<div>
<div>
<div>
<div><p>There are two challenges we in cyber security face when it comes to communicating what we do the rest of the business (and the rest of the world). For many people, computers, networks, and Information Technology in general are opaque, and most businesspeople know how to use tech to get their job done, but not how it works “under the hood”. Hacking that technology to subvert it for malicious purposes is another level of mystery.</p>
Hollywood doesn’t help much either, with most on-screen depiction of hacking in movies and TV shows being radically different from reality (with the exception perhaps of Mr Robot).
The first challenge is communicating the technology and basic understanding of how it works to then show how it can be misused. But the second challenge is then imparting how the criminals carry out their attacks. Most people think a hack is just a single “thing” that happened – “we got hacked” and then all the bad stuff happened, when it’s actually a set of steps.
In this article we’ll look at two different frameworks that are used to communicate hacking processes, both to the wider business and within the cyber security community – the Cyber Kill Chain, and the MITRE ATT&CK framework. We’ll look at the advantages and challenges of each of them, how they compare and how you can use them to fortify your organization’s cyber defenses.
</div><div>
<div>
<div>
<div><h2>Meet the Cyber Kill Chain</h2></div>
</div><div>
<div><p>This is the older of the two approaches, having its roots in <a href="https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html" rel="noreferrer" target="_blank">military kill chains</a> such as the Four F’s from the US military during World War II: Find the Enemy, Fix the enemy, Fight the enemy and Finish the enemy. A more modern version is F2T2EA: Find, Fix, Track, Target, Engage and Assess; it’s called a chain because an interruption at any step can stop the whole process.</p></div>
</div><div>
</div><div>
<div><p>This is the older of the two approaches, having its roots in <a href="https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html" rel="noreferrer" target="_blank">military kill chains</a> such as the Four F’s from the US military during World War II: Find the Enemy, Fix the enemy, Fight the enemy and Finish the enemy. A more modern version is F2T2EA: Find, Fix, Track, Target, Engage and Assess; it’s called a chain because an interruption at any step can stop the whole process.</p></div>
</div>
</div>
</div><div>
<div>
<div>
<div><h2>Backup Steps: The Basics (101)</h2></div>
</div><div>
<div><ol>
Keep in mind that this backup level is basic. To make it simple to identify which files require a backup, you should ideally keep your files sorted into folders.
</div><div>
<div>
<div>
<div><h2>Types of Backups<b></b></h2></div>
</div><div>
<div><p>Generally speaking, there are three basic kinds of backups. Based on your business model and level of scalability, you can select one of the following:</p>
- Full Backup: This is a basic and complete backup operation that makes a copy of all your data to another media set such as a disk, tape or CD. A complete copy of all your data is thus made available on a single media set. It takes longer to perform and requires a lot of storage space, so it is typically used in combination with either a differential or incremental backup.
- Incremental Backup: This operation results in the copying of only that data that has changed since your last backup operation. A backup application will record and keep track of the time and date on which all backup operations occur. This operation is faster and requires less storage media than a full backup solution would.
- Differential Backup: Similar to the incremental type, differential backups will copy all changed data from a previous episode but every time they run, they continue to copy all the data changed since the stated previous full backup.
</div><div>
<div>
<div>
<div><h2>Backup Considerations<b></b></h2>
<div><ul>
It is crucial to determine which data you maintain carries these legal duties because you can be required by law to preserve certain records for your company that date back one, two, three, or more years.
- Make certain that EVERYONE handling records is informed of any applicable legal requirements.
- The Sarbanes-Oxley Act of 2002 mandates that most documents be retained for seven years. (As of 2024, the Sarbanes-Oxley Act (SOX) has been in effect for over two decades.)
</div><div>
<div>
<div>
<div><h2>Job and Scheduling Flexibility</h2></div>
</div><div>
<div><p>In the past, backup windows and backup job schedules were frequently the main focus.</p>
In order for a business to meet its recovery time objectives (RTO) and recovery point objectives (RPO), these areas were essential. Sadly, this frequently resulted in backup engineers becoming merely enhanced work schedulers—an unintended consequence of intricate designs.
- The RPO, which is based on backup frequency, is the point in time used for restoration. A reduced RPO reduces the amount of data lost in the case of a primary system failure. Systems for backup and recovery attain reduced failure rates by increasing the frequency of backups, but at the cost of increased network traffic and data copies being kept. Mission-critical applications require RPOs to be available as points in time, measured in minutes, rather than hours or days.
- The recovery time of an item, like a file, server, or datacenter, is represented by an RTO. In the event of a primary system failure, a lower RTO reduces downtime; however, this comes at the cost of utilizing more expensive, faster-access media (such as a disk) and expensive network switches to transfer data back to an accessible location.
</div><div>
<div>
<div>
<div><h2>Backup vs. Recovery</h2></div>
</div><div>
<div><p>Recovery is the process of retrieving data from a backup. It means copying data from the backup media to an existing device or a new device. It could also mean copying data from the cloud to a local device, or from one cloud to another.</p></div>
</div>
</div>
</div><div>
<div>
<div>
<div><h2>Types of Recovery<b></b></h2></div>
</div><div>
<div><p>Methods for recovering data differ according to the kind of data loss. They consist of cloud-based recovery, virtualization <a href="https://www.hornetsecurity.com/en/services/vm-backup/?LP=hornetsecurity-Article-VM-Backup-EN&Cat=Blog&utm_source=hornetsecurity-blog&utm_medium=content&utm_campaign=backup&utm_content=Article&utm_contentid=what-is-data-backup-and-recovery" rel="noreferrer" target="_blank">VM Backup</a>, bare metal recovery, file-level recovery and volume recovery. Every method seeks to effectively recover lost or corrupted data while causing the least amount of disturbance to business activities.</p>
- Restore Files: Replacing one or more missing files from a backup to the original or new place is known as file restoration.
- Restore Volume: When bare-metal restore is not needed, volume restore is used to restore a large number of files by retrieving files and directories with full rights.
- Restore Bare Metal: The process of restoring the complete system image—that is, the protected machine’s data, apps, settings, and operating system—from a backup to a new physical server is known as “bare-metal restore.” “Bare metal” describes the new system’s unutilized and unconfigured hardware. The bare-metal restore will be used if the primary server malfunctions, is damaged, or cannot be operated in any other way.
- Virtualization on a local level: One component of the BCDR (business continuity and disaster recovery) solution that can enable quick restoration of business activities is local virtualization. Local virtualization starts the virtual server from a snapshot on the backup device by utilizing hypervisor technology. As a result, businesses can carry on as usual while the primary server is being restored.
- Virtualization in the Cloud: The procedure mentioned above is known as “cloud virtualization,” however it takes place in the cloud as opposed to on a local backup device. The backup server image can be made into a three-tiered cloud copy by certain BCDR solutions. Business operations can continue on the cloud backup server image in the event that the primary server and backup server are both rendered inoperable, for instance due to a fire or flood.
</div><div>
<div>
<div><div></div></div><div>
<div><p><em>To properly backup your Microsoft 365 environment, use Hornetsecurity one-of-a-kind services:</em></p>
To keep up with the latest Microsoft 365 articles and practices, visit our Hornetsecurity blog now.
</div><div>
<div>
<div>
<div><h2>Conclusion</h2></div>
</div><div>
<div><p>To show their dedication to data integrity and consumer trust, organizations need to give priority to data backup and recovery.</p>
This can provide you a competitive edge in the data-driven commercial world of today. Finally, since ignoring data backup and recovery exposes you to needless risks and vulnerabilities that can result in financial loss and business disruptions, it should be an essential component of your data management plan.
You will preserve your important data and guarantee company continuity by putting best practices into effect and utilizing the newest technologies.
</div><div>
<div>
<div>
<div><h2>FAQ</h2></div>
</div><div>
<h4>What do you mean by data backup?</h4>
<div><p>A copy of the original data that is intended to be used in the event that the original data is lost is called a data backup. Primary data failures can be caused by hardware or software issues, damaged data, or human mistake from unintentional loss of data or malicious <a href="https://www.hornetsecurity.com/en/services/spam-filter/?LP=hornetsecurity-Article-Spam&MalwareProtection-EN&Cat=Blog&utm_source=hornetsecurity-blog&utm_medium=content&utm_campaign=m365-ebook&utm_content=Article&utm_contentid=what-is-data-backup-and-recovery" rel="noreferrer" target="_blank">malware</a> attacks. The ability to restore data from a previous point in time is provided by backup copies, which can aid in a business’s recovery from an unforeseen tragedy.</p></div>
</div><div>
<h4>Does recovery drive backup everything?</h4>
<div><p>In the event of a failure, a recovery drive usually creates a backup copy of the critical system files and configurations needed to restore the computer’s operating system. Nevertheless, by default, it usually doesn’t backup user data, programs, or personal files. In addition to a recovery drive, frequent backups of important data and personal information should be made using specialized backup programs or services for complete data security.</p></div>
</div><div>
<h4>How does data backup work?</h4>
<div><p>Data backup is transferring crucial files and configurations to an alternate location, such as an external drive or nowadays, a more popular choice, cloud storage in the event that data is lost owing to malware, hardware malfunction, or inadvertent deletion. This guarantees data protection and permits recovery, data availability and dependability that are guaranteed by routine testing and backups.</p></div>
</div>
</div>
</div>
</div><p>Der Beitrag <a href="https://www.hornetsecurity.com/en/security-awareness/cyber-kill-chain-vs-mitre-attack/" rel="noreferrer" target="_blank">Cyber Kill Chain vs. MITRE ATT&CK: An Insightful Comparison</a> erschien zuerst auf <a href="https://www.hornetsecurity.com/en/" rel="noreferrer" target="_blank">Hornetsecurity</a>.</p>
Article Link: https://www.hornetsecurity.com/en/security-awareness/cyber-kill-chain-vs-mitre-attack/