< ciso
brief />
Tag Banner

All news with #resilience tag

74 articles · page 3 of 4

DevOps & SaaS Downtime: Hidden Costs for Cloud Firms

⚠️ Recent analysis highlights that major DevOps SaaS platforms (e.g., GitHub, Jira, Azure DevOps) experienced widespread incidents in 2024–2025, with critical outages and degraded-service hours increasing sharply year‑over‑year. The piece argues the Shared Responsibility model leaves customers ultimately accountable for their data, and that native provider backups often create single points of failure with limited restore flexibility. It recommends multi‑layered, immutable backups, cross‑restore capability, defined RTO/RPOs, and continuous recovery testing to reduce financial, operational, and compliance risk.
read more →

The Year of Resilience: What 2026 Requires of CISOs

🔒 Fortinet CISO Carl Windsor argues that 2026 will demand resilience as the central organizing principle for security as AI accelerates both innovation and risk. CISOs must act as de facto chief resilience officers, embedding continuity into AI-augmented operations and assuming AI-enabled failures will occur. He outlines five strategic priorities—business continuity, AI governance, hardened identity, cross‑functional collaboration, and continual adaptation—to contain and absorb disruption.
read more →

Key CISO Trends for 2026: Resilience, AI, Regulation

🔒 The year 2025 tightened the regulatory landscape—DORA and NIS2 pushed many organizations to elevate cybersecurity and operational resilience. CISOs expect 2026 to remain dominated by compliance complexity, persistent cost pressures, and an acute skills shortage. Attention will shift toward Resilience by Design, software supply-chain security, and operationalizing Zero Trust for identities and machine accounts. Controlling Shadow AI and strengthening third-party risk management will also be high priorities.
read more →

Microsoft Incident Response: New Proactive Services

🔒 Microsoft Incident Response expands its proactive offerings to help organizations build cyber resilience and reduce disruption. New services include incident response plan development, major event support, an immersive cyber range, advisory engagements, and compromise assessments for M&A activity. These capabilities build on existing services such as compromise assessments, identity assessment and hardening, and tabletop exercises. The focus is on preparation, gap detection, defense hardening, and tailored threat insights to accelerate recovery and strengthen security posture.
read more →

AWS Direct Connect Adds FIS-Based Resilience Testing

🧪 AWS Direct Connect now integrates with AWS Fault Injection Service (FIS) to run controlled resilience tests that deliberately disrupt Border Gateway Protocol (BGP) sessions on Virtual Interfaces. You can simulate BGP session failures to validate that traffic fails over to redundant Virtual Interfaces and that applications remain operational. This capability helps teams proactively verify failover behavior, observability, and recovery procedures and is available in all AWS Commercial Regions where AWS FIS is offered.
read more →

Deliberate Internet Shutdowns: Rising Global Trend

🌐 The Taliban ordered a two‑day nationwide internet blackout in Afghanistan in September, cutting emergency communications, grounding flights, and interrupting banking. That incident is part of a global surge: Access Now and the #KeepItOn coalition documented 296 deliberate shutdowns in 2024 and at least 244 more in 2025 so far. Shutdowns range from full national cuts to targeted platform blocks and throttling, and are increasingly used for political, military, and social control. Workarounds like VPNs, mesh networks, and satellite terminals help some, but for most people loss of connectivity means loss of essential services and civil liberties.
read more →

CISA Guide Helps Stadiums Mitigate Lifeline Disruptions

🏟 CISA released the Venue Guide for Mitigating Dependency Disruptions to help stadium and arena owners reduce operational risk from outages in Energy, Water and Wastewater, Communications, and Transportation. Developed with government and industry partners, the concise, actionable resource offers baseline strategies, assessment steps, and partnership guidance tailored for major events including FIFA World Cup 2026 and the 2028 Summer Olympics. It encourages venues to assess lifeline dependencies, integrate contingency plans, and coordinate with local service providers and CISA Security Advisors to strengthen operational resilience.
read more →

How CISOs Justify Security Investments to the Board

🔒 CISOs must position security investments as strategic enablers that directly support corporate objectives rather than as purely technical upgrades. Presentations should connect proposed solutions to outcomes like entering new markets, protecting margins, ensuring compliance, and improving resilience. Use concrete scenarios, cost models, and recovery timelines to show how investments reduce probability and impact of incidents while improving operational stability. Tailor messaging to the board’s maturity and speak in terms of risk, return, and shareholder value.
read more →

Racks, Sprawl and the Myth of Redundancy in Modern Networks

🔁 The article traces redundancy from tangible rack-level practices to fragile cloud and software-defined environments. It argues that physical diversity, disciplined configuration management and automation remain essential as networks span BGP, SD-WAN, edge devices and cloud control planes. Real resilience requires policy alignment, diverse DNS and routing protections and rehearsed pre-mortems so backups are usable when they matter most.
read more →

Using Chaos Engineering to Validate Disaster Recovery Plans

🔬 Chaos engineering converts disaster recovery assumptions into measurable facts by running controlled experiments that simulate realistic failures and quantify impact. Instead of relying on audits or tabletop drills, teams define a steady state, form testable hypotheses, inject targeted failures, and use automated probes to measure effects on SLOs. This approach exposes gaps such as failover delays or error spikes and provides data to iterate DR procedures. Start small, build confidence, and consider engaging Google Cloud professional services for guidance.
read more →

Louvre Launches €57m Tender to Upgrade Security Systems

🔒 The Louvre has issued a €57m public tender to overhaul its safety and security infrastructure after an October break-in at the Apollo Gallery that led to the theft of the Crown Jewels valued at €88m. The procurement seeks a new digital safety management system, consolidated IT and physical security monitoring, a central VMS/CCTV upgrade, ANSSI‑vetted access controls, and revamped IDS and artwork proximity sensors. All solutions must be interoperable, scalable and open to avoid vendor lock-in. Companies have until December 10 to apply.
read more →

NCSWIC Releases 'What Is a PACE Plan' Video for Agencies

🎥 This Emergency Communications Month, the National Council of Statewide Interoperability Coordinators (NCSWIC) Planning, Training, and Exercise Committee released a concise educational video, 'What is a PACE Plan', that explains the components of a PACE plan (Primary, Alternate, Contingency, Emergency) and why it matters for public safety communications. NCSWIC members describe how communications can change in atypical situations and demonstrate why agencies should know their PACE and routinely practice it. The video is a practical tool to help agencies maintain continuity of communications when primary systems degrade.
read more →

UK and US Security Teams Fear State-Sponsored Cyberattacks

🔒 IO's State of Information Security Report 2025 finds most UK and US cybersecurity professionals fear state-sponsored cyber-attacks, with 23% citing lack of preparedness for geopolitical escalation as their top concern. Surveying 3,000 security managers, IO reports 33% believe governments are not doing enough and many organisations worry about data loss, reputational harm and supply chain disruption. In response, 74% are investing in resilience and 97% are tailoring incident response, beefing up threat intelligence and securing supply chains.
read more →

AWS Expands Resilience Software Competency Program

🔧 AWS has expanded its Resilience Competency to include Technology Partners, enabling customers to identify validated software for high availability and recovery. The program evaluates solutions across Design, Recovery, and Operate categories through expert technical validation to meet strict performance and operational requirements. Qualified partners and solutions are discoverable via the AWS Resilience Competency and purchasable through AWS Marketplace, aligning with AWS's shared responsibility model. This aims to help organizations build always-on applications with lower cost and higher availability than on-premises alternatives.
read more →

Amazon Route 53 Accelerated Recovery for Public DNS

⚡ Enabling the accelerated recovery option for Amazon Route 53 public hosted zones gives customers a predictable 60-minute recovery time objective (RTO) to regain the ability to modify public DNS records if AWS services in US East (N. Virginia) are temporarily unavailable. The feature is available globally except in GovCloud and China, and there is no additional charge. It supports faster DNS change operations for banking, FinTech, and SaaS customers to meet continuity and disaster recovery objectives.
read more →

Amazon RDS Adds Multi-AZ for SQL Server Web Edition

🔔 Amazon RDS for SQL Server Web Edition now supports Multi‑AZ deployments, providing web‑focused workloads with built‑in high availability and automated failover to a standby replica in a separate Availability Zone. Customers enable the feature by selecting the Multi‑AZ option when configuring their RDS instance; RDS synchronously replicates data and handles failover automatically. This removes the need to move to more expensive SQL Server editions for HA—check pricing and regional availability in the RDS documentation.
read more →

AWS FIS Adds Partial-Failure Test Scenarios for AZs

🧪 AWS Fault Injection Service (FIS) introduces two new pre-built experiment scenarios to simulate partial, cross- and single-AZ disruptions. The AZ: Application Slowdown scenario simulates increased latency and degraded performance within a single Availability Zone to validate observability, alarms, and AZ evacuation playbooks. The Cross-AZ: Traffic Slowdown scenario simulates degraded traffic between AZs and lets you target subsets of traffic for realistic gray-failure testing. These scenarios are available in all Regions where AWS FIS is offered, including AWS GovCloud (US).
read more →

From Tabletop to Turnkey: Cyber Resilience in Finance

🛡️ Financial institutions face a regulatory shift: cyber‑resilience has moved from best practice to prescriptive requirement under regimes such as DORA, CORIE, MAS TRM, FCA/PRA and others. Filigran’s OpenAEV combines tabletop crisis playbooks with breach-and-attack simulation so teams can rehearse human and technical responses together. The platform synchronizes players via enterprise IAM, translates threat intelligence into timed technical injects and simulated communications, and streamlines logistics, reporting and continual improvement. OpenAEV is free for community use, with a library of scenarios and SIEM/EDR integrations, and Filigran is hosting expert sessions to demonstrate operationalization.
read more →

Resiliency in the Cloud: Shared Responsibility & Azure

☁️ Microsoft positions resiliency as a shared responsibility, combining its global infrastructure, SLAs, and platform capabilities with customer-owned architecture, configuration, and recovery planning. Azure Essentials packages blueprints, assessments, and validation tools like Azure Chaos Studio and Azure Monitor to enable zone-redundant and multi-region designs. The guidance stresses continuous validation, automated remediation, and governance to reduce downtime and accelerate recovery.
read more →

Path to CPS Resilience: Securing Critical Infrastructure

🔒 Cyber-physical systems (CPS) underpin critical infrastructure across industry, healthcare and buildings, and their continuous availability is essential to public safety and business continuity. The article urges CISOs to prioritize CPS security, invest in OT protection, close long-standing IT–OT silos and maintain accurate asset inventories. It highlights that many organizations lack OT incident response or business continuity plans and emphasizes that rapid recovery, segmentation and tested emergency procedures are key to minimizing downtime and harm. Analysts warn of steep recovery times and severe financial and human impacts if CPS resilience is not improved.
read more →