Focus On Prevention Hasn't Worked, Making Cyber Resilience Elusive

Forbes

a day ago

Brian Contos is the Field CISO at Mitiga with 30+ years of experience building successful companies and evangelizing cybersecurity.
We've spent decades chasing the illusion of "perfecting prevention." The industry has poured billions into digital walls, endpoint solutions, SIEM, SOAR and user awareness training—all to build a world in which breaches don't happen.
However, that world doesn't exist. The cloud-first shift, SaaS sprawl and identity-driven access have fragmented the enterprise environment and expanded the attack surface in all cardinal directions. In this landscape, prevention has fallen short and been outpaced.
Successful attacks keep rising. Credential theft. Exploits. Lateral movement. Data exfiltration. The breach isn't the exception—it's the pattern.
Stop trying to stop every attack. Start building resilience.
Prevention-Focused Security Not Keeping Up
Industry data confirms what security teams experience every day: Attackers are getting in, and the breach vector is changing.
• Identity is under pressure. IBM's X-Force Threat Intelligence Index for 2024 showed a significant increase in identity attacks, with credential theft surging. Mandiant's "M-Trends 2024" report pointed to exploits and stolen credentials as common initial attack vectors.
• Exploits and misconfigurations are growing. The "Verizon 2024 Data Breach Investigations Report" recorded a record high of over 10,000 confirmed breaches, with a substantial 180% increase in attacks involving vulnerability exploitation. Many of these started with exposed APIs or misconfigured cloud infrastructure.
• The scope and cost of breaches continue to rise. Cloud breaches averaged over $5 million per incident, according to IBM's "Cost of a Data Breach Report 2024."
Prevention tools haven't kept pace with how attackers operate in modern environments. As cloud and SaaS usage accelerate, so does the complexity of defense—and the cost of failure.
The Prevention Trap: Overinvesting In The Wrong Fight
The idea of keeping attackers out and stopping an attack before it even begins is powerful. However, most security budgets still prioritize tools built from a perimeter that no longer exists.
Firewalls block malicious traffic and activity. Vulnerability management identifies and patches weaknesses. Security awareness training educates users and prevents phishing. Advanced threat intelligence helps stay ahead of the latest attacker tactics. SIEM centralizes all data for unified detection and response.
These tools are important, but they weren't designed for ephemeral cloud infrastructure, SaaS-to-SaaS access or non-human identity abuse. Today's attacks rarely come through the front door. They originate in misconfigured APIs, over-permissioned service accounts and lateral movement across SaaS apps. Most legacy defenses never see it coming.
We've optimized for stopping threats at the edge in a world where the edge keeps disappearing. Modern threat actors—with their social insight, persistence and innovative methods such as AI-generated phishing, MFA bypasses and credential compromises—have rendered obsolete the notion that every threat can be kept out.
Breaches aren't the failure. The impact of the breach—downtime, disruption and data loss—is the failure. Cyber resilience is a strategy shift. Accept that breaches will happen. Focus on speed, scope and recovery. The goal isn't zero breaches. It's zero breach impact.
Cyber Resilience Starts With Response Readiness
Compromises are inevitable, especially in sprawling, cloud-first environments that expand the attack surface beyond what traditional tools track. This is where the concept of cyber resilience transcends traditional cybersecurity.
Cyber resilience isn't just about preventing attacks—it's about an organization's ability to anticipate, withstand, recover from and adapt to cyberthreats while maintaining business operations. It shifts the focus from stopping attacks to ensuring business continuity and minimizing impact.
The core of cyber resilience lies in effective cyber response. Here's what it takes to contain the damage and bounce back stronger:
Spot the signal fast. Identify unusual identity behavior, risky SaaS activity or abnormal cloud access patterns. This requires advanced monitoring, threat hunting capabilities and skilled analysts.
Lock it down. Once detected, the ability to rapidly isolate affected systems and prevent further spread is paramount. This minimizes the "blast radius" of an attack.
Rip it out. Remove the attacker's foothold and clean up persistence, including all backdoors, malware and persistence mechanisms.
Bring systems back without reintroducing risk. Restore affected systems and data to a trusted, operational state. This heavily relies on robust, tested backup and recovery strategies.
Go deeper than the root cause. What visibility was missing? What response was delayed? Feed those findings back into your tooling, playbooks and team training.
The Path Forward: A Balanced Investment In Resilience
We need to rebalance cybersecurity priorities. While prevention remains vital, your organization must elevate the importance of cyber response to achieve true cyber resilience.
• Prioritize incident response planning. Develop, regularly test and refine your incident response plans. Know who does what, when and how.
• Invest in skilled incident responders. Cultivate internal talent or partner with external experts who can rapidly and effectively manage a breach.
• Embrace automation and orchestration. Leverage technology to accelerate detection, containment and recovery processes.
• Implement robust backup and recovery solutions. Your ability to bounce back hinges on clean, accessible backups.
• Conduct regular drills and tabletop exercises. Practice makes perfect. Simulate attacks to identify gaps and refine your team's response.
• Shift your mindset from "if" to "when." Accept that breaches are a matter of "when," not "if," and build your strategies accordingly.
Build Your Resilient Future—Go Beyond Prevention
Traditional, prevention-first cybersecurity doesn't match the reality of today's threats. As attacks become faster, more targeted and more cloud-native, the ability to endure and recover is what matters. Cyber resilience isn't a nice-to-have. It's the only path forward.
The question is no longer whether you can stop every attack but whether you're ready when one succeeds. A breach may and will happen. Impact is optional.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?