The digital landscape is changing faster than many organizations can keep up with. Data breaches, sophisticated ransomware attacks and critical vendor missteps aren’t just a nuisance; they’re real threats that halt operations, compromise sensitive data, and disrupt economies. Yet too many companies rely on outdated IT strategies that can’t keep pace.
Sticking to what’s familiar just doesn’t cut it. The days of static cybersecurity playbooks and siloed tools are over. Every part of our IT and operational ecosystems must adapt quickly to new and unpredictable risks. This means rethinking outdated assumptions, re-evaluating risk tolerances, and adopting strategies that integrate all areas of the business. To effectively withstand modern threats, we need agile, preemptive, and resilient systems that span not only new digital infrastructures but also legacy systems, third-party providers, and entire supply chains.
Looking forward, this mindset shift is critical. We’re not just securing systems—we’re securing the entire backbone of our organizations and in most cases, our economies. It’s time to challenge what’s familiar and commit to a new era of security thinking that doesn’t just react but anticipates, adapts, and ensures resilience at every level.
Embrace Continuous Assessments as an Ongoing Practice
One of the first steps in this journey is shifting our mindset on cybersecurity assessments from that of a routine obligation to a critical necessity.Testing your defenses only during audits or after incidents is a missed opportunity. Waiting until something goes wrong puts your organization perpetually one step behind.Threats don’t wait for audits, and neither should your defenses. Companies must recognize this and shift their approach, making continuous assessment a cornerstone of their cybersecurity strategy. This isn’t about just checking boxes; it’s about challenging every part of the system, even during stable times when everything appears to be running smoothly.
Adopting continuous assessments as a standard practice uncovers hidden vulnerabilities and pushes your teams to think creatively to develop a proactive security culture. By transitioning to an offensive mindset, assessments will expose weaknesses that static defenses miss. This isn’t just about finding gaps; it’s about embedding a dynamic, forward-thinking approach to cybersecurity, where every layer and role within your organization is empowered to anticipate and respond to threats with heightened awareness. This proactive stance isn’t just an advantage—it’s essential for protecting your business and your customers.
Shift from Reactive to Predictive with Strategic Threat Intelligence
For far too long, cybersecurity has operated in a reactive mode. Even regulatory compliance is a backward looking activity. Building a predictive, intelligence-driven model means understanding not just what threats are emerging but why. With high-profile breaches like the Change Healthcare and CDK Global incidents in 2024, rapid action was critical. Imagine if their teams had access to intelligence that pinpointed evolving tactics before attacks occurred. This kind of intelligence focused on understanding threat actor motivations and identifying new methods allows leaders to preempt attacks, not just respond. The goal is to transition from reaction to preemption, embedding threat intelligence as a core part of your strategy.
Securing the Third Party Supply Chain
Securing third parties is an often overlooked aspect. Many organizations focus on their own defenses while overlooking the vulnerabilities that third-party providers and other critical suppliers may introduce. When third-party security isn’t prioritized, the consequences can be devastating. In the infamous Target breach, attackers gained access to Target’s systems through a third-party HVAC vendor, compromising over 40 million credit card accounts. Similarly, in the case of the SolarWinds attack, attackers infiltrated thousands of companies through vulnerabilities in SolarWinds’ software, used by countless third parties. These incidents show how a single weak link in the supply chain can open the door to large-scale breaches. Leaders must take a proactive approach by thoroughly assessing third-party vendors, setting strict security standards, and regularly monitoring compliance to prevent such costly and damaging incidents.
Design Systems to ‘Fail Smart’ Rather than ‘Never Fail’
Planning to achieve perfect uptime is unrealistic. Instead, IT leaders need to adopt a ‘fail smart’ strategy, where systems are designed to be adaptable, resilient and can minimize the impacts of a failure. This MUST start with a thorough assessment to understand the current state of your systems. This will identify where your gaps and biggest vulnerabilities are. From here, reducing the attack surface becomes a critical priority—by limiting access points, segmenting networks, and stripping down unnecessary components, you minimize the paths attackers can exploit.
Once the attack surface is reduced, systems can be built to recognize, isolate, and respond to issues autonomously. Imagine a manufacturing environment facing a ransomware attack; if each layer is designed to ‘fail smart,’ it can contain and quarantine the affected systems, allowing the rest of your production operation to continue smoothly without disruption. This approach creates true resilience—not by preventing every failure, but by enabling quick, intelligent recovery. By shifting the focus from perfect uptime to strategic continuity, we can develop infrastructures that can withstand attacks and adapt and grow stronger. This is the foundation of a modern, sustainable cybersecurity strategy.
Manufacturing environments are increasingly vulnerable to this, as recent ransomware and data breach incidents have demonstrated. In August 2023, The Clorox Company, experienced a massive ransomware attack that completely shut down their production lines and disrupted operations for over a month. The attack led to manual order processing, product shortages, and direct costs of $49 million, with total losses estimated at $356 million. This was partially due to weak segmentation between its IT and OT systems. To recover, they adopted a comprehensive cybersecurity overhaul that included network segmentation, continuous threat monitoring, and a rapid-response fail smart strategy. They also implemented regular employee training and updated their legacy systems. This response will help properly position them to prevent and survive future attacks.
With interconnected operational and information technology systems, the risk of a single attack causing widespread disruption is high. Leaders must address this vulnerability by implementing strict segmentation between IT and OT networks, limiting lateral movement during breaches. Real-time monitoring of OT environments allows early detection of anomalies, enabling swift response to potential threats. For example, the CDK Global ransomware attack highlighted how downtime can impact production timelines and disrupt entire supply chains. To mitigate this, IT leaders in these industries should ensure that security strategies cover both digital and physical assets, recognizing their interconnected nature.
Setting a New Standard with a Trusted Partner
Having trusted partners who bring deep expertise and proven solutions to the table is essential. With decades of experience, HPE, XYPRO, and the HPE NonStop platform are uniquely positioned to help your organization navigate today’s complex cybersecurity and regulatory landscape. We understand that resilience, adaptability, and proactive security aren’t just ideals—they’re necessities. Our teams bring a blend of technical expertise and industry insight helping organizations protect their assets and anticipate future challenges. We can help you evolve with confidence. By partnering with XYPRO, you gain access to experts, strategies and tools tailored to meet the demands, equipping you to secure your operations, strengthen your defenses, and build the resilience needed to thrive.
Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on Forbes Technology Council, the NonStop Under 40 executive board, and part of the ANSI X9 Security Standards Committee.
With over 20 years in the cybersecurity field, Steve is responsible for the strategy and innovation of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance, and security to ensure the best experience for customers in the Mission-Critical computing marketplace.
Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world.