Cybersecurity leaders urge shift from awareness to real resilience

Cybersecurity Awareness Month has prompted industry leaders to call for a shift beyond traditional awareness initiatives, urging organisations to prioritise resilience, preparedness, and ongoing adaptation in response to the growing sophistication of cyber threats.

Gary Brickhouse, Senior Vice President and Chief Information Security Officer, highlighted the persistent impact of ransomware attacks, which continue to cause significant operational and financial disruptions for businesses. Brickhouse noted that recent incidents have demonstrated the potential scale of these losses, referencing Ingram Micro's reported daily sales losses of USD $135 million during an outage linked to a cyberattack.

"This should drive our conversation from simply awareness to resilience," said Brickhouse. "For cybersecurity teams, this means a holistic strategy is needed to help prevent attacks as well as withstand and recover from them without crippling operations or losing trust."

Brickhouse emphasised the importance of integrating cybersecurity practices with broader business continuity planning, including investments in automated detection and recovery, unified incident response playbooks, and strengthening employee behaviour through ingrained security practices.

Bob Maley, Chief Security Officer at Black Kite, argued that awareness activities, such as posters and webinars, often fall short of achieving genuine engagement. Maley believes the focus should be on instilling a sense of personal ownership among staff regarding security risks.

He commented that proactive responses by individuals on the front line, such as being cautious with suspicious links, can be decisive in preventing widespread breaches. "It is your click, or your recognition of the threat, that will decide if it will turn into a full-blown breach headline or not. Sitting back is comfortable, but it's also expensive. We need sharp, fast, and switched-on people as our frontline defence," he said.

Matt Mullins, Head Hacker and Offensive Subject Matter Expert at Reveal Security, noted that many high-profile breaches over the past year have exploited stolen credentials rather than malware or unknown vulnerabilities. Mullins highlighted the risk posed not only to human accounts but also to non-human identities, such as service accounts and automation tokens, which can allow attackers to evade detection once they are inside systems.

He said defenders need to move their attention beyond external perimeter controls to monitoring behaviour within SaaS platforms and should focus on activity after authentication to prevent data loss and operational disruption.

Data visibility and sustainable controls

Eran Barak, Chief Executive Officer at MIND, suggested that awareness is no longer the main barrier to better security outcomes. Instead, he identified a reliance on outdated data loss prevention tools and a lack of automated, sustainable controls as major challenges. Barak cited research findings that over half of organisations experienced multiple unstructured data loss events in the previous year, and that the majority of sensitive data remains undiscovered and unclassified within organisations.

Barak recommended prioritising efforts to build comprehensive inventories of sensitive data, contextual classification of information, risk-based alert prioritisation, and automating remedial actions to alleviate the burden on security teams.

Neil Carpenter, Principal Solution Architect at Minimus, noted that industry guidance often remains static from year to year, resulting in repeated recommendations with little actual progress. He argued that organisations should reconsider outmoded approaches, notably in areas such as password policies and vulnerability management.

Carpenter highlighted that forcing complex, frequently changing passwords has not demonstrably improved security and can negatively impact user behaviour. He also suggested that narrowing the number and scope of deployed software components helps organisations address vulnerabilities more effectively, rather than simply trying to patch the highest-risk flaws in broad environments.

Refining trust and response

Bert Kashyap, CEO of SecureW2, highlighted the importance of continuous assessment of device and user trust, rather than relying solely on scheduled security checks or static authentication. Kashyap stated that traditional validation intervals can leave windows of opportunity for attackers. In contrast, continuous monitoring of device posture, risk context, and user signals enables faster detection and automatic revocation of access if conditions change.

He explained that cloud-native architectures leveraging multiple sources of telemetry help organisations respond to evolving risks more quickly and reduce the time attackers can remain undetected within systems.

Preparedness over awareness

Edwin Weijdema, Field Chief Technology Officer EMEA at Veeam, argued that awareness alone is insufficient, given the frequency and profile of cyberattacks that make headlines. He asserted that many incident response plans are inadequately tested in practice, likening them to fire drills where the superficial elements are present but operational effectiveness is unproven.

"Organisations might have implemented cybersecurity measures after seeing headlines or simply to stay in line with regulation, but too many incident response plans still remain built on hope rather than substance," Weijdema commented. He encouraged organisations to move along the maturity journey from awareness towards tangible preparedness, advocating for routine testing and refinement of incident response capabilities.

Across these perspectives, cybersecurity professionals are aligning around the need for businesses to embed resilience, data visibility, rapid response, and practicality in their security frameworks, suggesting that awareness campaigns are only the starting point in building effective defences.