Building Real Cyber Resilience

Mark Warner, chairman of the US Senate Select Committee on Intelligence, recently made a statement to the Washington Post that should make the world take notice: the cyberattack discovered in early October on major US telecommunications networks, including AT&T, Verizon, and T-Mobile, is “the largest telecommunications hack in US history – by far.” The attackers, believed to be based in China, were likely entrenched in the system for over a year, and “kicking them out” is no easy feat. According to Warner, “literally thousands of devices would have to be replaced,” particularly switches and routers.

Cyberattacks of this scale don’t happen every day, but their occurrence in a technologically advanced sector like telecommunications underscores the seriousness and reality of cyber threats today.

Against this backdrop, it’s surprising that only 42.5% of German companies express concern—or even mild concern—about their ability to defend against potential cyberattacks. This finding comes from a recent survey of IT decision-makers conducted by industrial insurer QBE. Even more surprising is that 24.2% of respondents admitted they had been affected by cyberattacks in the past year.

Defense Alone Is Not Enough

One possible reason for the low concern could be a misunderstanding of what a comprehensive cybersecurity strategy entails. A complete strategy is about much more than defense—there’s no such thing as 100% security. Companies need a holistic, interconnected approach. While it’s essential to continually improve security measures, the ultimate goal should be to build true cyber resilience. This means implementing a robust security infrastructure capable of continuously monitoring systems, enabling a rapid and targeted response in emergencies, and learning from incidents to prepare for future threats.

The recent attack on US telecommunications providers illustrates how critical prevention is as a cornerstone of any cybersecurity strategy. Firewalls, encryption, and regular updates are the basics, but modern cyber resilience also demands automated security solutions such as Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). Regular staff training and simulated attack exercises are equally vital. The US example shows that few things are as dangerous as attackers roaming undetected within a system for extended periods.

To prevent such freedom of movement, companies must adopt two key approaches to identity protection: proactive safeguarding of digital identities and the implementation of a Zero Trust model with Multi-Factor Authentication (MFA). Zero Trust assumes that every transaction is untrustworthy until verified, making it harder for attackers to exploit compromised credentials. MFA adds another layer of security with tools such as hardware tokens or one-time passwords.

Identifying and Addressing Weaknesses

Our Compromise Recovery team is frequently called in by insurance companies or forensic experts—often for non-customers—to “save what can be saved.” Remarkably, we usually recover more than expected. From these experiences, one insight stands out: very few companies fully understand their vulnerabilities.

This is understandable; no one likes having their weaknesses exposed. However, unannounced attack simulations or penetration tests can help identify and close potential gateways. Cybersecurity is ultimately a strategic game, and it’s essential not to underestimate the sophistication and technological prowess of today’s attackers. Early threat detection is crucial, and AI tools like anomaly detection and Endpoint Detection and Response (EDR) systems can help by flagging suspicious activities.

Quick Response Is Crucial

Cyber-resilient companies don’t just close their security gaps—they’re also prepared for emergencies. If an attacker breaches the system, it’s vital to eliminate them quickly and restore functionality without delay. This dual focus is at the core of our Compromise Recovery team’s work. That said, having well-established response and crisis management plans significantly eases our task.

In a crisis, two priorities stand out: restoring operations as quickly as possible—or, ideally, continuing them without interruption—and isolating and restoring compromised systems and data. A clearly defined emergency plan with assigned roles and responsibilities ensures no time is wasted.

Beyond technical measures, communication is critical. To maintain trust and avoid reputational damage, companies must promptly and transparently inform customers, partners, and employees about the incident and the steps taken to address it. Professional and swift responses can significantly mitigate the impact of a cyberattack, safeguarding business continuity and stability.

Standing Still Is Not an Option

When the right experts collaborate and respond quickly to a cyber incident, the damage can often be contained. However, just as important as a well-trained rapid response team is the post-incident analysis and follow-up. Every cyber incident provides valuable lessons that can enhance a company’s cyber resilience. Each layer of protection—from security architecture to crisis management and follow-up—reinforces the next, ensuring companies remain prepared to face the challenges of the digital age.

While the rules of “cyberwar” may be few, one principle stands firm: standing still is not an option.

Alexander Bogocz
is a cyber incident expert at Skaylink.