In today’s digital landscape, a cyber-resilient culture is critical because it ensures that organizations are better prepared to anticipate, withstand, recover from and adapt to continuously changing cyber risks. 

As a result, fostering a cyber-resilient culture requires leadership support, continuous training, updated technologies and clear communication of cybersecurity best practices across all levels of the organization, according to Rock Lambros (pictured, center), founder and chief executive officer of cybersecurity services firm RockCyber LLC.

“Most people think that resilience is just an extension of cybersecurity, but it’s not,” he said. “It’s more around building a culture that says we’re gonna get hit. We’re gonna get attacked, we’re gonna get breached. We accept that fact, so let’s turn the script on the attackers and stay operational, anyway. It’s a paradigm shift for organizations to start thinking that way.”

Lambros and Fred Wilmot (right), co-founder and chief executive officer of Detecteam Inc., spoke with industry analyst Jon Oltsik (left) at the Cyber Resiliency Summit, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the criticality of a cyber-resilient culture when it comes to mitigating risks.

How operational resilience promotes a cyber-resilient culture

Since operational resilience is one of the key foundations of a cyber-resilient culture, it merits significant emphasis. A strong focus on this area ensures that organizations can effectively anticipate, withstand, recover and adapt to adverse cyber events, according to Lambros. 

“We can’t talk about cyber resiliency without talking about operational resiliency,” he said. “That involves the people and the processes. We can’t build a cyber resiliency program without understanding the operation. It is getting aligned on goals [and] getting aligned on priorities. As cybersecurity professionals, we love to focus on technology because the technology is fun, but guess what? I believe it’s people, process and technology, in that order, for a reason and [it’s] not because they’re alphabetical.”

Driving a cyber resilience program is crucial because of the increasing sophistication, frequency and impact of cyber threats. As a result, a cyber-resilient culture becomes an ideal stepping stone, according to Wilmot. 

“Culture is a huge thing,” he said. “The understanding of a culture that does require that level of adaptive capability also means [that] organically, the organization is prepared to do those things … but I have to actually test and validate those assertions. Third-party risk has to be addressed.”

By demonstrating the real-world consequences of cyber vulnerabilities, ransomware acts as a wake-up call for businesses, pushing them toward a more resilient and robust cybersecurity framework. This is because a ransomware attack often exposes gaps in defenses and prompts organizations to strengthen their infrastructure, according to Lambros. 

“I constantly preach about not spreading fear, uncertainty and doubt, but ransomware … has prompted that notion of the not ‘if’ but ‘when,’” he said. “It’s been so high profile and so highly visible across the cybersecurity landscape and business landscape. An organization of any relative size gets breached by ransomware attacks.

By integrating prevention, response and recovery measures, organizations can effectively mitigate ransomware risks and maintain operational stability. This explains why a cyber-resilient culture is important, Wilmot pointed out. 

“One of the other values that I think it’s presented is that it’s difficult for cybersecurity to align itself with business risk,” he said. “This makes it very easy for us and the relationship and understanding of the technical controls. The processes, the methodology — all of that gets wrapped into a scenario like a ransomware [attack], and [it] turns out [that] crime pays.” 

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of the Cyber Resiliency Summit: 

 Photo: SiliconANGLE