What’s the REAL cost of cyberattacks?
🚨Over 54% of enterprises have been attacked in the last 12-18 months, with breach costs averaging $5 MILLION.
Futurum Group CEO, Daniel Newman, is joined by NetApp’s GM of Data Services, Gagan Gulati, on this episode of the Six Five On The Road for a conversation on the critical findings from the NETAPP–FUTURUM GROUP CYBER RESILIENCE STUDY and the evolving cybersecurity threats necessitating new resilience strategies.
Key topics include:
- The startling statistics from The NetApp – Futurum Group Cyber Resilience Study, including over 54% of enterprises experiencing cyber-attacks within the last 12-18 months and the significant impact on businesses.
- The crucial role of data classification in cyber resilience, with insights on how it affects the recovery capabilities of organizations.
- Strategies for addressing cyber-threats in hybrid multi-cloud environments, including the adoption of automated data discovery and unified security practices.
- The potential of AI-driven threat detection and the importance of full-stack recovery to enhance cyber resilience.
- Gagan Gulati’s insights into NetApp’s perspective on dealing with tool sprawl, evolving threat landscapes, and strategizing for future cybersecurity challenges.
Learn more at NetApp, and Read The NetApp – Futurum Group Cyber Resilience Study, The State of Cyber Resiliency 2024/2025, and Cyber Resilience Solutions: The Most Secure Storage on the Planet.
Watch the video below at Six Five Media and be sure to subscribe to our YouTube channel, so you never miss an episode.
Or listen to the audio here:
Disclaimer: Six Five On The Road is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors, and we ask that you do not treat us as such.
Transcript:
Daniel Newman: Hey everyone, welcome to this Six Five On The Road special edition, LinkedIn Live that we are doing in partnership with NetApp. It’s a great day. Today we’re going to be talking about cloud, complexity AI and the threats demanding a new level of cyber resilience. Excited for this particular LinkedIn Live and On The Road episode because this is a really important topic and I couldn’t be more excited than to have a special guest, Gagan Gulati, GM of Data Services and NetApp. Gagan, thanks so much for taking the time to join me today. Looking forward to the conversation.
Gagan Gulati: Thank you very much for having me.
Daniel Newman: Yeah, it’s a big topic. We’ve spent some time over the last year working together. We did a pretty mega survey talking to leaders in IT and cybersecurity, 1300 executives, and we were really looking at what they are dealing with from attack surface to experiencing attacks to how it’s being managed, how data was being recovered. There’s so much there, but I mean, you in your role leading data services, I imagine this is something you are thinking about every single day. If it’s not you you’re thinking about on behalf of your customers.
Gagan Gulati: A hundred percent. I think it’s a really big topic and as many customers that we talked to, cybersecurity and protecting themselves against threats is on top of everybody’s mind. So yeah, it’s a very, very topical discussion.
Daniel Newman: And on a high level, for everyone out there that’s watching, first of all, we will take a few questions from you at the end. So save your questions or put them in the chat. We’ll try to address them. And if we can’t, of course both of us here, we’ll do our best to follow up with you on various different platforms, both here on LinkedIn and directly, if you give us a way to keep in touch with you. Gagan, we saw 54% of enterprises experienced an attack in the last 12 to 18 months. And on average a breach costs $5 million to deal with. I mean, what a huge number.
Gagan Gulati: Yeah, it is and it’s absolutely a big number. And the worrisome part is that these attacks, the percentage and the number of these attacks keeps growing and these attacks are becoming more and more vicious and the loss of productivity and data is growing as we talk. So it’s definitely therefore top of the mind because no customer wants to be at a place where they have this huge liability, both in terms of losing their data and also losing their reputation if this data goes public, so-
Daniel Newman: Well, and I mean, think about it, in our study we found that it wasn’t only that 54%, but like a fifth of them, 21% weren’t able to fully recover. And this is something that you and your team at NetApp are thinking a lot about. Talk about that because what is needed from what you’re seeing for companies to be able to get through the situation or get ahead of these situations and prioritize their data for better or decreasing the risk?
Gagan Gulati: Yeah, look, I mean the fact is not all data is born equal. If you are sending an email or a document to a board of directors or your team about your business, it is generally way more important than sending a message to a colleague saying, “Let’s go for lunch.” So I think that’s the starting point, which is not all data is born equal and organizations must learn how to therefore classify their data as what is more confidential, more secret for them, and what is not. What is just general data. And I think that by itself is a big, big deal because that will then determine where you want to put your investments in terms of protecting your data, and then where do you want to put your investments and how urgent would it be to recover your data. And when these attacks happen and they will happen, if you have a good idea of the importance of the data that is under threat, you can then direct your resources appropriately and manage the risk that you have to the organizations appropriately.
So if an attacker, let’s assume attacked two different shares, in one case, they attacked the share with a lot of logs data versus a share or a file server, for example, while then contain MNA data. If you knew this, you’ll know what to do. We don’t have to go explain. So data classification as we call it, is the fundamental step that must happen in all organizations to be able to discover their data and then prioritize what do they want to go protect and then manage the risk better. So I think that is the key thing that will help a lot of the organizations save a lot of angst in their overall defense against cyber attacks and ransomware attacks of today.
Daniel Newman: Yeah, and we’ve seen this sort of impact. Now Gagan, we’ve seen AI obviously being looked at as something that’s going to drive the future, and we’ll talk more about this later, but we also know that with every great new technology breakthrough, the bad actors figure out ways to use it advantageously as well. And security’s been interesting over the past few decades because it’s at the board level, been one of those things like insurance almost, what is the least we have to spend to not create, as opposed to how much should we spend to make sure that we are on the very lowest end of the probability scale of actually being breached? And so it’s been a bit of a push and pull there. And some of it comes down to tools. So Gagan, in our survey we looked at it and almost 70% of our respondents said they’re using more than 40 tools to deal with this. And most of them believe that this is hindering their ability to have an adequate cyber resilience strategy. What do you see as the issues that are being caused by this sprawl of tools and what is your view, the NetApp view on how to mitigate that?
Gagan Gulati: Look, I mean, it’s a true fact. I mean, customers are telling us what we have known for some time that they have multiple tools meant for multiple different pieces of the puzzle. And a lot of this is because the core infrastructure that they may have deployed doesn’t have any of those baseline security that they need, and therefore they have to depend on external tool to get just the baseline security, forget about the advanced security work. What happens is that these tools are built by different companies, so by default they will have different lock formats, they will have different error formats, they will have different investigation workflows, and most of these tools are bolt-on. And if you, let’s assume just in the case of storage, for example, if you have five different storage infrastructures in your overall environment, these tools now have to do the minimum baseline that can work against all five different storage systems. They’re not going to use the best of the technology that exists, that each storage system may have built.
So unfortunately what happens is that organizations face a double-whammy. One, there’s a plethora of these tools that don’t talk to each other, and therefore you as an organization now have to figure out a way on how to stitch them together. And number two is that most of these tools are bolt-on and not natively built, so they’re not really using the best of what the core infrastructure pieces are giving you in terms of the security that you can get. I think that’s a big issue. Now you’re spending most of your time operationalizing them rather than actually defending your organization, and that’s a big, big deal. From NetApp’s perspective, I think for us it’s very simple. We want to make sure that our customers get the best security built into our products, into our storage products and products we built on top.
I mean, there is a reason why NetApp is the most secure storage on the planet because we have built in all of the core concepts around let’s assume of ransomware detection built into NetApp storage or of zero trust built into NetApp storage, encryption of all kinds built into NetApp storage. That way our customers don’t have to now go buy a different solution for detecting ransomware and a different solution for figuring out how to zero zero trust. They can use the power of NetApp storage to actually advance their security posture in a really, really good way and not have to depend on external tools to do that. It’s been really a big success from adoption perspective.
Daniel Newman: Yeah, we’ve observed a really significant progress on your end, so congratulations on that. Back to the survey, the data though, another thing that these respondents really cited as a major challenge for them is the rapidly evolving threat landscape. We know there’s nation-state budgets now that are almost hard to believe being spent on stealing IP, creating data leaks that can be meaningfully used to gain market advantages. And of course the threats come from many different places, but it’s changing really, really fast. 48% said that the change in the landscape is a big problem, and most of the same people that have seen the threat landscape as a problem are saying they want new technology, meaning they basically don’t see what’s available in the market right now as sufficient to deal with the evolving landscape. Give me your perspective, Gagan, on the evolving threat landscape and say for instance, how does adaptive AI-driven data services help anticipate this reduce risk and maybe help these people, these nervous CISOs and IT leaders feel a little less concerned about the rapidly changing threat landscape?
Gagan Gulati: Yeah, I think the problem is becoming more visceral as we go. I mean, AI is becoming more prevalent, and if you are a bad actor, a malicious actor getting access to AI and tools to attack better is becoming more prevalent. And when you have a motivation to go make money, then you want to use these tools much as they come. So the attacks are becoming way more advanced than ever before. I think that’s point one. We all acknowledge that. And to defend against these AI-based attacks, you have to have AI built-in to be able to protect these attacks better and then defend them. At NetApp I’ll take one example of the work we’ve done. In our core storage we have a technology called Autonomous Ransomware Protection or ARP. This technology helps our customers detect ransomware attacks in real time, and that is a really cool thing.
I’ll say a couple of things here. Storage is the last-minute defense, which means if an attacker is all built on exfiltrating data or encrypting data on your core storage, if they reach your storage, it means they’ve already broken the barriers of network protection, identity protection, and they’ve finally reached your actual data. That’s point one and they have not been discovered yet. So storage really becomes a last-minute defense, and when it becomes your last-minute defense, you have to make sure that storage is able to then effectively detect these attacks and then quickly respond to them and then alert the right people so that they can respond and recover better. That’s where ARP or Autonomous Ransomware Protection as a technology comes in. It’s completely built using AI models that can in real time with extremely high accuracy, we’re talking a hundred percent precision, 99% recall for folks who understand this, really, really high accuracy, detect that there’s an attack going on, and then they can generate alerts. It can take snapshots, it can generate alerts in your favorite SIM or SOAR tool of your choice, and no other product can do that. If you’re using a backup product and you want to do ransomware detection there, first accuracy, so let’s not even worry about it. That’s one part.
But more importantly, these backups or snapshots can take eight hours before they’re taken. And on those eight hours, your attacker has already done the job, they’ve taken away and encrypted all of your data so you will not basically be able to, even by the time you detect the attack, the job has been done, it’s cleaned up. And that’s where at NetApp, we use AI to the core in helping customers detect better attacks as and when they happen, respond with AI, because we can go through and swift through your logs and give you a much better idea on what’s going on and then recover using AI as well. And of course, as we were talking earlier, a lot of our data classification on how we help customers classify data also uses AI at the best. So we have a pretty big data science team who’s very focused on helping customers defend against these attacks, cybersecurity attacks, and we do it with respect to all the phases of cybersecurity.
Daniel Newman: Yeah, I think it’s interesting that you say eight hours. Gagan, I think you would agree with me that it’s not uncommon, and this is really large enterprises that have made big investments in cybersecurity, have found that they were breached in its days, weeks, or months can go by.
Gagan Gulati: Yes.
Daniel Newman: And so getting in front of this, because the amount of damage that can be done, of course it becomes more pervasive in time, and the longer they’re in there, the more trouble they’re causing at the heart, more likely you’re going to have problems getting restored. So your point of, hey, anything that gets you instant detection, of course, anything that’s preventative is the best thing. It’s like healthcare, but then the earliest detection is better. And then of course, if you found that someone’s been in there, rooting around longer, the complications are bigger. But let’s come back to this topic is you started here and you basically talked about identifying the most critical data. So right, first of all, not all systems are created equal. To get a company, your company, your business back up and running. There are certain systems that are absolutely imperative. There’s others that’ll be nice to have. And there’s other stuff that was like the old bios that haven’t been looked at in years, and of course you want to get that all back, but probably not needed this minute and this issue, almost 37% noted that getting the right data recovered was among their top concerns. You started alluding, but what is the NetApp proposal to get this done and get companies back ideally with everything, and of course, starting with the most important.
Gagan Gulati: Yeah, absolutely. So just to complete the thought, right, like you were saying, the quicker you detect there is an attack, the quicker you can respond and just lesser your liability, your risk of, or the surface area of that attack is, and therefore the smaller would your recovery timeline be. So I think that’s point one. Number two is now how do you recover and what do you recover first? So this is again where data classification comes in, system classification comes in so you know what systems you want to go recover, which workloads you want to recover. The biggest problem that our customers face today is that they want to recover their entire system to a known good state, not file by file, but their entire system. That is the key issue that is very, very hard to solve. So if you have, let’s assume, an HR app around payroll, I’m guessing that’s pretty important. And that payroll app is using, let’s assume SQL Server or MySQL Server or Oracle or others, you want to then make sure that you’re recovering this app at an application level, not at a file by file level. That is the fundamental thing.
So at NetApp, we call it workload level recovery rather than a VM level recovery or a file level recovery. At NetApp, we have this wonderful infrastructure that we put in place for many, many years for a product called Snap Center. It is our crown jewel, and that helps our customers today with workload-level recovery. It can recover the entire database, which could be spanned across multiple different volumes, multiple different VMs, multiple different SVMs, for example. And we are able to help our customers therefore recover to the last known good state of the entire workload. We can do it for multiple different kinds of workloads and databases, and we have taken the power of Snap Center and we have put it back into our ransomware defense portfolio.
So as a customer, you can therefore now protect the entire workload, not like a file server or a volume. We logically help our customers protect the entire workload, and if there is an attack, then we can help them recover the entire workload. And that has been a game-changer for our customers who basically utilize our products today to say, “Hey, help me discover where my most critical workloads,” not files, remember, workloads. “Help me protect my most critical workloads, help me respond quickly, and then help me recover my most critical workloads.” And that is the true game-changer in the industry, which is very, very hard for others to follow. And that’s where we have this massive lead and we call ourselves the most secure storage on the planet.
Daniel Newman: Well, I think this is going to be a big opportunity over the next several years, we’ll be tracking very closely what NetApp is doing and very encouraged about the technological posture that you’re taking. Let’s end my Q&A with you before we open the audience with a bit more of a broad perspective from you and your role. Are there any other problem areas that you see as strategic for NetApp to address going forward?
Gagan Gulati: Yeah, I mean, I think there is. You touched upon it, Daniel, for a minute, where you were saying, well, if the protections didn’t hold and the attacker attacked, and then you just start detecting. And there’s a whole area around what we know today in the industry as posture management. It used to be called CSPM, which is Cloud Security Posture Management. Today it’s known as DSPM, which is Data Security Posture Management. DSPM is a great, I would say, tech and a portfolio conversation, but it starts with cloud and end With cloud today. It’s extremely tough to do or hard to do for a lot of your hybrid use cases when you have a lot of data on premises, for example, in your data centers. And so one of the big things that we are investing in is about helping our customers with building a better security posture management for the data they have in NetApp storage that across in a multi-cloud, hybrid multi-cloud way on how we’ll help our customers address their posture drift.
So they can start today, but guess what? In one month, the various admins and the users have started sharing more permissions, leaking the permissions to other users, for example, or they haven’t passed vulnerabilities as they must. So the area of better data security posture management is a key area that we are going to invest in. Last but not the least, I think with the advent of AI and Gen.AI, the data is taking a more center stage and therefore here is where most of our customers are looking for better guardrails, security and compliance guardrails amongst the data. So Daniel, if you were a data scientist for example, and you wanted to access a bunch of the data so you can train your model today, how do we make sure that you have the right access? Should you be even accessing this data? Should you have the permissions to read, write? What should you do?
And should this data go in a rag workflow, for example, so that the end user should see it? These are the kind of guardrails that must be put in place. And guess what? It all starts with data classification. So if you can classify your data, you can say who should be able to access the data and who should not. And that helps you not only secure your data from attackers, but also then helps internally in the word of AI as more and more organizations set up their own AI practices to allow for good guardrails for compliance and for security and governance. So I think those are the two big things that we see as paramount for our customers where we are heavily investing already to help them in their future journey over the next many years.
Daniel Newman: Gagan, just to be clear, because enterprises are operating in many different places, on prem, in the cloud, at the edge. We’ve got the hybrid multi-cloud, which is representative of most companies. NetApp’s approach doesn’t really care. No matter where it is, you have the flexibility to deal with how these enterprises are set up.
Gagan Gulati: Yeah, look, most of our customers today are hybrid multi-cloud. They use NetApp on their enterprise world in the data centers, and they use NetApp storage on all three public clouds where we have built-in storage, natively done. And our tools and our security posture and our security products do exactly that. We allow our customers to have standard products and security features that we built that work across their entire NetApp data state in a hybrid multi-cloud world. So that is the basic principle that we follow, and therefore it helps our customers reduce the investments they have to make in tools, and they don’t have to worry about processes being different for their data on premises from the processes that they need for the data in the cloud. They can have consistent processes and consistent tools for all of their storage with NetApp.
Daniel Newman: Gagan, that’s some great insights and vision. I’ll tell you, I as an industry analyst and someone that tracks the industry very closely, I’m very excited about what’s next for data infrastructure. The multi-decade struggle that every enterprise on the planet has had to try to make data accessible to their applications is only being made more complicated with AI. But AI also has the opportunity to solve it, make all the data accessible, whether it’s file, it’s object, whether it’s locker or vector, whatever it is, make it accessible. Simplify the process of understanding whether the data is relevant, reducing duplication, making it secure, and of course, allowing companies to move quickly.
We know the future of apps are going to look very different than they look today because generative is going to effectively allow us to abstract new applications almost in real time. But it only works if we can get to the right data and of course, that data has to all be secure. So this all ties together really well. It’s exciting times and I’ve told your CEO, George Kurian, I’ll tell you, very excited about where NetApp is heading. I think you’re making a lot of the right moves. Now let’s open this up to the audience. We have a chance here to take about five minutes of questions. Really excited and appreciate all of you that have tuned in. All right, let’s have a look at what’s out there.
Author Information
Daniel is the CEO of The Futurum Group. Living his life at the intersection of people and technology, Daniel works with the world’s largest technology brands exploring Digital Transformation and how it is influencing the enterprise.
From the leading edge of AI to global technology policy, Daniel makes the connections between business, people and tech that are required for companies to benefit most from their technology investments. Daniel is a top 5 globally ranked industry analyst and his ideas are regularly cited or shared in television appearances by CNBC, Bloomberg, Wall Street Journal and hundreds of other sites around the world.
A 7x Best-Selling Author including his most recent book “Human/Machine.” Daniel is also a Forbes and MarketWatch (Dow Jones) contributor.
An MBA and Former Graduate Adjunct Faculty, Daniel is an Austin Texas transplant after 40 years in Chicago. His speaking takes him around the world each year as he shares his vision of the role technology will play in our future.