How Do You Turn Cyber Risk Into Business Resilience?

It keeps us up at night. That hidden figure lurking around the corner. Whether it’s shadow AI, insider threats, or gaps in your current security strategy, there’s always something that we can’t shake when it comes to data security. Teams are beginning to understand that defense is no longer enough, and that proactive strategies are essential in order to bounce back quickly when the inevitable attack happens.

Let’s play the best defense we can by playing a little offense.

At last week’s Data Security Summit, attendees found out how to turn risk into resilience and get ahead of today’s threats with the most cutting-edge data protection strategies available. Let’s look back at the week that was…

Staying ahead of the most vicious attacks

If you’ve listened to the hit podcast ‘To Catch a Thief: China’s Rise to Cyber Supremacy,’ you’re already familiar with Nicole Perlroth and her incredible storytelling. The Signal Award-winning podcast explores China’s state-sponsored hackers, from their beginnings as ‘the most polite, mediocre hackers in cyberspace,’ to the ‘apex predator’ that now haunts America’s most critical infrastructure.

Last week, Nicole joined us at Data Security Summit to continue exploring the most dangerous attackers around the world—and they aren’t just stealing data. These modern attackers are exploiting gaps across your identities, cloud, and processes to disrupt your entire business. 

Groups like Scattered Spider prove that prevention alone isn’t enough. This eye-opening keynote session explored why true cyber resilience means protecting your data at every stage: before an attack by reducing risk, during by limiting damage, and after by recovering fast. It’s not just about bouncing back, it’s about staying ahead. Watch the entire opening keynote session here.

Identity is becoming the favorite play for attackers

As these adversaries continue to evolve and improve their tactics, identity has become a favorite vector of attack for good reason. As organizations expand across cloud and SaaS environments, identity sprawl has created an expansive attack surface ripe for exploitation.

Matt Bisceglia was joined by Perdue Farms CISO Kyle Waggoner and Mandiant (part of Google Cloud) Senior Director Nick Bennett to discuss how attackers are now exploiting identity gaps to gain initial access, and then proceeding with stealth toward their ultimate prize: your data. This identity-first approach allows adversaries to operate under the radar of traditional security controls.

Forward-thinking security leaders are reimagining protection by integrating identity and data security. This holistic approach includes continuous credential monitoring, stringent access controls, and unified security models that protect both the entry points and the crown jewels they lead to. Check out the entire conversation here.

Shadow AI, the invisible inside threat

As AI tools become workplace necessities, a new security challenge emerges: Shadow AI. This phenomenon occurs when employees adopt generative AI and automation tools without proper security oversight, creating vulnerabilities equivalent to insider threats.

In this session, Amit Shaked , Berkeley College SVP & CIO Leonard De Botton, and Deloitte Advisory Senior Manager Mohammed Latif, CISSP warn that unauthorized AI usage circumvents traditional security protocols, allowing sensitive data to flow through unmonitored channels. This creates significant data governance challenges that conventional security frameworks aren't designed to address.

The solution? Security leaders must update data governance frameworks to incorporate AI oversight, which means establishing clear policies around AI tool adoption, implementing monitoring for data access patterns, and integrating security controls throughout the AI lifecycle to balance innovation with protection. Watch the full session to find out more.

Security leadership beyond technology

Today's security leaders must evolve beyond technical expertise to embrace strategic vision, risk management, and people leadership. 

This year at Data Security Summit, we were fortunate enough to be joined by Former White House CIO and current CEO of Fortalice Solutions, Theresa Payton ✪ , who joined Zach Deming to talk about how CISOs can balance complex risk landscapes with increasing regulatory pressures.

Theresa and Zach also chat about how artificial intelligence isn't just changing operational workflows, but redefining team dynamics and leadership requirements. The message from this session is clear: adapt or become obsolete. We don’t want to give too much away—you can’t miss this must-watch session.

Lessons in crisis management (and learning to laugh again)

What better setting than New York City for a conversation with comedian Colin Jost, which revealed surprising similarities between live comedy and cybersecurity crisis management. Both domains require resilience, quick thinking, and the ability to improvise under pressure.

Moderated by John Koo , this session explored how professionals in both fields must remain calm when facing unexpected disruptions, whether it’s a joke that falls flat or a breach that spirals out of control. This adaptive mindset transforms potential disasters into opportunities for recovery and growth.

Find out how maintaining perspective and even employing appropriate humor can foster creative problem-solving during high-stress situations by watching the entire closing session.

Hungry for more Cyber Resilience Content?

Check out some of these highly recommended reads from Rubrik here:

👀 Rubrik CEO Bipul Sinha sits down with Scarlet Fu and Norah Mulinda on Bloomberg Businessweek (Watch now)

🏆 Hit podcast 'To Catch A Thief' has been honored with three 2025 Signal Awards! (See the winners)

🎉 Rubrik Named a Leader in IDC Cyber Recovery Marketscape (Read now)

📚 New eBook: Your Cyber Recovery Blueprint (Download for free)

📚 Blog from Rubrik Zero Labs: Unmasking the Invisible: Hunting and Defeating EDR-Evading Threats Like BRICKSTORM (Read now)

📚 Blog by Varun Grover : Rubrik at Dreamforce 2025: Deploy AI Agents with Confidence (and Rewind Agent Mistakes) (Read now)

📚 Blog by Justin Ruiz : Why the Great Backup vs. Snapshot Debate Misses the Point (Read now)

🗞️ Rubrik DSPM named one of CRN ’s 10 Cool New Data Security Products in 2025 (Learn more)

🗓️ Webinar: Banking on Identity with Practical Playbooks for Resilience (Register Now)

🗓️ Webinar: Taming AI Chaos: A Unified Approach to Agent Governance (Register Now)

🗓️ Webinar: Beyond the Breach: Identity Resilience with Jane Frankland (Register Now)

Rubrik, the Security and AI company, operates at the intersection of data protection, cyber resilience, and enterprise AI acceleration. Rubrik Security Cloud is designed to deliver robust cyber resilience and recovery, including identity resilience, to ensure continuous business operations, all on top of secure metadata and data lake

Subscribe to Data Security Digest as your destination for all things cyber resilience.