IT Strategy & Consulting
Organizations strive for improving end user productivity, reduce repetitive tasks, lower ongoing maintenance costs, implement new technologies that fosters growth, and achieve operational excellence. In the Digital world that we live, IT plays a central role to implement any of these business objectives.
Leading the Digital Transformation
Sonline LLC is built on the core objective to deliver value for customers and support them in their key initiatives. Organizations are keen to transform their mundane, repetitive tasks and Digital Transformation projects are taken up across the board. One of our key services is to support companies / government agencies in this journey by applying the CREATE framework to determine the optimal plan to destination.
CIO / CTO Services
Organizations require expertise in specific areas as they undertake Digital Transformation projects like ERP Migration, Data Center move, VOIP, Legacy system
replacement, Salesforce Implementation, Robotic Process Automation, Omni Channel promotion and more. It is a challenge to fulfill growing technology requirements with internal resources. Sometimes, it is too expensive to hire full time resources to provide guidance or support the strategic direction. Sonline LLC provide the CIO / CTO Services to help organizations traverse successfully in their journey and we bring in the support resources to fulfill the commitment.
What is your next strategic project?
We are here to help and provide a complete road map, guide your team through this digital transformation journey.
Ransomware Situations - Handling the Zero-Day
Information Security is one of the key functions of any IT department. Organizations are revising their Business Continuity Plans to include huge sections dedicated to securing digital assets in case of unforeseen situations like floods, hurricane, fire, data breach, or ransomware incidents. Many companies have adapted cloud platforms like Azure, AWS, Google Cloud, IBM and with the exponential growth of data, new challenges have cropped up. Holistic security plans that takes
both internal & external data sources is key for recovery from any disaster. Departments need help in formulating Business Continuity / Disaster Recovery documents and system recovery runbooks.
Need for external help is an understatement and most often companies outsource this task to their MSP (Managed Service Providers) which is good and bad. Any plan that is given to a 3rd party without proper internal review or oversight has its own flaws and can pose a major challenge later. Some MSPs are very strong on the Infrastructure side of things and often struggle when it comes to database / application systems restoration.
While developing BC / DR plans, consider these 3 critical factors viz. RPO, RTO and MTO. These objectives impacts the ability of the organization to survive beyond the given fiasco. RTO (Recovery Time Objective) is often quoted as the most important as firms believe they have good backup solutions in place. It is the time to recover all critical systems after a data breach or ransomware situation and determines how quickly end users are back to work restoring normalcy.
RPO (Recovery Point Objective) can be a critical factor when it comes to Ransomware situation as hackers generally invoke the attack after affecting standard backups, etc. RPO is the time to last good backup that can be used to restore critical systems and it can change based on the backup methods like 3-2-1 that mandates 3 copies of your data (your production data and 2 backup copies) on two different media (disk and tape) with one copy off-site for disaster recovery.
MTO (Maximum Tolerable Outage) can be synonymous with Code Red and beyond that point, businesses don't survive. It is a pivotal point and leaders should be very cognizant of that while preparing their BC / DR plans.
If you have to face a ransomware situation, the moment you know about the situation, Zero-Day starts. Most of the times, you are surrounded by team members that are not familiar with the situation. It is very important to have a plan and follow Best Practices.
Zero Day attacks cannot be identified easily. It starts with a system or code vulnerability (flaw) that goes to production without notice. Hackers are on the lookout for such flaws. On identification of vulnerabilities, they take their time to plant the exploit code, affect backups without notice, copy it to multiple systems, hide their tracks prior to the day of the attack. They may watch the environment for months prior to the attack. During the day of the attack, hackers encrypt file folders and leave a note for ransom (sometimes found in every folder with a Bitcoin payment instruction)
There are few problems you face being part of the IRT (Incident response team)
Most of the systems are impacted on the day of identification
Most of the backups are also affected (unless they are disjointed from the regular network by design)
Critical databases, files are often corrupted
No trace / Audit trail is left to identify the culprit or to identify the vulnerability (root cause) that led to the attack
If there is one thing that keeps “IT Leaders” awake at night, it is Ransomware attack. It is the worst nightmare for any organization. On an average, even SMB organizations spend $50,000 per server on a typical attack towards ransomware payments. Emsisoft industry research reveals that ransomware demand costs could exceed $1.4 Billion in 2020. More than 450,000 incidents were logged last year alone and preparing for the unknown Zero Day attack is a challenge without the right security partners. Getting a proper cyber security insurance (that includes protection for Ransomware attacks) is a critical first step. Also, signing up with “Data Experts” that provides assistance during Zero-Day is another safety measure so that you can lean on them.
Challenge for you!
Do you have an updated BC / DR Plan?
Have you reviewed it with an outside expert?
What is your RTO / RPO / MTO?
Sonline Team can work with your internal team and help you identify gaps, perform walk through / simulation tests and provide specific inputs to include above metrics. We bring in the Best Practice templates that you can easily adapt and make your environment secure and fool proof!