugged from the network of that data. So, kind of interesting if you think about if a breach happened to your business. If they got your production environment, you could say 'Great! I have a really robust backup strategy. I can kill off my production servers. I can just restore from my backups and I'm off and running again.' but, if those backups are also encrypted, then you're stuck. Definitely truly stuck. You're gonna be looking at a month-long restoration process like Kronos's.
 
So that's what we're faced with- they say they're gonna have um, new news coming out any day now on being back up and running but as we sit here today, they're still struggling to get there. So the lesson learned is kind of easy. It's not- not that challenging to hear where I'm coming from here. For one, almost every business has backups the question i have is is that enough. Two, if it's not enough how much more do you need to invest in in stale copies of your data not actively helping your business in order to ensure this doesn't occur. Now, you mentioned the four things that matter not the one thing that matters.


Taylor (03:59)
Mhm.
 
James (04:00)
Um, to me it's a bit obvious that they weren't doing vulnerability scanning and keeping up with those uh, um, those vulnerabilities that were listed if this is indeed related to Log4j if that's how the bad actor got in. On the other hand, once somebody is in, that proactive threat hunter should be able to isolate and contain the issue so that it's not as widespread as production and backups or multiple production servers in all your backup systems. That's a very widespread attack that Centre- we've dealt with both. I don't remember some of those but, we dealt with both of these types of breaches so in the event that a listener right now is going through their own recovery process, we do have a rapid response or help you get through it but the preventative measures are not that expensive. It's not bad. Have you ever priced this out?
 
Taylor (04:47)
No, not for myself.
 
James (04:49)
Sure, but if you're- I don't know- if you ever looked at any of our uh, like our case studies or our white papers on it but it's not- it's not that bad. I think you could get away with saying uh, let's say you're a company of 50 employees. Then you could get away with saying that for under 10 grand a month, you could take care of a true DR strategy, disaster recovery strategy, for a clean copy of data. Implement all the proactive threat hunters you have to do, and then also put a program in place with uh, with resolution labor included in it for vulnerability scanning and to kind of break that down. You're probably looking at the bulk of that cost being that data side that- that uh maybe 50% or more of that would come from clean copy and data and appropriate backups.
 
Taylor (05:35)
Mhm.
 
James (05:35)
Second, you'd have very little cost in that proactive threat hunter. In fact, if listeners aren't doing that today, they need to do it tomorrow. They need to do it as soon as they can, and then the vulnerability scanning. It's low on the tech side cost-wise, it's just high on labor because of how- what it takes to fix things. Yeah, what it takes to go back in and make those repairs.
 
Taylor (05:53)
Sure.
 
James (05:54)
So, if it's- if it's achievable financially, 'why aren't people doing it' is what I keep asking myself.
 
Taylor (05:59)
Mhm.
 
James (06:00)
Um and I think the answer is because it's not new to us. Backups have been around forever, scanning's been around forever, a lot of our listeners I know have told me that they've done scanning before but they only do one a year or they only do one every uh, every six months and if that's the case, it's just- they're looking at old data. They need to continue to do it so that someone's staying on top of it and assigning priorities. Um, remember the word immutable?
 
Taylor(06:24)
Yeah.
 
James (06:25)
Heck, it was almost the name of our podcast right?

 
Taylor (06:27)
Yeah.
 
James (06:28)
So immutable backups too are- are critical here. Um, if- if you have these certain measures in place, if it's- if it's newer technology set up correctly then this won't be happening to you.
 
Taylor (06:39)
Yeah. I want to stay on that topic just for a second. What- what do we do as Centre and- we lead people to Cohesity say-
 
James (06:47)
Mhm.
 
Taylor (06:47)
What does that look like?
 
James (06:51)
Would we lead them to it?
 
Taylor (06:52)
Yeah, like that would be our, that- that's our partner we work with.
 
James (06:55)
Yeah so there's- there's many ways or so our NOC, you're familiar, we have the managed services out of the house. That- that group will- will support any backup. They don't care what type of flavor of backup you've chosen as a business but, if you were looking for a recommendation, we would lead you to a program- a service that ends up having a lot of discipline and controls put already in place. That proven method would allow you to rely on something outside of the human behaviors that you might document on your own or learning from your own mistakes. Uh, aside from that, we do have preferred partners. You're exactly right, I think if- if someone has a serverless environment, if somebody's a startup or, a small business, they might not need something as beefy as a Cohesity unit. So it doesn't matter on their size, we'll figure out a good solution. We're seeing a big adoption recently of VDI especially with the virtual work- workloads. You can put into Azure or AWS and if you're doing something like that, you can get away from having on-prem backups so, that lowers your cost and that barrier to entry is really small at that point. So I would- I would say you probably want something like Keepit that backs up your SaaS applications at a really low cost but for a unlimited amount of data. Um and then some kind of program where somebody's taking uh, enterprise-grade IT policies and implementing them into your business.
 
Taylor (08:13)
Mhm.  How do we get past the like, how do we get past step one? Like, we can't even drill it into people's head, this- we need- this is important. It's a big deal.
 
James (08:22)
This gets debated a lot inside Centre's walls. I like the debate. The- the question that comes up is, are those four things that matter in a sequence that- that's intentional. And so, to me, there- there is an intentionality behind it. So, the clean copy of data- if somebody gets into your business, if you have the right system set up, you can just shut down and rebuild in a really quick process, so that's step one. Step two, proactive threat hunter isolates and contains the things so if someone does breach your walls, you're able to keep it from being system-wide. Step three, if you were to go through the process of sitting down and looking at 'what security things do we focus on' well, this is the only way to really do it. Here are all the things that exist that you don't know about, how do you prioritize them and go attack them? The government, FBI, and another- I think it was CISA, just gave a list of um, required vulnerabilities- known vulnerabilities-
 
Taylor (09:14)
Mhm.
 
James (09:14)
- that need to be shored up by government entities. Some of them date back to 2017.
 
 Taylor (09:19)
Yeah, we talked about that.
 
James (09:20)
Yeah, another list just came out. Like that's wild someone just needs to go through and see those and then the last one an incident response plan. If you don't know who you're going to turn to, who you're going to call and talk to when the event- when the event occurs, then you're you're- you're up a creek without a paddle.
 
Taylor (09:35)
That sounds well.
 
James (09:36)
Is that a term still?
 
Taylor (09:37)
Yeah, I know what it means.
 
James  (09:41)
So, cutting out the small talk, we were able to shed some time off of today's episode?

Taylor (09:44)
Uh, we're still at nine and a half minutes.
 
James (09:46)
That's all well.
 
Taylor (09:47)
That'll work.
 
James (09:48)
That was perfect.
 
Taylor (09:49)
Just under 10.
 
James  (09:51)
So, for all of our listeners out there, ready to get rid of any uh, small talk like what I wore for Halloween, this one's for you guys.
 
Taylor (09:58)
Thanks guys, thanks for joining us. We'll see you next time.
 
[Music] (10:06)
 
Taylor (10:10)
Okay, go ahead.
 
James (10:11)
Nobody is going to be surprised to learn that we are now a top 100 tech podcast. Thank you all for your listening. Now, with that comes some responsibility so, now we have to continue to create wonderful content. So, we've asked for some sponsors and the first to step-up we're excited to announce is Cohesity. You all know what Centre does, you may not know yet that Cohesity is the backbone to a lot of it. So if we talk backups, disaster recovery, or putting a local copy of data on your on site- a lot of times that's the Cohesity product line behind it. If you attend our events, if you did our turkey event where we fried turkeys, a lot of times that's Cohesity behind it. Look them up today or ask your Centre sales rep for more information and thank you Cohesity for being our first sponsor.
 
Taylor (11:00)
That works.
 
Originally published on January 17, 2022

Be a thought leader and share:

Subscribe to Our Blog

About the Author

Centre Technologies Centre Technologies

Centre Technologies is a full-service IT consulting and managed services provider headquartered in Texas, with a focus on mid-sized businesses. As a trusted IT partner for well over a decade, Centre is recognized for its local experience and enterprise-grade cloud and cybersecurity solutions. Centre is committed to helping organizations harness the power of technology to maximize their operational efficiency and exceed their business goals. Learn more about Centre Technologies »

Follow on LinkedIn »