Q&A: Fireside Chat with Rekha Shenoy on Cyber Resilience in 2025

Originally shared on March 27, 2025, by ITProToday, Information Week Virtual Event and edited for length and clarity.

This event focused on cyber resilience in 2025 and explored strategies for maintaining business continuity. BackBox CEO, Rekha Shenoy, addressed this challenge during a fireside chat, highlighting that cyber resilience necessitates a more continuous approach to remediation. She emphasized that this approach should minimize reliance on manual work, establish a universal view for cloud and on-prem systems, and leverage opportunities to implement automation.

Q: Given the complexity of compliance and regulatory frameworks, what practical steps can organizations take to monitor compliance while continuously minimizing disruptions to daily operations?

A: When considering business availability, cyber resilience, and compliance, I prioritize asset lifecycle management. At Backbox, we focus on networks, but these principles are universal. First, understand your assets and establish a reliable enterprise-grade backup and recovery solution. This preparation is crucial for facing potential challenges ahead.

Implementing effective asset lifecycle management allows for a return to a trusted state if changes occur. This includes onboarding and offboarding devices, managing their end-of-life, patching, upgrading, and backing up data. Such a foundation provides confidence in navigating changes related to compliance and adjusting to operational disruptions.

Asset lifecycle management starts with a reliable source of truth that holds information about your assets, including their configuration and compliance status. This foundation enables continuous monitoring for any changes, including internal updates or new vulnerabilities. By managing this within one system, you create an efficient solution that supports business operations while addressing compliance needs as a byproduct, freeing you from additional efforts during your personal time.

Q: You emphasized the significance of maintaining a single source of truth for all network assets. How can organizations guarantee complete visibility over their network infrastructure, particularly when utilizing cloud and on-premises services?

A: In that world, cloud equals complexity—not due to its potential as a better solution, but because it coexists with on-prem technology, enabling remote work and supporting business infrastructure.

You now face the challenge of managing too many tools—cloud services, security posture, applications, and data security plans. Meanwhile, the crucial network infrastructure that supports it all often gets overlooked.

We recommend establishing a unified view or single pane of glass for cloud and on-prem systems to enhance visibility and compliance. This approach addresses the challenge of achieving comprehensive visibility.

Q: Cyber attacks are becoming more frequent today as technology continues to evolve and digital transformations continue to take place globally. How do you see automation helping organizations stay ahead of network security threats?

A: Leading enterprises are now thinking differently about security. Two decades ago, it was commonly believed that if you didn’t know you had been hacked, you weren’t aware of it. Since then, numerous monitoring tools have emerged, but the fundamental issue remains: the real problem isn’t just whether you’ve been hacked.

Leading enterprises view the current situation as experiencing multiple hacking attempts daily or within an hour. The predominant focus today revolves around cyber resilience, raising questions such as:

• How can we recover faster?
• How can we ensure availability?
• How can we uphold SLAs despite ongoing threats and the rapid pace of attacks?

It’s evident that this challenge has intensified, especially with the rise of AI, which enhances capabilities on the hacker side while also providing an opportunity to improve solutions. Ultimately, the focus remains on cyber resilience. Here, we realize that the crucial missing element isn’t merely another monitoring tool, but rather a tool that automates resolution processes. When a change occurs, we must assess:

• Is this change acceptable?
• Can I restore to a known and trusted state, perhaps through an automated recovery solution?

Whether it’s an automated configuration update that asks, “Why was SSH turned off?” Turn it back on, whatever those little things are. These issues are still confined to the old world of manual labor that could be automated in a manner that businesses trust, providing integration into standard workflows so that you can see them. For those automations that succeed, you’ve got that covered and you only need to focus on the two or three that fail. You now have a ticket that enables you to address it. This represents a massive improvement in reducing the dependency on manual labor needed to remediate, mitigate, and solve problems.

Companies are seeking better solutions, and automation plays a key role. How can organizations prioritize and manage critical risks from thousands of vulnerabilities without becoming overwhelmed?

Many companies receive vulnerability reports but struggle to prioritize and address them. The responsibility often falls on infrastructure managers, who are left with stacks of reports. This isn’t a lack of vulnerability management tools; rather, it’s due to insufficient focus on the vulnerabilities after the reports arrive. The real work starts when these reports land, highlighting network engineers’ challenges.

A network engineer reviews a long list of devices, checking vendor websites for firmware updates to assess risks. They face the challenge of prioritizing numerous issues, often with multiple high-risk items. Upon further investigation, a specific firmware vulnerability is discovered, revealing active exploitation, automation, and proof of concept, raising concerns since this device operates at the edge.

Therefore, it’s crucial to achieve a level of fidelity regarding how this vulnerability report relates to my infrastructure. This involves immense amounts of work and countless hours with the infrastructure owner. That’s where the opportunity lies to simplify processes and deliver something truly valuable.

The world has become more challenging, highlighted by last year’s 40,000 published vulnerabilities. Despite this vast number, only about 1% were actively exploited through automated methods, with hackers quickly leveraging these exploits within hours or days of publication.

Customers want to understand and address the 1% of issues that greatly impact their business. However, uncovering this information often takes months; by then, fixes may already be available but not deployed, leading to a lack of confidence among companies. Companies focus on servers, databases, and applications, while the exploited 1% is often found within the network infrastructure at the edge, which is a more vulnerable target.

We often overlook the network infrastructure, making it difficult to identify the 1% within it. This is where we leave our customers, and the opportunity for implementing automation here is significant.

Q: Could you discuss which emerging technologies are influencing the future of cyber resilience?

A: Emerging technologies, particularly AI, are empowering enterprises to accomplish more with less. While AI is often seen on the hacker side, its role on the vendor side should become the norm. Consider AI as either Agent AI or Gen AI, offering pragmatic solutions that reduce the need for human intervention. For instance, AI can leverage large language models (LLMs) to analyze large volumes of text efficiently.

Vendor websites often require experts to solve complex problems, involving significant manual effort. AI can automate and streamline these tasks. The challenge is knowing where to start. A reliable automated asset lifecycle management system is essential for effective implementation.

You can trust automation solutions, knowing you have reliable backup and recovery to restore a stable state if needed. This allows you to explore cutting-edge technologies, ensuring they fit your infrastructure while maintaining availability, uptime, and responsiveness to the business.

Q: What would be the first step in building a robust and adaptable cyber security resilience framework?

A: To be resilient, it’s essential first to understand what resilience is. Therefore, I recommend starting with asset discovery, asset management, and asset lifecycle management. This aspect is often overlooked when we rush into monitoring and compliance. It’s crucial to realize the power of having a comprehensive view, a single source of truth for assets. This advantage cannot be underestimated, as readily available information consistently benefits a cyber resilience program.