Why Cyber Resilience Matters in 2025 

In June, hackers breached the Federal Emergency Management Agency (FEMA) and U.S. Customs and Border Protection (CBP), stealing employee data from servers that house information for five southern states and nearly 70 tribal nations. 

According to the Department of Homeland Security (DHS), the initial breach was caused by multiple significant security failures, including an agency-wide lack of multi-factor authentication (MFA). However, the hackers ultimately gained access by exploiting a critical vulnerability in the agency’s virtual desktop infrastructure. 

The specific vulnerability exploited allows attackers to bypass MFA protocols. This demonstrates that while the lack of MFA was a serious, systemic issue, the unpatched software provided a separate, critical, and successful entry point for the attackers. 

As Cybersecurity Awareness Month unfolds, this breach is a stark reminder: cyber resilience, not just cybersecurity, is essential for government and private organizations alike.

What Does “Cyber Strong America” Mean? 

This year’s theme for Cybersecurity Awareness Month is “Building a Cyber Strong America,” which highlights the need to strengthen the country’s infrastructure against cyber threats to ensure resilience and security. 

As a trusted partner to federal agencies and cybersecurity innovators, Yes& is joining its cybersecurity clients in recognizing October as Cybersecurity Awareness Month, as awareness is the single best tool for keeping people and organizations safe from online threats.  

Four simple steps to strengthen your cybersecurity, from the Cybersecurity and Infrastructure Security Agency (CISA):

• Require Multi-Factor Authentication: MFA, also known as two-factor authentication, adds a crucial layer of security beyond just passwords, significantly improving overall account safety. A major reason for data breaches is the lack of MFA agency-wide, with stolen credentials being a top attack method.  

• Update Software: Outdated software can have critical flaws. Promptly install security updates and patches to protect systems from known exploits. 

• Require Strong Passwords: This simple practice blocks criminals from accessing accounts through guessing or automated attacks. Make them mandatory for all users. 

• Protect with Phishing Training: Phishing tricks employees into opening malicious attachments or sharing sensitive information. Train staff to recognize and report suspicious messages. 

Beyond the Basics: Advanced Security Strategies 

While CISA’s essentials are the starting point, organizations must implement additional measures to strengthen security in today’s threat landscape, including: 

Focusing on Risk Prioritization: Instead of chasing every alert, risk prioritization helps secure governments and businesses by focusing resources on the most impactful threats.  

By using tools like Vulnerability Management, Detection, and Response (VMDR) platforms, organizations can gain risk-based insights to target critical vulnerabilities that pose the most direct threat to their unique environment. 

Deploying Secure, Immutable Backups: Organizations should implement secure, immutable backups as a critical defense against ransomware and other malware. Modern ransomware often targets and encrypts backup data, making a simple backup strategy insufficient.  

According to Rubrik Zero Labs, in 74% of successful ransomware attacks, threat actors were able to at least partially compromise backup and recovery systems. A robust strategy combines regular backups with immutability, which involves creating data that cannot be altered or deleted, ensuring a clean copy is always available for reliable recovery. 

From Defense to Resilience 

Cyber resilience should be the goal as it improves traditional cybersecurity by focusing on an organization’s ability to anticipate, withstand, and recover from any cyber incident. Relying solely on prevention is inadequate because it depends on outdated perimeter-based defenses that can’t handle modern, advanced, and persistent threats.  

This has led to a significant shift toward a more resilient approach that assumes breaches are unavoidable and emphasizes detection, response, and recovery. 

The Power of Collective Defense 

Cybersecurity relies on teamwork. The digital safety of government, businesses, healthcare, and education depends on the collective vigilance of all organizations within their networks. Cybersecurity Awareness Month should serve as a reminder to uphold strong security practices and actively help safeguard the nation’s digital environment. 

How To Get Cyber Secure 

Still unsure how to shift from cyber security to cyber resilience? For more information on how Yes& can support your communications in the B2G market, please contact Carmel McDonagh at cmcdonagh@yesandagency.com.