Part 2 - Resiliency: The Answer to the Cyber Security Paradox
Video Activity
This lesson covers resiliency. In the form of business continuity planning (BCP) are the first steps in recovering from an incident. Remember, it is NOT a matter of IF an incident occurs, it is WHEN an incident occurs. For this reason, a solid recovery plan is crucial.
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
This lesson covers resiliency. In the form of business continuity planning (BCP) are the first steps in recovering from an incident. Remember, it is NOT a matter of IF an incident occurs, it is WHEN an incident occurs. For this reason, a solid recovery plan is crucial.
Video Transcription
00:03
>> As part of the education process
00:03
is that once we understand something
00:03
>> we can hopefully defend against it.
00:03
>> Since we know what it is,
00:03
we know essentially
00:03
>> how that an actor may want to attack us.
00:03
>> We can begin to essentially make
00:03
fortifications to our defenses.
00:03
We talked earlier about the cybersecurity paradox
00:03
and resiliency is going
00:03
>> to be the answer to that paradox.
00:03
>> Not to say that we shouldn't attempt to defend
00:03
>> against potential threats toward networks
00:03
>> but due to the cybersecurity paradox,
00:03
>> it's not if an incident is going to happen, but when.
00:03
Resiliency in the form of a business continuity plan
00:03
>> and disaster recovery plan is going to be
00:03
>> imperative in those first steps
00:03
to recovering from an incident.
00:03
Without a plan,
00:03
>> there's essentially not going to be a blueprint
00:03
>> directing employees on how or what to recover,
00:03
and then without that plan,
00:03
there's no way to test the plan to ensure
00:03
that it's going to be effective when needed.
00:03
So this whole idea of resiliency
00:03
is to essentially keep in mind
00:03
that emergency preparedness is
00:03
our best proactive defense
00:03
against a lot of these attacks.
00:03
A lot of folks and a lot of organizations
00:03
>> they say, "Well, I have antivirus,
00:03
>> I have my threat team, I'm good to go."
00:03
>> But they may not have put a lot of thinking
00:03
into the actual disaster recovery process itself.
00:03
While they may have an incident response team,
00:03
they don't have anything else that goes along with it
00:03
>> to help their organization
00:03
>> as they have some of these attacks occurring.
00:03
>> One of the more recent examples are the hospitals
00:03
>> that have been victim to malware.
00:03
>> They have great IT staff.
00:03
They essentially knew what to do
00:03
>> during the response phase,
00:03
>> but they didn't have any backups.
00:03
If they'd essentially backed up the data
00:03
>> and if they would have planned
00:03
>> for an incident like that to have occurred,
00:03
>> it would have made the overall impact
00:03
of that incident a lot less.
00:03
We talk about resiliency failures next.
00:03
So just because we have a plan in place,
00:03
doesn't necessarily mean that
00:03
>> it's a good plan or the right plan.
00:03
>> We want to test these plans
00:03
and we want to make sure that they work
00:03
>> and want to make sure that they make sense.
00:03
>> Then this is a case study from the Hurricane Sandy.
00:03
In this, you can see that
00:03
>> there's essentially generators
00:03
>> that are downstairs that would have helped a hospital
00:03
>> essentially have power during a blackout
00:03
>> such as Hurricane Sandy that wiped out
00:03
>> a lot of the power grid in that northeast sector.
00:03
>> There are a few places in the US
00:03
>> where hospitals have put as much thought
00:03
>> and money into disaster planning as New York
00:03
>> and yet two of the city's busiest medical centers
00:03
>> failed a fundamental test of readiness
00:03
>> during Superstorm Sandy,
00:03
>> they lost power and a patient in the hospital
00:03
>> is on life support I can tell you
00:03
>> that's probably not a good thing to have happen.
00:03
>> Both hospitals,
00:03
NYU Langone Medical Center
00:03
>> and Bellevue Hospital Center,
00:03
>> had difficulty determining
00:03
>> what exactly lead to their power failures.
00:03
>> But the culprit appeared to be
00:03
the most common type of flood damage there is,
00:03
>> water in the basement.
00:03
>> As you can see from those diagrams
00:03
that they had planned that,
00:03
yes, when power goes out,
00:03
we're going to have a generator up on the second roof,
00:03
and essentially the gas
00:03
to that generator will flow to it,
00:03
and then we will have power except that
00:03
>> they put the supply lines
00:03
>> and the basement which floods.
00:03
>> While both hospitals
00:03
>> put their generators on high floors
00:03
>> where they could be protected in the flood,
00:03
>> other critical components of the backup power system,
00:03
such as fuel pumps and tanks
00:03
remained in the basement
00:03
just a block from the East River.
00:03
Obviously, they thought
00:03
through the plan, they had a plan.
00:03
It just wasn't a good plan
00:03
>> and they didn't test the plan.
00:03
>> It's not essentially just having a plan,
00:03
it's thinking through all of the aspects of that plan.
00:03
Identify what can go wrong,
00:03
what can go right,
00:03
testing it, validating that plan,
00:03
and getting a third set of eyes to work over that plan
00:03
>> and make sure that it's going to work,
00:03
>> or we're going to have
00:03
>> one of those Homer Simpson Doh moments.
00:03
>> That's going to conclude the overall course for
00:03
incident response and
00:03
advanced forensics and incident recovery.
00:03
As we talk about in this section of the course,
00:03
incident recovery is going to be
00:03
our last phase of the incident response process.
00:03
Then in recovering,
00:03
>> we've hopefully gathered up a lot of the data
00:03
>> about the attack that we've had
00:03
and that's going to help us formulate
00:03
the strategy that we're going to use
00:03
to recover from that incident.
00:03
Now, keeping in mind that recovery,
00:03
again, as we discussed,
00:03
it's not just a purely technical aspect
00:03
>> that may involve many of the players
00:03
>> within your organization.
00:03
>> But once we've identified essentially the threat,
00:03
we know how it's acted and what it has done to network,
00:03
into our systems, we can then begin
00:03
that process of recovery.
00:03
Now, as part of that recovery, hopefully,
00:03
we've had some type of plan
00:03
>> and we've got some type of resiliency in place.
00:03
>> Then again, resiliency is going to help us
00:03
>> bounce back from those disasters
00:03
>> because without a plan,
00:03
>> we'll be just left wondering
00:03
about trying to figure out what to do.
00:03
But through our business continuity planning,
00:03
through testing these processes
00:03
and procedures, hopefully,
00:03
we've identified a way that
00:03
when and if disaster does occur,
00:03
that we're able to recover from
00:03
it a lot better and come back online.
00:03
Again, though,
00:03
if we don't test these plans and procedures,
00:03
we could end up like these hospitals
00:03
>> who thought they had a great plan
00:03
>> that weren't able to execute it
00:03
>> due to one of those Homer Simpson Doh moments.
00:03
>> Again, thank you for watching
00:03
the incident response and advanced forensics course.
00:03
I hope you liked it.
00:03
If you have any questions,
00:03
please write in, please e-mail.
00:03
We're always trying to update our course material
00:03
>> and we're more than happy to answer questions
00:03
>> or try and put together another course
00:03
>> for something you guys are interested in.
00:03
Again, thank you for watching,
00:03
and please join us again for
00:03
more exciting courses from Cybrary.
Up Next
Course Assessment - Incident Response and Advanced Forensics
Assessment
30m
Similar Content
