Putting Identity And AI At The Center Of Cyber Defense

When it comes to cyber resilience, many organizations focus on recovery rather than continuity. However, this approach can leave them vulnerable to disruption, as a “recovery-first” plan may not allow teams to access critical systems and crisis playbooks during a disaster. True resilience requires a different mindset, one that prioritizes operations continuing while systems are being restored.

Shifting the Focus to Continuity

This shift in focus starts with communications. Rather than relying solely on identity-dependent platforms like Teams, Slack, or email for crisis coordination, organizations should implement out-of-band communication systems. These can include secure, pre-staged chats outside of Single Sign-On (SSO), hardened bridge lines, or even old-fashioned phone trees. By practicing switching to these systems under pressure, teams can ensure that they can continue to operate even if their primary communication channels are compromised.

Tabletop exercises also play a critical role in building resilience. However, many of these exercises are too polished and linear, failing to introduce the friction and chaos that can occur during a real crisis. To be effective, tabletop exercises should consider what might go wrong and simulate the uncertainty and complexity of a real-world disaster. This approach can help leaders prepare for the unexpected and develop the skills they need to navigate a crisis.

Identity and AI as the New Front Line

Identity has become a critical attack surface, with human accounts often fortified with multifactor authentication and training. However, the invisible scaffolding of nonhuman identities, including service accounts, workloads, bots, and AI agents, remains vulnerable. These accounts frequently have higher privileges, don’t expire, and often have no clear owner, making them an attractive target for attackers.

To build resilience, organizations need to take a more proactive approach to managing nonhuman identities. This includes creating a living inventory of these identities, assigning ownership, implementing safe credential rotation, and monitoring behavioral anomalies. By taking these steps, organizations can reduce their risk of being compromised and improve their ability to respond to a crisis.

The rise of agentic AI, capable of reasoning, decision-making, and taking action, has amplified the challenge of managing nonhuman identities. To address this, organizations need to implement machine-readable policies, real-time enforcement, and explainable logging. By doing so, they can ensure that their AI systems are operating within established boundaries and reduce the risk of unintended consequences.

Building a Culture of Resilience

Building a culture of resilience requires a combination of technical and human elements. It involves designing systems that are not only technically robust but also psychologically resilient. This means understanding how attackers exploit human bias, decision fatigue, and fragile trust in authentication workflows. By acknowledging these dynamics, organizations can develop more effective strategies for building resilience and improving their ability to respond to a crisis.

Leaders also play a critical role in building a culture of resilience. They must be able to convey the importance of resilience to non-technical stakeholders and sustain motivation in the face of ongoing threats. By prioritizing resilience and investing in the necessary tools and training, organizations can reduce their risk of being compromised and improve their ability to operate through disruption.

Operating Through Impact

So where should organizations begin? The first step is to test out-of-band communications and run live-fire tabletops with injected failures. This can help identify vulnerabilities and improve response times. Organizations should also build a nonhuman identity register and gate AI agent activity behind policy-aware controls. By taking these steps, organizations can build the scaffolding they need to continue operating while engineers rebuild and restore systems.

Ultimately, resilience is no longer just an IT problem – it’s an enterprise-wide mandate that requires a combination of technical, human, and strategic elements. By prioritizing resilience and investing in the necessary tools and training, organizations can reduce their risk of being compromised and improve their ability to operate through disruption. The difference between recovery and resilience is the difference between silence and continuity in the middle of a breach.