|
|
|
|
|
|
by mr_mitm
1215 days ago
|
|
|
The article does not say anything about Oakland negotiating. They may just be in the "it takes some time" phase at the moment. Tapes are not exactly the fastest medium. Plus, you may want to determine the exact time at which you were compromised, or else you'll be restoring potentially tainted backups. Depending on how well you're organized that alone will take quite some time, especially considering that your logs may be encrypted as well. Sometimes you don't even know how to contact everyone, because your comms are down, too. Sure, if you do everything right and adhere to all the best practices, it won't be that big of an issue. Just don't forget about the amount of legacy crap and budget constraints many orgs have to deal with. That comes with many pitfalls and a lot of opportunities to make a mistake. |
|
|
We’re using their immutable storage option, with a 60 day window with multiple rotation intervals, and just biting the bullet on the cost of cold storage vs archival because of how slow tape is.
I could definitely see a larger entity having significantly more data and the restoration process can’t even start until they finish triage. No point in restoring until you know the source of the intrusion or at least have a plan to prevent it from recurring.