On episode 109 of the Power2Protect Podcast, I had an insightful discussion on how organizations can improve their cyber resiliency posture, with Francesco Chiarini, Founder and Chief Researcher at High Value Target, a boutique research firm that specializes in designing and implementing methodologies aimed at significantly increasing an organization’s cyber resilience posture against sophisticated cyber threats.
With the sheer complexity of today’s threat landscape, organizations are realizing that cybersecurity alone is not enough. To stay one step ahead of attackers, businesses must aim for something higher: cyber resilience. It’s not just about keeping intruders out but ensuring the organization can anticipate, withstand, recover, and grow stronger from cyber events. Here’s how businesses can take practical steps toward creating a truly cyber-resilient framework.
The Foundation of Cyber Resilience
Cyber resilience bridges the gap between cybersecurity and business continuity. From a Dell point-of-view, achieving resilience requires a focus on three critical pillars:
- Reduce the Attack Surface – Make it harder for attackers to infiltrate and move laterally across your network, minimizing opportunities for potential breaches.
- Detect and Respond Quickly – Prepare for the inevitability of threats with systems designed to identify and neutralize intrusions rapidly. No defense is impenetrable, so the ability to act in real-time is crucial.
- Recover with Trusted Data Integrity – When other defenses fail, organizations must have reliable data and robust recovery plans to rebound effectively, ensuring continuity without compromise.
This approach simplifies the path to resilience by addressing the most essential actions required to mitigate risk, safeguard operations, and enable recovery.
Drill Drill Drill
Preparedness is a pillar of resilience, and tabletop exercises offer an indispensable way to simulate real-world attacks. On the podcast, Chiarini highlights their importance, noting that a mix of frequent tactical drills and global simulations ensures readiness. Consider them like a fire drill for your digital assets.
Tabletop scenarios can cover everything from insider threats to malware infections or supply chain compromises. Chiarini recommends exercises tailored to each organization’s specific risks, ensuring that employees know their roles, escalation chains are clear, and gaps in response playbooks are identified. Hybrid exercises, which combine role-playing and attack simulations, provide even more robust testing.
How often should they be conducted? According to best practices, annual sessions are essential, but high-risk industries like finance and healthcare benefit from biannual or even quarterly drills to stay sharp.
Cybersecurity Goes to the Boardroom
The responsibility for cyber resilience doesn’t end with IT professionals; leading organizations integrate these strategies into the highest echelons of decision-making. The boardroom must treat cyber threats with the same urgency as financial risks or competitive strategy.
Board members need to arm themselves with the right questions to guide discussions effectively, such as:
- What specific risks does our organization face, and how prepared are we?
- How are security frameworks like NIST and MITRE adapted to protect us?
- What incentives ensure teams prioritize cybersecurity?
Making cyber resilience a boardroom priority ensures accountability across the organization and fosters a proactive security culture.
Quick Wins to Jumpstart Resilience
Every business, no matter its size, can take immediate steps to build resilience. Chiarini proposes starting with initiatives that deliver immediate impact, such as enabling multi-factor authentication or securing privileged accounts. Cyber recovery planning stands out as another critical measure. Chiarini emphasizes the importance of asking, “How long will it take to rebuild the business from the ground up?” in the face of a large cyberattack.
Chiarini noted that restoring a single application can involve over 100 tasks, making it impractical to manually recover hundreds or thousands of applications due to the immense time required. Automated recovery processes play a crucial role in helping organizations restore operations with accuracy and efficiency, as manual recovery struggles to keep pace with the demands of large-scale disruptions.
Building a Resilient Culture
Technology alone is not enough; people and processes are just as vital to resilience. This means fostering awareness at every level of the organization. Employees must recognize phishing attacks, executives need a solid understanding of risk management, and leadership must approach threats from an adversarial viewpoint to protect their missions.
Chiarini’s Cyber Resiliency Academy offers businesses an opportunity to embed this mindset deeply. Through a mix of theory and hands-on applications, teams learn how to apply frameworks like NIST and MITRE in practical settings, ensuring defenses are strengthened and recovery strategies are clear.
The Path Forward
Cyber resilience is no longer optional. With threats evolving every day—from nation-state actors to zero-day exploits and supply chain vulnerabilities—organizations must stay proactive, agile, and intentional. Success lies in combining strategic planning, robust training, and clear prioritization.
To empower your organization with the tools, training, and resources necessary to thrive amid challenges, explore highvaluetarget.org or enroll in advanced training through the Cyber Resiliency Academy. For cyber resilient multicloud solutions, visit Dell’s Data Protection resource pages to learn more and start building your roadmap to cyber resilience today.
