Cybersecurity resilience is often what decides which enterprises bend and which break. Breaches can surface in the still hours before dawn, when systems falter and choices narrow.
Cyber threats are evolving faster than defenses, with attackers now able to spread across networks in under an hour — and in extreme cases, within a minute. When critical breaches slip past prevention, recovery speed becomes the defining measure of resilience.
This new emphasis on cybersecurity resilience is evident in how enterprises weigh the cost of controls against the risk of disruption. And the consequences of underestimating that balance can be severe, according to David Black (pictured), chief information security officer of SiteOne Landscape Supply Inc.
“In 2020, we were hit by a ransomware attack,” he said. “I recall because I just moved into a new house. For the first three months, I never left the basement because [I had to work on] the incident. And if no one’s ever gone through that, I pray they don’t have to.”
Black spoke with theCUBE’s Dave Vellante and Rebecca Knight at Fal.Con, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed why, when ransomware strikes, cybersecurity resilience must be the first line of defense. (* Disclosure below.)
Cybersecurity resilience and the tough lessons of ransomware
When SiteOne split from Deere and Company, it had to construct its own security framework from scratch. Compliance and operational demands often forced small teams to accept calculated exposure, which later became evident during the 2020 ransomware incident, according to Black.
“Our monitoring had gone off at 2:30 in the morning that some servers tied to our point-of-sale system had gone offline,” he said. “As we started looking at it, we realized this is not a normal outage; this is ransomware.”
The aftermath reshaped SiteOne’s security culture, sharpening employee awareness and discipline. Training and real-world lessons cut failure rates in phishing tests to single digits, according to Black.
“When we first started, we had a 30% failure rate, but after that breach, it was down to below 5% and it stayed there,” he said. “People started to understand how significant this could be.”
Beyond culture, the company restructured defenses with greater emphasis on outside expertise and proactive tabletop exercises. That commitment to resilience now extends to adopting AI-driven defenses, as many enterprises are integrating, while ensuring that threat intelligence informs hiring, training and enterprise-wide security practices, according to Black.
“What I’ve been amazed with is despite the growth and the expansion in products and the acquisitions,” he said. “Everything that they’re doing is just as good as the first thing they did, and that’s not common.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of Fal.Con:
(* Disclosure: TheCUBE is a paid media partner for Fal.Con. Neither CrowdStrike Holdings Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Photo: SiliconANGLE