Plaintext: Are You Confident in Your Backups?

Welcome to Dark Reading in Plaintext, now available as a weekly newsletter. In this issue of Plaintext, we look ahead to World Backup Day. Backups aren't new tech by any stretch of the term, but they are as important as ever in today's security landscape.

Do You Know Where Your Backups Are? March 31 is World Backup Day (there really is a day for everything!). Ransomware attacks over the past few years have highlighted the risks of not having a robust backup strategy. It is also now clear that knowing how to effectively restore from backup is just as critical as having backups in the first place. If it's too hard or too time-consuming to recover from backups, then the organization may have no choice but to pay the ransom. Backups need to be redundant and diverse. "Data should be considered 'at risk' if it can't be found in at least three locations," according to Dr. Johannes Ullrich , dean or research at SANS Institute . Organizations should aim at maintaining an on-premise copy, a cloud or online-remote copy as well as an offline remote copy of critical data. ?

It also matters what is being backed up. Jamf's Michael Covington, Ph.D. notes that while backing up the phone or laptop is obvious, people don't always think about backing up cloud services. What if the cloud service provider goes offline, or even worse, goes out of business? How many organizations back up their source code? What if the account was compromised and the attacker deleted your data? A comprehensive backup strategy doesn't just consider device failure, but also risks in the infrastructure. And it goes without saying the backups have to be protected, too.

"[You] never want to see an immediate gain on backups because you're hoping that everything works out and you never have to resort to them. But you need a plan for that." ( Mark Loveless , GitLab)

Time to Go Back to School. How cool is this? A new state law will require students in North Dakota public and private schools to complete a class in computer science or cybersecurity in order to graduate from high school. “The idea is to teach them [students] appropriate use and basic fundamental knowledge,” North Dakota State School Superintendent Kristen Baesler told Government Technology. “This is information for their every day world that should be harnessed for good, not harm.” There are several initiatives bringing cybersecurity education to the K-12 crowd, such as the Girls Scouts and the National Cyber Challenge and Cybersecurity and Infrastructure Security Agency’s Cyber.org Range, but we always welcome more opportunities for young people to learn about cybersecurity.

What We Are Reading

• Companies are looking at 'upskilling' since training an existing worker is cheaper than hiring.
• Having trouble hiring? Maybe the problem is the job ad.
• Burnout and stress will cause one in four security leaders to leave the industry completely.
• How to build a diverse and dynamic security team.
• Quantum computing's impact on cryptography?should not be cause for panic.

What We Heard On-Air

Tune in to our on-demand webinar Building Out the Best Response Playbook for Ransomware Attacks for insights on developing ransomware response playbooks.

"If you get a ransomware note or demand, don't engage yourself. Get a trained negotiator." ( LeeAnne Pelzer, CISSP , consulting director, Palo Alto Networks)

From Our Library

Check out some of the latest reports from our?Dark Reading Library.

• Tech Insights (Feb 2023):?Emerging Cyber Vulnerabilities That Every Enterprise Should Know About
• Tech Insights (Feb 2023):?Shoring Up the Software Supply Chain Across Enterprise Applications
• Supple chain on our mind:?State of the Supply Chain?research report.
• The first report based of the 2022 Dark Reading Strategic Security Survey:?How Enterprises Are Attacking the Cybersecurity Problem Report

On That Note

Send us?your most creative cybersecurity caption for this month's Dark Reading Edge Cartoon Contest. Judges vote on the favorite caption this week!