Time
8 hours 28 minutes
Difficulty
Beginner
CEU/CPE
10

Video Transcription

00:00
hello and welcome to another application of the minor attack framework discussion. Today. We're going to be looking at Air Case study on impact. So our little saying here is rather be safe than sorry. And in this case, we're going to look at top disaster recovery failures
00:18
with respect to backups and things of that nature.
00:21
And so the common one here is that the media is not working or device failure. So we as we moved away from tape backups, and we don't use floppies anymore, knock on wood. Hope not. Hard drive failure is less and less common, but it still happens. And it is one of the top areas
00:39
for why backups do not happen. Do not work. And so
00:43
testing media is huge. Human error is next here, and proper backup scheduling or improper storage is just two of the many ways that we human beings can make mistakes which result in us not getting all of the necessary data we need or been losing that data at a later date.
01:02
Software updates lead to failure, so we may blindly assume that our software is running as expected and that nothing is wrong and then updates happens. Things change. Suddenly we're not getting the things that we should be getting from the directory we thought we were getting it from. And now we have issues.
01:19
The actors can remove backups outright, so if they find that those were written to a local share or storage medium,
01:25
they can take that out and then you don't have backups at all. And then infrastructure issues, Internet throttling, bandwidth, throttling back up, throttling, not completing backups in a timely manner. Circuits go down. Any number of things
01:40
can lead to failure and so things to consider here. How do you know if the plan will work? If
01:47
you get to the end of these phases and suddenly a threat actor tosses the proverbial hand grenade into the network and you lose data, Davis encrypted systems go down. How are you sure if the plan will work?
02:02
Do you test backups ever
02:06
right? Do you have the ability to recover in a timely manner? If you're not testing backups,
02:12
you don't know if the plan will work and you don't know if you have the ability to recover. You assume you do. But assumptions could be dangerous. Things have you ever validated that? Your system administrators air backing up the right information? And this isn't being on network administrators. Backup administrators are disaster recovery folks. It's just
02:30
that if you have a nice idea of what David said so important to the organization,
02:38
that idea may not be shared by the administrators. And so if you have data that's put in an abnormal location, if you have data that you think should be a part of the backup schedule,
02:50
you need to ensure that that is happening on a regular basis and that it is getting backed up because nothing would stink mawr than getting to a point where a system becomes unavailable and you discover that directory upon directory that you thought was being backed up is not so. All of these things are great considerations when it comes to you
03:07
addressing impact
03:09
and ensuring that you can get back to business as usual. So with that in mind, I want to thank you for your time today, and I look forward to seeing you again soon.

Up Next

Application of the MITRE ATT&CK Framework

This MITRE ATT&CK training is designed to teach students how to apply the matrix to help mitigate current threats. Students will move through the 12 core areas of the framework to develop a thorough understanding of various access ATT&CK vectors.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor