< ciso
brief />
Tag Banner

All news with #resilience tag

74 articles · page 2 of 4

Why Relying on Backups Alone Leaves Businesses Exposed

🛡️ Many businesses assume that backing up data equals protection, but backups alone do not sustain operations during outages. The article contrasts traditional backups, which enable post-incident restore, with BCDR solutions that keep systems running through failover and rapid recovery. It cites research showing recovery expectations often exceed real-world performance and recommends hybrid cloud strategies. Datto sponsors the piece and positions its BCDR tools for MSPs.
read more →

Cloud CISO Perspectives — Technical and Cultural Resilience

🔒Thiébaut Meyer and Lia Wertheimer of Google Cloud’s Office of the CISO present a conversation with Matt Rowe, CSO of Lloyds Banking Group, on building resilience across both technology and teams. They argue resilience requires a dual approach: operational resilience through tool consolidation and a secure-by-default architecture, and cultural resilience through psychological safety, disciplined prioritization, and intentional pauses. Practical guidance includes shifting down the stack to reduce sprawl, embedding security goals into business priorities, and leaders modeling transparency to normalize speaking up. The interview frames resilience as a structural design choice rather than an exercise in individual endurance.
read more →

Board-Level Definition Needed for Cyber Resilience

📌 A literature review of 38 academic and industry sources finds cyber resilience is inconsistently defined, creating governance and measurement challenges for boards and executive teams. The author argues cyber resilience should be framed in business terms—operational continuity, stakeholder confidence, and financial stability—rather than technical controls alone. Regulatory divergence and sector priorities complicate standardization, so boards need clear, outcome-focused metrics and assigned accountability.
read more →

Weak at the Seams: Cybersecurity's Systemic Resilience Gap

🔧 A former industrial automation engineer turned CISO argues that cybersecurity is fragmented across regulators, vendors, auditors and insurers, creating dangerous seams where correlated failures can cascade beyond organizational boundaries. Despite rising spending, tool proliferation and compliance-focused programs fail to measure or build true resilience, leaving handoffs and interfaces as persistent blind spots. High-profile incidents such as the July 2024 CrowdStrike outage show defensive tools and routine updates can themselves become systemic failure vectors, and the industry must design for graceful degradation rather than audit checkboxes.
read more →

Weak at the Seams: Cybersecurity's Systemic Fragility

⚠️ Organizations are increasingly exposed to systemic cyber risk as digital transformation stitches industries, vendors and platforms together, creating interconnected failure modes that compliance regimes and siloed tools fail to capture. The author—an experienced CISO with an industrial automation background—argues for shifting focus from checkbox-driven audits to architectural resilience and graceful degradation, tying security spend to measurable business survivability rather than isolated tool maturity.
read more →

Seven Backup Priorities to Strengthen Business Resilience

🔒 Backup is now the backbone of business resilience, not just an IT routine. The article presents seven priorities—data prioritization, off-site and immutable copies, automated RPO/RTO, realistic recovery testing, SOC integration, and scalable playbooks—to reduce downtime and ransomware risk. It advocates a modern 3-2-1 approach with immutable cloud copies and daily automated recovery verification. N-able’s Cove Data Protection is cited as an example of a cyber-resilient solution.
read more →

Five Critical Steps to Strengthen Endpoint Security

🔒 Business resilience begins at the endpoint. Drawing on N-able SOC data, the article highlights that over 900,000 alerts were processed between March and December 2025 and that 18% originated from network and perimeter exploits—threats many endpoint-only tools missed. It prescribes continuous asset visibility, standardized secure configurations, automated patching and remediation, EDR for behavioral detection and response, and integrated backup and recovery to minimize downtime.
read more →

Six Critical Mistakes That Undermine Cyber Resilience

⚠️Silos between endpoint, SOC, and backup teams increase incident impact and slow recovery. The article identifies six common failures—unclear roles, fragmented asset and risk views, mismatched policies, disconnected tools, absent cross-team drills, and siloed metrics—and offers concrete fixes. Build a unified RACI, consolidate inventories and logs, align retention and playbooks, integrate EDR/SOC/backup workflows, run joint simulations, and measure resilience with shared KPIs. N-able is presented as a vendor that unifies management, security operations, and data protection to enable automation, faster detection, and safer recovery.
read more →

Six Operational Metrics for IT Business Resilience

🔒 IT leaders must track six operational metrics to sustain business resilience as threats scale and boards demand measurable outcomes. Drawing on the 2026 N-able State of the SOC Report, the piece highlights MTTD, MTTR, time to recover, endpoint patch compliance, asset and identity coverage, and downtime avoided as core indicators. It shows how automation, integrated platforms, and continuous visibility convert metrics into actionable defense, faster containment, and demonstrable business value.
read more →

Azure IaaS: Built-in Resiliency for Critical Apps at Scale

🔁 Azure IaaS delivers an enterprise-grade platform with built-in capabilities across compute, storage, and networking to help keep mission-critical applications available during hardware issues, maintenance, zonal disruptions, and regional incidents. The platform emphasizes isolation, redundancy, failover, and recovery through features like Virtual Machine Scale Sets, availability zones, and multiple storage redundancy tiers. Networking services such as Azure Load Balancer, Application Gateway, Traffic Manager, and Azure Front Door help maintain reachability and reroute traffic when paths fail. Customers are encouraged to combine these primitives with IaC, testing, and operational practices to meet workload-specific RTO/RPO objectives.
read more →

Protecting Data During Hypervisor Migration Away from VMware

🔒 Broadcom’s acquisition of VMware has accelerated migrations to alternatives such as Microsoft Hyper‑V, Azure Stack HCI, Nutanix AHV, Proxmox VE and KVM, but switching hypervisors introduces complex risks around disk formats, drivers, networking models and snapshot behavior. Successful transitions depend not on conversion tools but on verified, restorable, application‑consistent backups and rehearsed recovery drills performed before cutover. A unified, platform‑agnostic cyber protection approach with immutability, tightened RBAC and an off‑site copy reduces downtime, rollback risk and long‑term vendor lock‑in.
read more →

Preparation and Hardening for Destructive Cyberattacks

🛡️ This article outlines practical, scalable recommendations to prepare and harden environments against destructive malware, wipers, and modified ransomware. It emphasizes resilience through verified, immutable backups, out-of-band incident communication, and prioritized recovery plans. The post recommends strengthening external-facing assets with multi-factor authentication and continuous attack-surface discovery, protecting Domain Controllers and virtualization infrastructure, and applying network and cloud segmentation alongside tuned detections. It also highlights available detections in Google SecOps and Mandiant rule packs.
read more →

Accelerating Data Center Modernization for AI Era Now

🔍 Data center modernization has become a strategic imperative as organizations accelerate deployment of AI and other compute-intensive applications. Success requires coordinated investment across servers, storage, networking, software, and security, and strong partnerships with vendors and integrators. IT leaders need clear roadmaps, measurable milestones, and solutions that balance performance, cost, and operational resilience to enable rapid, secure adoption.
read more →

Azure reliability, resiliency, and recoverability by design

🛡️ Azure positions reliability as the primary objective and distinguishes it from resiliency and recoverability. Resiliency keeps workloads operational during faults through architecture, traffic management, and failure-domain choices, while recoverability restores service when disruptions exceed those boundaries. The post maps these concepts to the Microsoft Cloud Adoption Framework, the Azure Well‑Architected Framework, and specific Azure tools and guidance to help teams measure, validate, and govern continuity.
read more →

UK Cyber Threat Shifts from Ransomware to Disruption

🔍 In 2025 the UK became the most targeted country in Europe, and the nature of attacks shifted dramatically. Where ransomware once dominated, attackers prioritized disruption over monetization, altering tactics and intent. Many organizations that hardened defenses for extortion found those assumptions outdated and exposures increased. Detection, response and business-continuity strategies must be reevaluated.
read more →

Ecdysis: Rust Library for Zero‑Downtime Graceful Restarts

🔁 ecdysis is a Cloudflare open-source Rust library that enables graceful process restarts without dropping live connections or refusing new connections. It uses a fork-then-exec model with inherited listening sockets and a readiness handshake so the new process can initialize safely. The design provides crash safety during upgrades and prevents gaps where the kernel would refuse connections. The library integrates with Tokio and systemd and has been production-proven since 2021, saving millions of requests across Cloudflare’s global network.
read more →

Super Bowl LX: Strengthening Security and Resilience

🛡️ CISA coordinated a year-long, multiagency effort to secure Super Bowl LX, working with the NFL, DHS, the FBI, state and local partners, and private vendors to protect people, venues, and critical infrastructure. Region 9 authored a tailored playbook and executed physical security assessments using the Infrastructure Survey Tool and Infrastructure Visualization Platform, conducted tabletop exercises, and delivered bombing prevention workshops and cyber hygiene training. These layered measures aimed to reduce risk, strengthen communications interoperability, and ensure resilient operations throughout gameday.
read more →

Cloud Outages Ripple Through Identity and Operations

🔐 Recent large-scale cloud outages affecting providers like AWS, Azure, and Cloudflare have shown how failures in shared infrastructure can incapacitate identity flows and halt business-critical systems. Even when an identity provider remains operational, failures in datastores, DNS, control planes, or load balancers can block authentication and authorization. Organizations should deliberately design resilience—using multi-cloud or controlled on-prem options and predictable degraded modes such as cached attributes or precomputed decisions—to avoid total access collapse.
read more →

Amazon DynamoDB MRSC Global Tables Add FIS Support

🔁 Amazon DynamoDB multi-Region strong consistency (MRSC) global tables now integrate with AWS Fault Injection Service (FIS), enabling teams to run controlled experiments that pause regional replication to observe application behavior. You can create realistic regional-failure scenarios to validate monitoring, recovery, and resiliency mechanisms. This capability helps tune alarms, failover logic, and operational runbooks before real outages occur. Support is available in multiple AWS Regions and documentation outlines how to get started.
read more →

CISOs' 2026 Predictions: AI, Governance, and Resilience

🔐 As AI accelerates adoption and threat automation, CISOs foresee 2026 as a turning point for governance, resilience, and identity-centric defense. Leaders expect boards to elevate AI and quantum risk, vendors to deliver secure-by-design products, and SOCs to consolidate telemetry and automate responses. Small and mid-size firms will face intensified targeting, making tailored security services essential.
read more →