Beyond the spike: building resilient and trusted infrastructure in an era of sustained attacks

At a recent industry event, I spent time with a group of senior security leaders reflecting on the year just gone. What stood out was not discussion of a single headline incident, but a shared sense of sustained operational pressure.

There was no defining breach. No singular outage. Instead, there was a steady drumbeat of activity: distributed denial of service traffic at the network edge, elevated DNS query volumes, persistent threats targeting authentication flows and APIs. None of it catastrophic in isolation.

But together it created strain that lasted days, sometimes weeks.

The consensus from that group became clear, that it is no longer the spike that defines the threat landscape, but the patient persistence that cyber criminals now demonstrate.

Recent research has made it clear that attackers are favoring coordinated campaigns that combine volumetric attacks, automated reconnaissance and application layer abuse over extended periods. Global geo-political tensions contribute to further instability on attack surfaces.

That shift has profound implications not just for technical architecture, but for governance and regulatory accountability.

From spikes to sustained campaigns

DDoS attacks are again pushing into multi terabit territory, fueled by sophisticated botnets and globally distributed infrastructure. However, bandwidth alone does not define the modern threat.

Campaigns now layer volumetric traffic with slower, more targeted techniques such as API abuse, credential stuffing, and automated endpoint probing. Even when peak traffic subsides, low level reconnaissance often continues.

The objective is not simply disruption, but discovery. Mitigating a spike over several hours is manageable. Sustaining defensive posture over days introduces operational fatigue and increases the likelihood of oversight. Systems designed for burst tolerance can struggle under prolonged load.

In addition, regulators are watching how organizations manage these incidents closely. Under the EU’s Digital Operational Resilience Act (DORA), institutions need to demonstrate the ability to withstand severe but plausible disruption and continue operating critical services.

NIS2 extends accountability across essential and important entities, raising expectations around risk management and incident handling. And, in the UK, operational resilience frameworks require firms to identify important business services and prove they can remain within impact tolerances under stress.

Therefore, the emphasis for CISOs and security professionals is shifting from incident response to sustained resilience. In that sense, DDoS defense is no longer a perimeter control measure alone, instead it is the first layer of a broader resilience model.

DNS: the operational control layer

Absorbing traffic is only part of the equation. Requests still need to be routed accurately and reliably. That makes DNS a critical operational control layer, and one area that is often forgotten. Recent outages however have brought the importance of DNS to the forefront of our minds.

In Q4, we saw a marked increase in sustained pressure on DNS infrastructure globally. This includes volumetric query floods, random subdomain attacks designed to bypass validation, and malformed request patterns intended to degrade resolver performance.

At the same time, DNS tunnelling techniques enable command and control traffic to blend with legitimate queries.

If DNS latency rises or authoritative servers become unstable, the consequences are immediate. Applications fail to resolve endpoints and authentication services stall. Cloud platforms become inaccessible. From a customer perspective, the distinction between attack driven disruption and infrastructure fragility is irrelevant.

Yet DNS is still often architected for availability in normal conditions, rather than performance under adversarial stress.

As regulators in both the UK and EU increasingly focus on systemic risk and third-party dependencies, DNS resilience becomes more than a technical concern. It is a foundational component of operational continuity.

Also, we must not forget about the consumers that many organizations serve. If outages occur, and access to everyday services goes down, reputations suffer as well as the loss of revenue, combined with monetary fines.

PKI modernization and the trust layer

Availability, however, is only one dimension of resilience because integrity and trust sit alongside it. DNS operates in unison with public key infrastructure.

Certificates authenticate services, enable encrypted sessions, and underpin digital identity. If certificates expire unexpectedly, keys are poorly governed, or cryptographic standards become outdated, services fail and trust erodes.

As infrastructure becomes more distributed and workloads more ephemeral, certificate volumes grow rapidly. Manual lifecycle processes that once sufficed can become hidden single points of failure. A mismanaged certificate can create an outage indistinguishable from a denial-of-service event.

Modernizing PKI is therefore not simply about efficiency. It is about cryptographic agility, automated certificate lifecycle management and clear visibility into trust dependencies.

It ensures that as infrastructure scales and threats evolve, the trust layer remains robust. If DDoS mitigation provides the resilience layer, DNS provides the routing layer. PKI provides the trust layer. Each depends on the other.

Resilience and trust by design

Now that sustained cyber pressure is a structural feature of the digital economy, cyber security leaders should treat multi terabit DDoS attacks as credible baseline scenarios.

DNS infrastructure should be tested for behavior under adversarial query patterns. Certificate and key management processes should be assessed with the same rigor as network controls.

But architecture alone is not enough.

Boards and regulators are no longer asking whether attacks can be prevented entirely. They are asking whether critical services can remain available, secure, and trusted under continuous strain.

That requires executive ownership of resilience, clarity around impact tolerances, and investment in the infrastructure that underpins both availability and integrity.

The era of the short-lived cyber incident is fading. In its place is a landscape defined by coordination, persistence and scale. Staying online is essential, and staying trusted is non-negotiable. Building infrastructure that can do both, even when the pressure does not subside, is fast becoming the defining challenge of digital resilience.

We've featured the best encryption software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro