Resilient companies keep practicing until reaction becomes routine
James Lee, Regional Director DACH at Horizon3.ai, explains why cyber resilience needs to be anchored in practice - through continuous testing and practice rather than just guidelines. In doing so, he echoes key statements made by co-founder and CEO Snehal Antani.
Cyber resilience is often presented as a new challenge created by modern threats. However, many of its fundamental principles were solved decades ago with disaster recovery. According to James Lee, Regional Director DACH at cybersecurity company Horizon3.ai, resilient companies are not created through static defense models, but through continuous practice and validation - an approach that Horizon3.ai co-founder and CEO Snehal Antani (see picture) also strongly advocates.
Lee sees a growing gap between policies on paper and actual operational readiness. Horizon3.ai, one of the leading providers in the field of offensive security, takes an approach in which companies review their own IT environments through continuous penetration testing to uncover potential vulnerabilities that could be exploited by cybercriminals. Instead of relying solely on passive protection mechanisms, companies can test their systems themselves in a controlled manner, eliminate vulnerabilities, check the effectiveness of the measures and repeat this process as often as required.
Parallels between cyber resilience and high availability
James Lee makes it clear that resilience is not an abstract concept, but a lived operational practice. He draws parallels with the high availability of IT systems, often referred to as business continuity. In high-availability IT environments, downtime is not an option. Disruptions are not only avoided, but deliberately simulated and tested. Systems are deliberately switched between data centers in order to test recovery processes under realistic conditions. This regular practice creates routine - well-rehearsed processes and clear responsibilities ensure that teams remain capable of acting in an emergency.
This principle of continuously practising real-life scenarios is in line with the principles of offensive security and reflects what Antani and Lee see as a contemporary response to escalating cyber threats. Cyber resilience should not be viewed purely as a tool or reporting issue, but as an operational challenge: systems fail, attackers exploit vulnerabilities - and companies must remain capable of acting under pressure. «Customers expect availability, regulators demand verifiability,» says Lee.
«Resilient companies practice until action becomes routine»
Lee emphasizes Antani's assessment that resilient companies should assume that something will go wrong - and actively look for vulnerabilities before attackers do. «Resilience means practicing response and recovery until it becomes routine. Many companies still rely on assumptions,» he explains. «Defense and recovery plans may look convincing on paper, but fail in practice if regular testing is lacking.»
In real incidents, operational disruptions and targeted attacks are often initially almost indistinguishable. The restoration of services cannot wait for the causes to be conclusively clarified. Disaster recovery and cybersecurity grow together here - what is needed are well-coordinated teams, not isolated concepts that have never been tested under pressure. As Antani emphasizes, the challenge rarely lies in the technology alone, but often in processes and leadership.
One penetration test per year is far too little
Both experts point out the limitations of traditional annual penetration tests - especially in dynamic IT environments. Risks change faster than an annual cycle can reflect: Updates occur weekly, configurations change continuously, cloud and identity architectures are constantly evolving. Without regular security validation, companies run the risk of making decisions based on outdated assumptions.
Lee therefore advocates continuous testing, closely interlinked with change processes. Regular pentests after patch cycles help teams to check whether measures are actually reducing risks. In this way, security evolves from a selective review to a continuous improvement process.
New phase of cyber security through artificial intelligence
According to Horizon3.ai, cyber security has entered a phase where speed is of the essence. AI-supported attacks significantly shorten response times and increase the pressure on companies. This makes it all the more important for teams to be able to fall back on practiced processes - instead of having to make ad hoc decisions under stress. For Lee, the consequence is clear: «Under pressure, teams fall back on what they have practiced - not on what they have planned. Continuous practice and consistent leadership determine how efficient a company really is in an emergency.»
Source: Horizon3.ai
This article originally appeared on m-q.ch - https://www.m-q.ch/de/resiliente-unternehmen-ueben-so-lange-bis-reaktion-zur-routine-wird/
