By the end of 2024, Amazon is poised to detect approximately 750 million cyber threats or intrusion attempts daily, a significant rise from 100 million noted just six or seven months ago. This alarming statistic was reported in a Wall Street Journal interview with CJ Moses, Amazon’s Chief Information Security Officer. Moses, who has previously led security operations for Amazon Web Services (AWS) and has an extensive background in investigating cybercrime, emphasizes a growing concern among security professionals: the acceleration of AI technology is increasing vulnerabilities and expanding the attack surface for security teams.

In today’s security landscape, the risks extend far beyond conventional challenges such as Distributed Denial of Service (DDoS) attacks or misconfigured Amazon S3 buckets. Modern threats include the sabotage of crucial undersea cables, breaches of identity systems, and disruptions to critical infrastructure driven by geopolitical motives. This marks the advent of a new era characterized by hybrid warfare—an evolving domain where cyber and physical attacks interweave with disinformation and economic strategies aimed at destabilization.

Critically, this form of warfare is not just a theoretical concern; it’s a pressing reality that requires attention not only from governments but also from the private sector. The repercussions of these threats are reshaping how leaders in corporate security strategize for resilience. Security teams must now prepare for scenarios where essential cloud services may become unavailable.

The Physical Backbone as a Target

Hybrid warfare is a complex blend of essential elements, combining cyber strikes, physical sabotage, and economic coercion to disrupt and destabilize targeted entities. This emerging paradigm places a spotlight on the very infrastructure that supports cloud services. In recent months, several high-profile incidents have highlighted this vulnerability:

1. Flax Typhoon (2025): This campaign infected over 260,000 internet-connected devices worldwide, firmly establishing itself across the cloud’s edge.
2. Sabotage of Undersea Cables: Recent incidents involving undersea cables between Estonia, Finland, and Sweden, allegedly linked to Russian operatives, showcased how physical infrastructure remains susceptible to vulnerabilities.
3. Volt Typhoon Infiltration (2022-2023): This China-backed initiative compromised U.S. critical infrastructure by taking advantage of Microsoft identity systems and various cloud management tools.
4. SolarWinds Supply-Chain Attack (2020-2021): This notorious breach involved inserting malicious code via software updates, affecting thousands of organizations—including government agencies—exposing the substantial risks associated with trusted management tools.
5. State-Sponsored Espionage Campaigns: These activities aim not only to disrupt operations but also to covertly gather intelligence, undermine trust, and weaken vital networks, creating long-lasting impacts on cybersecurity.

The Limits of Cloud Resilience

Many organizations harbor the misconception that cloud solutions are inherently robust due to their geographic redundancy. However, the reality is more complicated. Most backup strategies remain heavily reliant on major providers like AWS, Azure, and Google Cloud Platform (GCP). Consequently, a company’s backups are stored in the cloud, often beyond its direct control.

In scenarios where cables are severed or DNS services are targeted, even failover systems that span multiple regions can fail to deliver. Identity federations may collapse, Software as a Service (SaaS) logins might be inaccessible, and crucial backups could become unreachable. The end result is a disconcerting scenario where teams find themselves unable to recover essential business data.

The Importance of Sovereign, Isolated Storage

Amidst these challenges, sovereign backup providers present a viable solution. By ensuring local data storage, these providers minimize dependency on cloud systems and eliminate cross-border data replication issues, allowing quicker access to mission-critical data even in adverse situations. This capability ensures that, even during DNS failures or cloud access disruptions, organizations retain local availability.

In addition to operational benefits, such strategies align with regulatory demands. Under the Digital Operational Resilience Act (DORA) and the NIS2 directive, organizations in critical sectors are mandated to demonstrate their capability to recover from disruptions with minimal reliance on external connectivity.

Rethinking Resilience: From Disaster Recovery to Operational Continuity

Security considerations have evolved to prioritize continuity over mere disaster recovery. While the latter can often be viewed as flipping a switch, true resilience involves a thorough, phased approach that addresses human, operational, and communication factors. As a best practice, organizations are encouraged to transition from bulk restoration toward object-based recovery, focusing on:

1. The restoration of the most critical user accounts, mailboxes, and access controls first.
2. The recovery of essential communication and coordination systems.
3. The safeguarding of audit trails and compliance logs to ensure regulatory obligations are met.

When access to cloud-native tools such as Microsoft 365, Google Workspace, or Salesforce becomes tenuous, local access to the right data can differentiate between prolonged downtime and sustained operational activity.

Building a Resilience Plan for Hybrid Warfare

Security teams are encouraged to regularly simulate conditions where cloud services may be unavailable. Steps for crafting a robust hybrid warfare resilience plan include:

1. Inventory Mission-Critical Data: Understanding the core elements needed for operation, communication, and recovery is vital for effective prioritization.
2. Identify Infrastructure Dependencies: A thorough understanding of hosted systems, federated systems, and those dependent on cloud storage is crucial.
3. Map Geopolitical Exposure: Awareness of the countries housing data providers and the geographical paths trafficked are essential in assessing risk.
4. Simulate No-Cloud Conditions: Engaging in exercises to understand the impacts of identity federation failures and DNS resolvability is indispensable.
5. Test Local Recovery: Conducting drills without cloud access will help organizations evaluate their recovery processes for effectiveness and efficiency.

In a landscape where threats are increasingly sophisticated and interconnected, organizations that have yet to strategize for potential cloud disruptions must take proactive steps. Ultimately, the evaluation of resilience is less about how quickly systems can be restored and more about sustaining operations when traditional infrastructure fails.

Source link