Cracking the code: resilient defense and rapid recovery

Building an enterprise website
Image Credit: Pixabay (Image credit: Geralt / Pixabay)

Cybersecurity and resilience are essential for organizations striving to succeed in our highly connected world. With threats evolving at a breakneck pace, protecting your business requires more than vigilance. It demands a two-pronged strategy. First, proactive measures that detect and stop attacks before they happen. Second, an agile, efficient response plan to recover quickly if a breach occurs.

Kirk Phillips

Sales Leader for Data Protection Cyber Security and Resilience at Dell Technologies.

Attack timelines in the age of AI

One of the most misunderstood aspects of cybersecurity attacks is timing. Cyberattacks don’t begin when they are detected; they begin when access is gained. This could be weeks or even months before detection. Studies suggest that the period between the disclosure and exploitation, known as “dwell time,” has a global median of around ten days.

During this window, attackers operate in stealth mode. They analyze your systems, identify gaps and vulnerabilities, and position themselves strategically for maximum impact. Attackers exploit this period to steal sensitive data, disrupt operations, or deploy malware like ransomware.

AI is now reshaping the timing and nature of these attacks. A report from the UK’s National Cyber Security Centre (NCSC) highlights a growing disparity between organizations equipped to counter AI-enabled threats and those that falter. Worse, AI has the potential to increase the attack surface while simultaneously reducing dwell time. This dual dynamic will challenge even the most prepared defenders.

The cybersecurity challenges of AI

Every technological leap creates the potential for new security gaps, and AI is no exception. The NCSC stresses that improperly integrated AI systems can expose vulnerabilities. Generative AI (GenAI), for instance, introduces risks related to data exposure, manipulation of outputs, sensitive information leaks and even injection attacks that compromise AI tools.

Maintaining the integrity of training and inference data is becoming a growing challenge, especially as the data itself becomes more distributed. Nearly 90% of companies surveyed in Dell’s Global Data Protection Index recognize AI will generate large volumes of data requiring robust protection.

Yet 65% of organizations back up 50% or less of their total AI data, according to Enterprise Strategy Group research. This gap underscores an urgent need for comprehensive data protection strategies across infrastructure, operations and governance.

Proactive defense for staying ahead

The modern world of cyber threats requires smarter, faster responses. Proactive defense rooted in zero-trust principles is critical. Zero-trust is an architectural approach to security versus a product you buy.

It never trusts and always verifies legitimate business use before granting anyone or anything access to resources. This means that users and devices are not trusted by default, even if they’re connected to a permissioned network and even if they were previously verified.

The ability to advance cybersecurity maturity starts by focusing on three core practice areas: Reducing the attack surface, detecting and responding to threats, and recovering from potential breaches.

Reducing the attack surface literally means making it harder for the bad actors to get into your network, move around and cause havoc. This requires a multilayered approach, starting with penetration testing and vulnerability assessments to identify and address potential security gaps that require immediate attention.

Other critical measures include network segmentation, strict access controls, isolating sensitive data and consistently updating software and systems to mitigate exposure to risks.

Yet, no matter how much the attack surface is reduced, breaches can still occur. Therefore, companies must also work on the second pillar - actively identifying and addressing potential security incidents and malicious activities in the earliest stages of a breach.

Managed Detection and Response (MDR) solutions harness the power of AI to monitor systems in real time, detect unusual activity and neutralize threats before they escalate. Whether it’s anomalies like strange login patterns, unusual traffic or tampered data, these systems catch issues early.

When combined with automation, these systems can immediately isolate compromised accounts or devices, preventing malicious actors from moving deeper into the network.

But detection goes beyond surface anomalies. Advanced analytics analyze data to granular levels, identifying even subtle warning signs of potential attacks. These tools can detect when data has been tampered with, signaling a possible breach before damage spreads. This foresight is invaluable, enabling organizations to act well before a threat spirals into a full-blown crisis.

When proactive measures aren’t enough

No defense strategy is foolproof, even with strict security protocols and advanced detection systems in place. Human error, insider threats or highly sophisticated cyberattacks can and will occasionally bypass safeguards. When this happens, recovery becomes the priority. Recovery can be guided by three AI-powered principles: isolation, immutability and intelligence.

An isolated recovery environment protects critical backups by separating them from normal operations. This containment prevents attackers from tampering with the stored data. Additionally, ensuring immutability means that backups cannot be altered, deleted or overwritten, providing a secure foundation for restoration. Automated System Recovery (ASR), for example, is a hardware-based tool that can bring compromised servers back to their last functioning state quickly.

AI-powered intelligence completes the recovery process. Analytical tools can review data for signs of corruption, look for anomalies like unauthorized encryption or mass deletions, and assess damage levels across the entire digital infrastructure. These forensic insights help businesses better understand the severity and scope of an attack while preparing for future resilience.

We’re at a pivotal juncture for cybersecurity. Attackers are using AI to outmaneuver defenses more rapidly than ever before, but defenders are equally equipped to use the same technology to strengthen their protection and response strategies. By focusing on reducing vulnerabilities, detecting threats early and empowering teams with recovery mechanisms, organizations can achieve a resilience that’s critical for both surviving and thriving in today’s threat environment.

We've featured the best business VPN.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

TOPICS

Kirk Phillips is Sales Leader for Data Protection Cyber Security and Resilience at Dell Technologies.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.