Cybersecurity strategies are undergoing a transformation as organizations face increasingly sophisticated threats, such as artificial intelligence-driven attacks and ransomware.

Safeguarding digital assets now requires more than advanced technology — it demands an integrated approach that combines people, processes and constant vigilance. With cyber resiliency becoming a board-level priority, businesses are doubling down on proactive planning, cross-functional collaboration and rigorous testing to stay ahead in an era where the question is no longer if an attack will occur, but when, according to industry analyst Jon Oltsik (pictured).

“Cyber resilience demands that type of collaboration and cooperation,” he said. “You can buy all the technology you want, but we see this in cybersecurity all the time, people buy these technologies, they configure them poorly, they’re not updating them, they’re not tuning them. You have to put the effort in and that means you have to understand the technology, which means you have to [have] the right people with the right skills.”

Oltsik spoke with theCUBE Research’s Christophe Bertrand at the Cyber Resiliency Summit, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the transformation of cybersecurity strategies to address evolving threats, such as AI-driven attacks and ransomware, through integrated approaches emphasizing technology, collaboration and proactive planning.

Cybersecurity strategies prioritizing resilience and proactive defense

There are many demands of cybersecurity in the rapidly changing landscape of AI. At the heart of this shift lies the concept of cyber resilience, which moves beyond the traditional focus on confidentiality and integrity to prioritize availability — a critical factor for ensuring good cybersecurity strategies and business continuity.

“Cyber resilience isn’t a new thing,” Oltsik said. “This is something that the CISO has been involved with forever. It’s a board-level issue now; and because it’s a board level issue, it’s spilling into the planning, it’s spilling into the culture, it’s spilling into the day-to-day operations. That hasn’t happened at least to the extent in the past that it is happening now.”

Cyber resilience efforts have gained momentum as threats such as ransomware evolve in sophistication, often leveraging technologies such as AI to increase their potency. This convergence of threats and technologies has placed organizations on high alert, emphasizing the need for strong data protection, disaster recovery and cyber hygiene practices, according to Oltsik.

“You do have to plan for the worst, and I do mean plan.,” he added. “That means testing, that means communicating, that means understanding everyone’s role, understanding legal implications, making sure you have the right insurance. It’s pretty comprehensive.”

A significant takeaway from the discussion was the growing role of cyber insurance in this landscape. While insurance was once seen as a safety net, it has transformed into a partnership that demands rigorous standards of cyber hygiene. Insurers now require organizations to prove their resiliency efforts through regular assessments and adherence to best practices, Oltsik said.

“It’s sort of happened in the past where insurance was looked at as a panacea, where if something happens, they’ll pay absolutely — not true anymore,” he explained. “The insurers, the underwriters are making sure their customers are doing the right things in terms of cyber hygiene in terms of the resilience programs.”

Collaboration between security teams and IT departments is also of critical importance. The integration of these functions is increasingly necessary to align technology solutions with broader business goals. Without these elements, even the most advanced technologies can fall short, often due to misconfigurations or inadequate maintenance.

“You have to be able to take that technology and what it’s telling you and communicate that to the business, to it to developers, which speaks to the processes that you’re talking about,” Oltsik said. “It really is a cumulative effort, and you only know that you’re doing this if you test, test, test. You have to make sure that what you think you or your assumptions are correct. If they’re not, you need to correct them.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of the Cyber Resiliency Summit:

Photo: SiliconANGLE