Cyber Resiliency Summit Encore Presentation | Show Kickoff with Jon Oltsik

Clips
News
More from Cyber Resiliency Summit Encore Presentation

Jon Oltsik

Principal Analyst in Residence

theCUBE Research

Building cyber resilience: Strategies to combat AI-driven threats and ransomware

Cybersecurity strategies are undergoing a transformation as organizations face increasingly sophisticated threats, such as artificial intelligence-driven attacks and ransomware.Safeguarding digital assets now requires more than advanced technology — it demands an integrated approach that combines people, processes and constant vigilance. With cyber resiliency becoming a board-level priority, businesses are doubling down on proactive planning, cross-functional collaboration and rigorous testing to stay ahead in an era where the question is no longer if an attack will occur, but when, according to industry analyst Jon Oltsik (pictured)

play_circle_outline Securing System Availability: Importance of Cyber Resiliency Through Testing, Communication, and Collaboration

play_circle_outline Cyber recovery more important than traditional disaster recovery in face of cyber attacks

play_circle_outline Collaboration between security and IT teams crucial for effective cyber resiliency

Info
Transcript

Show Kickoff with Jon Oltsik

Jon Oltsik

Principal Analyst in Residence theCUBE Research

Jon Oltsik, industry analyst, joins theCUBE Research's Chritophe Bertrand to kick off the Cyber Resiliency Summit. They discuss the importance of cyber resiliency in today's market, covering topics such as ransomware threats, comprehensive protection programs, challenges, best practices and lessons learned.

Find out more about theCUBE's coverage of the Cyber Resiliency Summit https://www.thecube.net/events/thecube/cyber-resiliency-summit

People, processes and technology play an important role in defending against cyber threats and recovering ef... Read more

explore Keep Exploring

What is the importance of cyber resiliency in the security world and how has it evolved in recent years? add

What is cyber resiliency and how does it differ from traditional disaster recovery? add

What is necessary for cyber resilience and successful implementation of technology in cybersecurity? add

bolt Powered by CUBE AI

Show Kickoff with Jon Oltsik

search

>> Hello and welcome to the CUBE Cyber Resiliency Summit 2025. My name is Christophe Bertrand, principal Analyst here at the CUBE Research. I'm honored to be your host for the next couple of days. We will speak with experts like distinguished analyst, John Olsik, and executives and CISOs from many organizations such as Dell Technologies, Congruity, 360, Reco AI, Index Engines, Infinida, Veeam, KnowB4, Cohesity, Fujifilm, Vercel, Cribl, Cloudflare, and Broadcom. I am here at the Palo Alto CUBE Studio, and joining me to kick off this event is John Olsik, distinguished analyst at large. John, welcome.

>> Thank you, Christophe. It's great to be here.

>> So this is interesting. This is, I think, the second Cyber Resiliency Summit that the CUBE has hosted. I was actually a guest on the last one, and I'm very happy to be hosting this one. It's great to have you here today, John. John, you've been in cyber security, cyber resiliency for many years. So why is it an important time and a good time to be having this summit? What do you see in the market? What are you hearing from the many people you speak with?

>> Christophe, the way I'd answer that question is in the security world we talk about the CIA triad, confidentiality, integrity, and availability. And in truth, the cyber security folks really focused on confidentiality and integrity and then kind of worked with the IT people, the development people, and took a backseat role in availability. When we talk about cyber resiliency though, that is an effort to change that. That is an effort to build a comprehensive program around keeping the systems running, keeping the systems effective, protecting the business. And in the last few years, that's gotten a lot of momentum. So I think your timing is good and I think the topic is great.

>> Right. And really what I've seen and observed from my end, coming from data management, storage, backup and recovery, disaster recovery standpoint, including some compliance as well, work that I've done, I realized, hang on, there's really a convergence of markets because of really the emergence of threats, of new threats, of ransomware, of cyber criminals trying to either encrypt, destroy, or steal your data, or access to your data. So many different possibilities, unfortunately. And of course, all of this is getting accelerated with new technologies like AI, really making the attackers even more potent. So one of the things, John, we have you at this event talking to a couple of your friends from the CISO world. What can we expect from your segment, which is going to be running tomorrow?

>> Yeah, I'm looking so forward to it. It's some CISO friends of mine, Rock Lambrose and Fred Wilmont. These guys are serial CISOs, they've been doing this forever and I meet with them every year at RSA, amongst other places. But I think what you'll hear from them is a couple of things. Number one is cyber resilience isn't a new thing. This is something that the CISO has been involved with forever, but you'll also hear them talk about the fact that it's a board level issue now. And because it's a board level issue, it's spilling into the planning, it's spilling into the culture, it's spilling into the day-to-day operations. And that hasn't happened, at least to the extent in the past that it is happening now. There are challenges in that, there are communication gaps in that, there's the absolute need to collaborate amongst different constituencies, and they'll talk about all of those things too. Some of the challenges, best practices, lessons learned,

>> Right. And that's an area that I'm certainly looking forward to in this summit. We have... I mentioned the names of some of the vendors and sponsors we have joining us, big players in technology, but it's also not just about technology, as you mentioned, it's really about the people, the processes and the technology working together to really solve this issue. One of the key areas, I believe, is that as long as people are involved there will be complexities and maybe difficulties even, because we are also a target. And that's an area that I'm certainly going to be exploring beyond just the great technologies that exist and are in place today to help organizations better defend themselves, and of course recover when the time comes. So is it fair to say, John, that we now live in a world where it's not a matter of if, it truly is a matter of when, and you might just as well be very ready. Is that a fair statement?

>> It's absolutely a fair statement. I think that's been the case for a while, although I think the world is waking up more to that fact. But, it's the Boy Scout model, plan for the worst and hope for the best. Maybe that's not the Boy Scouts, but you do have to plan for the worst. And I do mean plan, and that means testing, that means communicating, that means understanding everyone's role, understanding legal implications, making sure you have the right insurance. So, it's pretty comprehensive.

>> Right. And you've just mentioned insurance. It's not necessarily an area we'll cover in a lot of details. But I'm wondering actually if that's maybe... it's giving people a false sense of security to think they have insurance. We've discussed the topic a couple of times and I know that before you can get insured, you actually have to show all sorts of systems and controls and etc before you can even get insured. So, is insurance really this sort of guarantee, or is it more of another incentive to really get things right on your own, in your own organization?

>> I think you're onto something. But it's sort of happened in the past where it was looked at... insurance was looked at as a panacea, where if something happens they'll pay. Absolutely not true anymore. The insurers, the underwriters are making sure their customers are doing the right things in terms of cyber hygiene, in terms of the resilience programs that you talk about. They're monitoring those things, at least on an annual basis, if not more often. They're helping, they're coming in and stepping in and saying things like, "We've seen this vulnerability on your external attack surface. Here's some of the things you should be doing." But, they're also litigating. So if in fact you're breached and they find that you had a material lapse in your protection, in your cybersecurity controls, in your processes, you may not get paid. So it's not a panacea anymore. I think the insurers would encourage it to be a partnership. They can help a lot, but you have to be willing to play and be willing to do the self-help.

>> Right. Which is why this summit is so important, because we're going to talk to a number of executives and experts who really build technology that helps prevent problems, recover from attacks, and really protect what has become very critical assets to any organization, which is its data and its infrastructure. So for me, cyber resiliency is really about the ability for the infrastructure and really the business more widely, to be resilient from any type of problem. I like to joke that disaster recovery is dead, now it's all about cyber recovery, because if you can recover from a cyber event, you can pretty much recover from anything. Think about it. Traditional disaster recovery, you cannot see it coming in many ways. It could be a hurricane, it could be a problem like that, or it could be something that happens pretty instantly, but you still have the ability to fail over to a good copy of your data. Here you don't even know if the data is still good. You don't even know if you can log on. You can't trust anything in some cases. So if you think about the people and processes, from your standpoint, John, do you think that there is a fundamental change in the role of the security teams versus the IT teams? Are we seeing a combination of those teams, or are new roles needed actually?

>> Well, cyber resilience demands that type of collaboration and cooperation. And Christophe, you've really hit on that, that you can buy all the technology you want... But we see this in cyber security all the time, people buy these technologies, they configure them poorly, they're not updating them, they're not tuning them. So you have to put the effort in and that means you have to understand the technology, which means you have the right people with the right skills, and you have to be able to take that technology and what it's telling you and communicate that to the business, to IT, to developers, which speaks to the processes that you're talking about. So it really is a cumulative effort. And you only know that you're doing this right if you test, test, test. You have to make sure that what you think, or your assumptions are correct and if they're not, you need to correct them.

>> And that's exactly what we will hear in the summit. I'm certainly hoping we'll get more clarity in terms of what works. There are some great technologies to allow you to better recover, to constantly test your environment. So I think you're right, great message around testing. Also, there are so many dimensions to this. It's also making sure that social engineering doesn't get in the way. What good is a great environment that could recover from anything if you're going to give away the keys to the kingdom because somebody has been able to social engineer an attack and get that password from you, or whatever the case may be. So there are so many dimensions to this. That's what we're going to explore in the summit. I'm also looking very much forward to your session with the two CISOs that you've invited to the summit. So John, thank you so much for helping me kicking this summit off and for your advice. We will see you in the next few sessions with a great conversation on this topic of cyber resiliency. And stay tuned, there's plenty of content coming your way. This is the CUBE Cyber Resiliency Summit 2025.