Assume Breach. Assume Ransomware. Assume Disaster.
Nothing is true. Everything is permitted. Except depending on backups you've never tested—that's faith, not security.
Think for yourself. Question authority. Especially the authority that says "backups are fine, we never need to test them."
Breaches happen. Ransomware happens. Disasters happen. Hardware fails. Humans make mistakes. Your data will be lost unless you plan otherwise.
ILLUMINATION: A backup you haven't tested is Schrödinger's backup—both working and broken until observed.
Here's how we survive the inevitable. Full strategy in our public Backup & Recovery Policy:
The Five Rules of Not Losing Everything
1. The 3-2-1 Rule
3 copies of data, on 2 different media types, with 1 offsite. Redundancy isn't paranoia—it's survival.
One backup is no backup. Two backups is barely a backup. Three is the minimum.
2. Test Restores
Backups you haven't tested are just unverified hope. Test restores regularly. Full restores, not just file-level. Know your recovery time.
You don't have a backup strategy. You have a restore strategy. Or you have nothing.
3. Immutable Backups
Ransomware encrypts backups too. Use immutable storage, air-gapped systems, write-once media. Protect backups from the breach.
If ransomware can reach your backups, you don't have backups—you have additional victims.
4. Encryption
Backups contain everything. Encrypt them. Key management matters. Lose the keys, lose the data. Protect keys like they're the data itself.
Unencrypted backups are just data breaches waiting for physical access.
5. Document Everything
Disaster recovery isn't the time to figure out procedures. Document: What to backup, how to restore, who has access, where keys are.
Tribal knowledge doesn't survive disasters. Documentation might.
RTO vs RPO: How Fast vs How Much
Two critical metrics for recovery planning:
- Recovery Time Objective (RTO) — How long can you be down? How fast must you restore? Minutes? Hours? Days? Define it. Architect for it.
- Recovery Point Objective (RPO) — How much data can you afford to lose? Last backup was when? How often do you backup? Match RPO to business needs.
| System Criticality | RTO Example | RPO Example | Backup Frequency |
|---|
| Critical | < 1 hour | < 15 minutes | Continuous replication |
| High | 4 hours | 1 hour | Hourly backups |
| Moderate | 24 hours | 24 hours | Daily backups |
| Low | 1 week | 1 week | Weekly backups |
Faster RTO/RPO = more expensive. Align with business needs, not paranoid ideals.
META-ILLUMINATION: RTO/RPO are business decisions dressed as technical requirements. Ask business how much downtime costs.
Ransomware: When Backups Are Your Only Hope
Ransomware is when, not if. Your backup strategy is your ransomware strategy:
- Immutable Backups — Ransomware can't encrypt what it can't modify. Air-gapped, write-once, versioned.
- Offsite Backups — Ransomware spreads. Lateral movement. If backups are on the network, they're at risk.
- Test Restores — Can you actually restore from backup? Under pressure? In disaster mode? Test. Now.
- Incident Response — Backup restoration is part of IR. Have playbook. Know who does what.
- Don't Pay — Paying ransomware funds criminals and doesn't guarantee decryption. Restore from backup instead.
Operation Mindfuck the ransomware gangs: Make backups so good paying ransom is obviously stupid.
CHAOS ILLUMINATION: Ransomware gangs research targets. They know who has backups. Be the target that does.
Our Approach: 3-2-1, Tested, Immutable
At Hack23, backups are survival, not afterthought:
- 3-2-1 Rule — Three copies, two media types, one offsite. Religiously enforced.
- Daily Backups — Automated, verified, monitored. Alerts on failures.
- Monthly Test Restores — Full recovery tests. Documented. Timed.
- Immutable Storage — Backups can't be modified or deleted for retention period. Ransomware-proof.
- Encrypted Backups — AES-256, keys in separate secure system. No plaintext backups.
- Version Retention — 30 days daily, 12 months monthly, 7 years annual. GDPR-compliant.
Full details in our public Backup & Recovery Policy—including our test restore results.
Welcome to Chapel Perilous: Backup Edition
Nothing is true. Everything is permitted. Except depending on untested backups during a ransomware incident—that's panic, not planning.
Disasters happen. Breaches happen. Ransomware happens. Hardware fails. Backups are your recovery. Test them or regret it.
Think for yourself. Don't assume backups work. Test. Verify. Document. Because 3am during a disaster isn't when you want to discover backups are corrupted.
ULTIMATE ILLUMINATION: You are now in Chapel Perilous. Your backups are Schrödinger's cat—alive and dead until you test. When was the last time you checked?
All hail Eris! All hail Discordia!
"Think for yourself, schmuck! Question everything—especially backup strategies that have never been tested."
— Hagbard Celine, Captain of the Leif Erikson 🍎 23 FNORD 5