When it comes to cyber attacks, it’s no longer a question of if but when. Threat actors aren’t discriminating between the public or private sector — each organization has valuable data, which means every organization is a viable target.
In this new threat landscape, digital resilience — the ability to defend against, withstand, and recover from attacks — has become an operational imperative. With threat actors targeting organizations across the U.S., it’s essential to embed cyber resilience into the core of our national infrastructure, safeguarding both sectors and reinforcing a more secure future.
The first step in building a resilient nation is realizing what many organizations, both public and private, are still getting wrong about cybersecurity:
1. Attacks Aren't Created Equal
Many IT organizations deploy a single security solution for their entire IT infrastructure. This approach simplifies life for attackers, allowing lateral movement throughout a system. To prevent easy exploitation, critical assets must be prioritized within the IT infrastructure.
2. Focus on Unauthorized Behavior
Many leaders focus on detecting unauthorized behavior or actions by threat actors, but the emphasis needs to shift toward scrutinizing allowed behavior. Organizations must critically evaluate what they willingly permit into their IT environments and understand how these decisions can weaken their overall security posture. A "deny-by-default" approach defines zero trust. Zero trust is a model, not a product. Similar to the security model in mainframe systems, nothing is allowed unless explicitly granted. This approach simplifies the identification of unauthorized behavior and reinforces the importance of mandatory security policies to safeguard environments effectively.
3. Infiltration Doesn’t Mean Defeat
Organizations often consider themselves defeated if a threat actor successfully infiltrates their environment. However, the real victory is stopping the attackers from achieving their goal. This is why multi-layered cybersecurity is critical, as it forces threat actors to jump through multiple hoops. Mature organizations have begun to categorize and ingest security data in tiers. Certain data is essential for compliance, while other data provides critical operational value. Often, the initial detection of a security incident stems from anomalies in system performance. Understanding what is critical and centralizing that data within a unified platform is key to identifying these issues promptly and effectively.
4. Confidence in Your Data (Platform)
Security lies in our ability to manage anomalies; subtle deviations from the norm that often hold the key to identifying and resolving issues before they spiral out of control. Not all anomalies are security incidents, but all security incidents are anomalies. Anomalies are everywhere in your data: unusual traffic patterns, unexpected spikes in resource usage, or irregular user behaviors. Not every anomaly indicates a threat. Some are harmless — a result of benign system updates or temporary congestion. Conversely, every security incident — from ransomware attacks to data breaches — does begin as an anomaly. The challenge lies in distinguishing the benign from the malicious. Data leverage is needed to discern the difference and confidence in the fidelity of the data is critical.
The public and private sectors face common challenges affecting their cybersecurity efforts. A persistent shortage of qualified cybersecurity professionals makes it difficult for organizations to find and retain the talent to combat cyber threats effectively at scale. Additionally, the increasing prevalence of AI, particularly generative AI, especially in software development, presents a double-edged sword. While AI offers numerous advantages, it also makes life easier for threat actors, creating a race to harness the technology effectively, as highlighted in Splunk’s State of Security report.
Moreover, compliance with SEC regulations and other federal mandates adds another layer of complexity to the cybersecurity efforts of public companies. These rules necessitate stringent measures to protect sensitive information, further complicating the already challenging landscape.
It’s important to remember that there is no standard for how public and private companies should partner to promote a cyber-resilient nation. As we discuss in Predictions 2025, governments must redefine what constitutes a material event, understanding that it's not just a cyber issue but a broader question of resilience. Materiality should be tied directly to how quickly and effectively you can recover from an incident, regardless of the cause. The public and private sectors have to collaborate to get this right, recognizing that the real impact lies in disruption and the ability to maintain mission-critical operations.
Strong examples of public-private partnerships working on a smaller level exist. For instance, the LSU student-powered SOC (Security Operations Center) is a promising model. The next step is to elevate these partnerships from a university or grassroots level to more prominent companies and organizations.
We’ve also seen successful collaborations on a larger scale, such as the coordinated efforts following the famous Log4Shell vulnerability, as highlighted by the World Economic Forum.
By taking proactive steps within your organizations, you can lead the charge toward a resilient nation. Simple actions like using password managers, enforcing multi-factor authentication, regularly updating software, and testing (and securing) backups are foundational in building a resilient culture. With Splunk, you gain real-time visibility and insights into your IT environment, ensuring you're not just reacting to threats but actively fortifying against them. Resilience is measured not just by your ability to withstand an event, but how quickly your organization can recover from one.
Lay the groundwork for a safer, more secure future for everyone. Splunk empowers this mission — driving resilience from within to protect what matters most. By fostering a culture of digital resilience within our organizations, we take the first critical step toward a more secure future for all.
The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.
Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.