Rethinking cybersecurity in government: Prioritizing recovery and resilience

The relentless march of cyber threats in government IT continues to challenge even the most fortified systems. As federal agencies pour billions into cybersecurity each year, they would expect to see a proportional decrease in successful attacks. Yet the contrary is true: cyber incidents are rising. Why is this happening, and what needs to change? It’s time to shift the conversation from an obsession with prevention to a strategic focus on cyber recovery.

The stark reality is that traditional cybersecurity strategies centered on preventing attacks are insufficient. While agencies implement comprehensive security infrastructures, reinforcing their networks with tools and techniques to block threats, they need to think beyond stopping breaches and more about recovering from them.

It’s important to remember that while defenders must be right 100% of the time, attackers only need to be right once. This insight encapsulates the asymmetry of the threat landscape. Cyberattacks are now so sophisticated and persistent that they often breach even the most robust defenses. The inevitability of a breach has led to the rise of the zero-trust architecture, a security model that assumes attackers will get in at some point. The critical question for government IT professionals is not whether they can prevent an attack but how quickly they can recover from one.

The limitations of attack prevention

Government agencies spend tens of millions of dollars each year to harden their systems, from the network perimeter to individual endpoints. However, despite this investment, high-profile cyberattacks continue to make headlines.

A significant issue is that cybersecurity budgets are overwhelmingly allocated toward prevention efforts, leaving recovery as an afterthought. This imbalance needs to be addressed urgently. The focus must shift from merely building stronger defenses to ensuring a rapid and comprehensive recovery process when, not if, an attack occurs.

The reality of cyber recovery challenges

Agencies must remember that over 90% of cyberattacks now target backup systems, and those attacks are successful in more than 70% of cases. These numbers underscore the critical importance of cyber recovery planning. If a government agency’s backups are compromised—either deleted, encrypted or corrupted—how can it quickly recover its mission-critical data and systems?

The consequences of failing to prioritize recovery are stark. For example, after suffering a cyberattack, one public sector organization reintroduced malware into its systems during the recovery process because the attackers had embedded malicious code in the backups. The recovery took over 100 days, during which time essential services were unavailable. This should serve as a wake-up call to every government IT leader: a slow or ineffective recovery is as damaging as the attack itself.

The path forward: Investing in cyber recovery

To address these challenges, agencies must acknowledge that their backup and recovery infrastructures need to be updated. Many of these systems were designed 20 or 30 years ago, at a time when the primary threats were natural disasters or human error, not sophisticated cyberattacks.

One of the key innovations in this space is integrating backup software with storage platforms that include built-in cybersecurity features. Rubrik, for example, has developed Rubrik Security Cloud – Government, — which recently received FedRAMP authorization at the Moderate Impact Level — and is fully hardened with native immutability; is logically air-gapped and not discoverable on the network; and has a full suite of zero trust features such has MFA, TOTP and quorum authorization for any policy changes. This “bunker-in-a-box” solution combines backup software and storage in a single platform protected by multi-factor authentication and other stringent security measures.

The future of cybersecurity lies in this kind of innovation. By integrating backup systems with real-time data scanning and threat detection, agencies can ensure that their backups are available and free from malware. This approach enables faster recovery times and minimizes the risk of reinfecting systems during the recovery process.

Tool consolidation: Reducing costs and complexity

In addition to enhancing security, focusing on cyber recovery can also lead to significant cost savings for government agencies. Many organizations use multiple backup solutions for workloads, resulting in tool sprawl, increased complexity, and higher costs. By consolidating these tools into a single platform, agencies can reduce their cybersecurity spending while improving their ability to recover from an attack. Additionally, many of Rubrik’s clients have seen immediate reductions in cloud spending — sometimes by 30% to 40% — when they switch to an integrated solution. This is done by Rubrik tools empowering customers to control retention time and storage tiering and only taking incremental backups (versus full) once the first full backup is taken.

The path forward is clear: It’s time to prioritize cyber recovery and make it a central component of every government agency’s cybersecurity strategy. The stakes are too high to do otherwise.

Learn more about how Rubrik can help federal agencies keep data readily available, monitor data risks and exposures and restore impacted data — from a single platform.