A Cyber Resilience Strategy That Supports Success
To address evolving threats and ensure viability, organizations need a comprehensive approach that helps them bounce back quickly.
- ADAPTING TO AN EVOLVING IT LANDSCAPE
- STRATEGIES FOR CYBER RESILIENT ORGANIZATIONS
- KEY AREAS TO INVEST IN CYBER RESILIENCE
Technology environments are constantly changing, and resilience efforts must adapt. For instance, artificial intelligence (AI) has quickly become a mission-critical technology for use cases such as customer service, and leaders must ensure that these tools are resilient to prevent business disruptions. Increasingly, organizations are leveraging automation and orchestration to improve the speed, performance, reliability and recoverability of IT systems. Many cybersecurity leaders have adopted a zero-trust approach to cybersecurity, requiring continuous verification of devices and users, to adapt to an evolving threat and infrastructure landscape.
CYBERSECURITY THREATS: It is difficult to overstate the impact that ransomware has had over the past decade. Experts estimate that economic damage caused by ransomware in 2025 — including ransom payments, downtime, recovery costs and reputational damage — will reach $57 billion. And with ransomware attackers increasingly launching “double extortion” attacks, in which they steal data and threaten to release it publicly, even organizations with robust backup and recovery environments are at risk. One reason ransomware attackers have been so successful is that they constantly adjust their methods in response to improving defenses and law enforcement efforts. Credential theft through social engineering attacks such as phishing continues to be the top vector used by ransomware attackers, and AI is enabling faster targeting and more sophisticated attacks.
COMPLEXITY OF MODERN IT: Not so long ago, it was practically revolutionary for organizations to migrate significant resources to even one public cloud environment. Today, only 12% of organizations are using a single public cloud vendor, with nearly all the rest using some mix of public and private cloud resources in hybrid or multicloud environments, according to Flexera’s 2025 State of the Cloud Report. Often, legacy on-premises systems continue to operate alongside these increasingly complex, sprawling cloud environments, and emerging technologies such as AI add even more complexity. With this complexity come certain inherent risks that leaders must take steps to understand and address. For example, an application hosted by one cloud vendor may rely on microservices supported by another provider, leading to multiple potential points of failure.
SUPPLY CHAIN VULNERABILITIES: Cybercriminals can exploit supply chains by targeting smaller partners with weaker defenses and then using these footholds as launchpads to attack larger, more secure organizations. Beyond cyberthreats, supply chains face risk from factors including natural disasters, global conflicts, economic instability and labor shortages — any of which can disrupt business operations. The COVID-19 pandemic illustrated how choke points can ripple across ecosystems, slowing production and delivery. During that time, many organizations found that their sudden need for new devices and infrastructure coincided with vendors’ sudden struggles to even maintain their typical production volumes. To ensure cyber resilience, organizations must not only vet third-party security practices but also make contingency plans to account for potential disruptions across their supply networks.
LIMITED VISIBILITY: The complexity of modern IT systems makes it more difficult for organizations to maintain clear visibility into their environments. According to one 2024 report, for instance, 67% of organizations struggle with visibility into their cloud environments. This limited visibility can lead to problems such as misconfigurations and unpatched vulnerabilities. It can also make it challenging for leaders to prevent shadow IT, increasing the risk that employees will use unauthorized tools that don’t meet enterprise security standards. Perhaps most detrimental to cyber resilience, limited visibility can delay the detection of security incidents and other problems. The longer it takes IT teams to detect issues, the more damage they can do — and the longer it may take to recover.
Click Below To Continue Reading
Clarity That Drives Resilience
Many organizations rely on rigid checklists or frameworks to assess their current levels of resilience, but leaders typically lack the business case to justify or prioritize specific investments where they would have the best impact. CDW’s Security Program and Risk Quantification (SPARQ) engagement helps organizations assess their existing cyber resilience posture and prioritize efforts to improve it.
FRAMEWORK ASSESSMENT: During the assessment stage, CDW’s experts follow three critical steps: evaluate current capabilities, risks and maturity; identify gaps across people, processes and technology; and map these abilities and gaps to business-critical functions. This process follows a controls-based approach that leads to a prioritized, risk-informed roadmap.
RISK QUANTIFICATION: Once risks are identified, CDW’s experts quantify them according to exposure and potential operational impact. During this process, potential investments are aligned to strategic priorities, and organizations receive a cost-benefit rationale for resilience-related upgrades.
BUSINESS-ALIGNED RECOMMENDATIONS: CDW helps IT and business leaders build and operate modern, adaptable resilience programs. During this stage, CDW’s experts architect a resilience environment aligned to the desired future state, implement new solutions and continuously work to improve resilience over time.
Focus on the Fragile: Traditionally, cyber risk management has focused on identifying and mitigating risks to the most valuable assets of an enterprise, often paying less attention to less valuable but more fragile parts of the environment.
Fragility, not vulnerability, is the opposite of resilience. A system may be vulnerable to exploitation but fundamentally continue to work as intended even if it is exploited. Fragile systems, on the other hand, can break so fundamentally that they stop working as intended or cease to be trustworthy. Historically, organizations have focused on protecting the confidentiality of their systems. Now they must also consider the availability of their systems. These systems break when put under sufficient pressure and may be costly to repair or recover. Worse, they can affect other systems that depend on them. Many of the threats organizations face focus on identifying such fragile points and exploiting them. Efforts to improve strength and resilience will help limit the impact of availability attacks.
Prepare for Impact: It is inevitable that systems will break under pressure, but few organizations are prepared to accept and absorb this impact, particularly to critical infrastructure or data. When these systems are affected, critical processes may fail.
Resilient organizations work to identify ways that they can continue to operate even when such systems may be hit by a disruption. They look for ways to continue to operate while damage to systems, data or trust is being repaired. They prepare alternative processes that assume that systems will be impacted and work with key stakeholders to figure out how best to address these issues.
Organizations can start by examining key processes and identifying where they rely heavily on undamaged capabilities to work. In situations where systems need to be functioning at a high level, they should determine what effect a lower level of function might have. Are systems still usable? How? Ultimately, organizations must find ways to work.
Click Below To Continue Reading
Know What Is Needed To Maintain Viability: Most organizations have reasonably clear ideas about which systems are mission-critical, but fewer organizations have a clear idea about what they would need to maintain to remain viable. During a widespread cyberattack, for example, it may simply not be possible to repair or recover everything quickly, so organizational leaders must understand what they absolutely need.
Defining what represents a minimum viable organization will help to focus effort on the capabilities required to keep the organization operating. Determining minimum viability typically results in identifying the subset of critical business processes (and associated applications, infrastructure and data) where leaders should really focus their investments in cyber resilience and recovery.
Become a Moving Target: Cyber resilience is not only about making targeted platforms more resistant to sustained attack; it’s also about making them harder to attack in the first place. When organizations continue to deploy and protect targeted applications, systems and data in predictable ways, they make things easier for the attackers. Given time, even highly complex environments may be breached by persistent attackers. As highly adaptive, AI-driven attacks become more common, organizations will have even less time and resources for their defense.
AI-driven adaptability is also essential to newer cybersecurity solutions that can leverage a moving-target approach. By using adaptive techniques, often also driven by AI approaches, organizations can provide shifting defenses that alter the attack surface or change vulnerable assets to make it more difficult to get a foothold. They may also use similar techniques to adapt to new attacks more quickly, helping vulnerable systems to be self-healing.
Build Up Organizational Resilience: While cyber resilience efforts tend to focus on applications, systems, data and infrastructure, it’s just as important to make an organization — particularly its people — more resilient under pressure.
This typically starts by recognizing that response to a serious cyber incident is almost always driven by a few key individuals. They must respond well in a crisis, be quick to make decisions and take action, and have strong knowledge about what can be done and how. Organization leaders also must understand that during an incident, they may overuse these individuals and should instead increase their reliance on their wider teams.
By focusing on developing the strengths of the team, organizations can improve overall resilience under pressure.
To truly enable cyber resilience, organizations must invest in more than just traditional cybersecurity solutions. They also must implement tools that address the human element of cybersecurity, leverage automation and promote visibility to put them in a position to recover from attacks quickly and effectively.
Better Visibility: Organizational leaders should look for opportunities to move beyond traditional cybersecurity controls to those that focus on improved adaptability against attacks geared toward disrupting system availability. This typically starts with the standard layered defenses and also leverages solutions that can shift to counter new threats.
For this approach to work, organizations need the ability to quickly sniff out potential attacks and launch responses before breaches are successful. IT leaders should look for opportunities to expand visibility into all parts of their environment, whether on-premises or in the cloud. Organizations also should leverage the data from tools that offer improved real-time analysis and monitoring, such as newer security information and event management solutions. This improved visibility can help organizations take advantage of network detection and response, endpoint detection and response, or combined solutions to speed up response efforts and limit the damage caused by an attack.
Automated Response: A key part of any cyber resilience strategy is limiting the impact of a successful attack. Adaptive infrastructure enables organizations to recover more quickly, and cybersecurity controls may be able to stop attacks, but these tools are considerably less effective if they rely on manual workflow.
Organizations should invest in suitable automation capabilities to help develop, execute, maintain, and improve automated response and recovery. While this can start with the automation of simpler, repetitive tasks common to most workflows, newer AI assistants are also becoming available that can provide more advanced decision support and take some autonomous actions to respond or recover more quickly.
Adaptive Infrastructure and Controls: While traditional, static defenses have their place, they may do little to limit damage to more fragile parts of the environment. Organizations should look for solutions that promise a high degree of adaptability.
This includes various forms of adaptive infrastructure that enable the organizations to pivot critical capabilities more quickly from one type of infrastructure to another, allowing them to move important workloads as needed.
It also includes latest-generation cybersecurity protections that leverage AI-driven techniques to more quickly flag anomalous activity as malicious and offer multiple techniques to respond more effectively. For example, most modern AI-driven techniques have the ability to tie into backup solutions and trigger a secure backup when malicious activity is flagged.
Click Below To Continue Reading
Improved Cyber Recovery: Older disaster recovery capabilities have proved to be a weak point for most organizations, since they rely on backups and replication that may be compromised during an attack.
Cyber recovery tools focus on extending traditional backup and recovery solutions to add immutability, as well as more advanced security and anomaly testing. They also provide additional infrastructure to rebuild or restore systems in isolated clean rooms before either moving them back into normal operations or into alternative recovery rooms for use by the business. They also implement the application, security and data quality tools needed to provide the organization with a higher assurance of a safe recovery.
Resilience Training and Exercises: The best way for people to establish resilience is to develop their strengths and test them under real-world conditions. This typically means moving beyond simple tabletop exercises (where teams who respond to major cyber incidents discuss how they might respond) to more complex simulations (such as purple team testing) that require them to take action under pressure and put their defensive, detection and responsive techniques and tools to the test.
Such simulations do a lot to help improve overall organizational and team resilience, but it’s important to also invest in the individuals who drive response. Organizational leaders should work closely with key individuals to develop training and development paths that reinforce their areas of strength and tackle opportunities for improvement.
The Benefits of Resilience: A mature cyber resilience program leads not only to robust cybersecurity tools and practices but also to resilience throughout an organization. Resilient people and teams collaborate cross-functionally, have a shared understanding of their roles and can adapt under pressure, even in unfamiliar and high-stakes situations. Meanwhile, resilient processes and workflows are backed by documented and tested playbooks that allow organizations to remain effective even when things don’t go as planned. And resilient technologies and systems are architected for recovery, with security controls that adapt and self-heal. Together, these resilience capabilities can deliver outcomes such as accelerated transformation, secure remote and hybrid work, improved IT performance, and disruption-ready systems that can adjust to and recover from a wide range of unexpected events.
How can your organization bounce
back quickly from IT disruption?
Gary McIntyre
Managing Director of Cyber Defense, CDW
Rashid Rodriguez
Cyber Resiliency Practice Lead
Mark Beckendorf
Senior Manager of Digital Velocity