Interior Page Icon

Backup Strategies

Reconstituting Information is Key to Recovery

The Big Idea

A properly structured backup infrastructure,for both information and systems, gives an organization the ability to recover from an otherwise catastrophic loss by restoring information and services.

Cyber Resiliency Goals & Objectives

Backups support the Anticipate and Recover goals and Understand, Prepare, Continue, and Reconstitute objectives.

Design Principles

The design principles for Backups will help organizations prepare protected backups and improve the organization’s ability to reconstitute information and services allowing the organization to continue with its mission.

What Can Be Done Now

The following resiliency techniques help organizations prepare protected Backups in order to recover information or systems that have been corrupted due to adversary tampering or system failure.

The Right People & Policies

Cyber Attack Lifecycle

Using the cyber resiliency techniques, Redundancy Segmentation, and Substantiated Integrity, as described above, defenders can impede the adversary’s attack on the enterprise and limit the damage the malware causes. The use of Segmentation impedes the adversary’s ability to employ mechanisms to manage the initial victims, execute the attack and hide their presense. The use of Substantiated Integrity enables the defenders to detect the malware if the adversary attempts to place it in the backups or use the backups to maintain their presense. The use of Redundancy in conjuncton with Substantiated Integrity enables the defenders to limit the adversary’s ability to execute the attack.

Synergies & Barriers

Synergies among practices include Segmentation and Substantiated Integrity. Segmentation is made more effective when an organization also applies Substantiated Integrity capabilities to the enterprise.

Barriers to adoption include the following:

Just Ahead

Backups are becoming a larger target for cyber adversaries. As defenders focus more on protecting the organization’s infrastructure, they tend to forget about their backup services, making those the organization’s soft underbelly. Attackers can corrupt the backup services to impede an organization’s capability to restore systems and services. The best approach is a combination of segmentation and privilege restriction to isolate, and advanced substantiated integrity to detect signs of backup corruption.

Creating portable or otherwise geographically disparate redundant assets and functionality will allow for a rapid recovery when standard backups or enclaves may be compromised by the adversary.

See Key Concepts and Terms for definitions

Previous Activity Back to Menu Next Activity