📝 usncan Note: Cyber Resilience Must Become The Third Pillar Of Security Strategy
Disclaimer: This content has been prepared based on currently trending topics to increase your awareness.
As organizations race to the cloud, security leaders are realizing that prevention and detection alone can’t keep pace — and that “cloud insecurity is inevitable,” making cyber resilience an essential third pillar of defense.
getty
For years, enterprise security has been built around two main pillars: prevention and detection. Firewalls, endpoint protection, and intrusion detection systems all aim to stop attackers before they do damage. But as threats grow more sophisticated, it’s clear that this isn’t enough.
“Cloud insecurity is inevitable,” says Kavitha Mariappan, chief transformation officer at Rubrik.
The phrase reflects a shift in mindset taking hold across the industry: breaches will happen, and organizations need to prepare to recover as quickly and completely as possible. That requires elevating cyber resilience to stand alongside prevention and detection as an equal pillar of security strategy.
Why Resilience Matters Now
Mariappan has spent years in the prevention-and-detection world and understands its limits. “We’ve built entire strategies around stopping attacks, with the belief that all attacks are preventable. They’re not,” she says.
Richard Stiennon, chief research analyst at IT-Harvest, sees Mariappan’s approach as a natural progression that he describes as hyper-layers of defense. “Prevention is always the best and provides immediate benefits. While needed, detection opens a can of worms and adds to workloads. If all else fails, the resilience layer ensures that the impact of a successful breach is minimized or at least contained.”
Attackers today exploit sprawling, complex environments that span on-premises systems, multiple clouds, and hundreds of SaaS apps. Even the best defenses can’t block every breach, whether it’s from ransomware, insider threats, or supply chain compromises.
Resilience — the ability to minimize damage, restore operations quickly, and maintain business continuity — is what keeps an incident from becoming a crisis.
The Cloud Responsibility Gap
The shift to cloud computing has created dangerous assumptions. Many organizations believe that moving workloads to AWS, Azure, or Google Cloud means the provider “takes care of security.” While hyperscalers secure their infrastructure, customers are responsible for protecting their own data, configurations, and access.
Think of it like a car. The manufacturer builds the car with an accelerator and steering wheel to let you get where you want to go as quickly and efficiently as possible, as well as brakes and a seatbelt to empower you to do so safely. Whether or how you use the tools provided is up to you.
The same is true for the capabilities and security controls of cloud infrastructure. The hyperscalers provide the framework, but they’re not responsible for how – or if – you use them.
Native cloud backup and recovery tools are often designed for operational mishaps — such as restoring accidentally deleted files — not for withstanding modern cyberattacks. Mariappan warns that they can lack the immutability, isolation, and advanced threat detection needed to survive ransomware or coordinated, multi-vector campaigns.
Resilience by Design
Effective resilience starts with rethinking backup as more than a compliance checkbox. Immutable, air-gapped copies prevent attackers from tampering with recovery points. Built-in threat detection can spot ransomware or other malicious activity before it spreads.
But technology alone isn’t enough. Mariappan urges leaders to identify the “minimum viable business” — the essential applications, accounts, and configurations required to function after an incident. Recovery strategies should be built around restoring these first to reduce downtime and financial impact.
She also stresses the importance of limiting the blast radius. In a cloud context, that might mean segmenting workloads, isolating credentials, or designing architectures that prevent a single compromised account from jeopardizing an entire environment.
The Quantum Horizon
While most resilience planning focuses on immediate threats, Mariappan points to the “harvest now, decrypt later” risk posed by quantum computing. Attackers can steal encrypted data today, store it cheaply, and wait until quantum capabilities make decryption trivial.
That makes encryption hygiene and proactive re-encryption critical — not just after an incident, but as an ongoing practice. “If the data was already taken, updating your encryption now is too late,” Mariappan notes.
Breaking Down Silos
Resilience planning often stalls because it lives in the wrong place. Backup and recovery budgets sit in IT infrastructure, while security teams focus on preventing attacks. Risk officers may own the broader business continuity mandate, but lack direct control over technical safeguards.
Mariappan believes resilience should be a shared responsibility across IT, security, risk, and compliance — with executive and board-level engagement. “This is no longer just an infrastructure problem,” she says. “It’s critical to the viability of the organization and the management of reputational risk.”
Assume Breach
The new playbook, she argues, is simple: assume breach.
That means designing systems, processes, and teams to respond as if an attack has already succeeded. The goal is not to eliminate risk entirely — an impossible task — but to ensure the organization can recover without catastrophic losses.
There’s a cost to building resilience. It competes for budget with other security priorities. But the cost of not investing — weeks or months of downtime, regulatory penalties, damaged customer trust — is far higher.
Mariappan puts it bluntly: “More detection and prevention tools are not going to keep you 100% safe. Cyber resilience must be a first-class citizen in your security and risk strategy.”
