Beyond the spike: building resilient and trusted infrastructure in an era of sustained attacks | Tech Radar

Overview

News, deals, reviews, guides and more on the newest smartphones

News, deals, reviews, guides and more on the newest computing gadgets

Details

Start exploring exclusive deals, expert advice and more

Unlock and manage exclusive Techradar member rewards.

Beyond the spike: building resilient and trusted infrastructure in an era of sustained attacks

Patient persistence, not spikes, shapes today’s threat landscape

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Unlock instant access to exclusive member features.

Get full access to premium articles, exclusive features and a growing list of member rewards.

At a recent industry event, I spent time with a group of senior security leaders reflecting on the year just gone. What stood out was not discussion of a single headline incident, but a shared sense of sustained operational pressure.

There was no defining breach. No singular outage. Instead, there was a steady drumbeat of activity: distributed denial of service traffic at the network edge, elevated DNS query volumes, persistent threats targeting authentication flows and APIs. None of it catastrophic in isolation.

But together it created strain that lasted days, sometimes weeks.

Authentication in 2026 - moving beyond foundational MFA to tackle the new era of attacks

AI powers innovation – but it’s also powering the next wave of cyber attacks

The consensus from that group became clear, that it is no longer the spike that defines the threat landscape, but the patient persistence that cyber criminals now demonstrate.

Recent research has made it clear that attackers are favoring coordinated campaigns that combine volumetric attacks, automated reconnaissance and application layer abuse over extended periods. Global geo-political tensions contribute to further instability on attack surfaces.

That shift has profound implications not just for technical architecture, but for governance and regulatory accountability.

DDo S attacks are again pushing into multi terabit territory, fueled by sophisticated botnets and globally distributed infrastructure. However, bandwidth alone does not define the modern threat.

Campaigns now layer volumetric traffic with slower, more targeted techniques such as API abuse, credential stuffing, and automated endpoint probing. Even when peak traffic subsides, low level reconnaissance often continues.

The objective is not simply disruption, but discovery. Mitigating a spike over several hours is manageable. Sustaining defensive posture over days introduces operational fatigue and increases the likelihood of oversight. Systems designed for burst tolerance can struggle under prolonged load.

In addition, regulators are watching how organizations manage these incidents closely. Under the EU’s Digital Operational Resilience Act (DORA), institutions need to demonstrate the ability to withstand severe but plausible disruption and continue operating critical services.

When confidence becomes a risk: The gap between cyber resilience readiness and reality

The rise of the cyber hacker - does clout matter more than cash?

British businesses still aren’t bouncing back from cyberattacks – here’s how to tackle the problem

NIS2 extends accountability across essential and important entities, raising expectations around risk management and incident handling. And, in the UK, operational resilience frameworks require firms to identify important business services and prove they can remain within impact tolerances under stress.

Therefore, the emphasis for CISOs and security professionals is shifting from incident response to sustained resilience. In that sense, DDo S defense is no longer a perimeter control measure alone, instead it is the first layer of a broader resilience model.

Absorbing traffic is only part of the equation. Requests still need to be routed accurately and reliably. That makes DNS a critical operational control layer, and one area that is often forgotten. Recent outages however have brought the importance of DNS to the forefront of our minds.

In Q4, we saw a marked increase in sustained pressure on DNS infrastructure globally. This includes volumetric query floods, random subdomain attacks designed to bypass validation, and malformed request patterns intended to degrade resolver performance.

At the same time, DNS tunnelling techniques enable command and control traffic to blend with legitimate queries.

If DNS latency rises or authoritative servers become unstable, the consequences are immediate. Applications fail to resolve endpoints and authentication services stall. Cloud platforms become inaccessible. From a customer perspective, the distinction between attack driven disruption and infrastructure fragility is irrelevant.

Yet DNS is still often architected for availability in normal conditions, rather than performance under adversarial stress.

As regulators in both the UK and EU increasingly focus on systemic risk and third-party dependencies, DNS resilience becomes more than a technical concern. It is a foundational component of operational continuity.

Also, we must not forget about the consumers that many organizations serve. If outages occur, and access to everyday services goes down, reputations suffer as well as the loss of revenue, combined with monetary fines.

Availability, however, is only one dimension of resilience because integrity and trust sit alongside it. DNS operates in unison with public key infrastructure.

Certificates authenticate services, enable encrypted sessions, and underpin digital identity. If certificates expire unexpectedly, keys are poorly governed, or cryptographic standards become outdated, services fail and trust erodes.

As infrastructure becomes more distributed and workloads more ephemeral, certificate volumes grow rapidly. Manual lifecycle processes that once sufficed can become hidden single points of failure. A mismanaged certificate can create an outage indistinguishable from a denial-of-service event.

Modernizing PKI is therefore not simply about efficiency. It is about cryptographic agility, automated certificate lifecycle management and clear visibility into trust dependencies.

It ensures that as infrastructure scales and threats evolve, the trust layer remains robust. If DDo S mitigation provides the resilience layer, DNS provides the routing layer. PKI provides the trust layer. Each depends on the other.

Now that sustained cyber pressure is a structural feature of the digital economy, cyber security leaders should treat multi terabit DDo S attacks as credible baseline scenarios.

DNS infrastructure should be tested for behavior under adversarial query patterns. Certificate and key management processes should be assessed with the same rigor as network controls.

Boards and regulators are no longer asking whether attacks can be prevented entirely. They are asking whether critical services can remain available, secure, and trusted under continuous strain.

That requires executive ownership of resilience, clarity around impact tolerances, and investment in the infrastructure that underpins both availability and integrity.

The era of the short-lived cyber incident is fading. In its place is a landscape defined by coordination, persistence and scale. Staying online is essential, and staying trusted is non-negotiable. Building infrastructure that can do both, even when the pressure does not subside, is fast becoming the defining challenge of digital resilience.

This article was produced as part of Tech Radar Pro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of Tech Radar Pro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Lakshmi Hanspal is the Global Chief Security Officer at Box. She is responsible for corporate, physical and cyber security of Box’s footprint, including data protection and privacy.

You must confirm your public display name before commenting

1 Gamer reportedly buys Nvidia RTX 5060 Ti GPU for $80 from Walmart

2 Elegoo Saturn 4 Ultra gets a huge price cut for Easter

3 Nym VPN's latest update brings crucial anti-censorship and usability boost

4 Forget Amazon — here are 3 gaming laptop deals from Walmart's rival sale that have the rest beat

5 Chris Pratt's AI film flop is Prime Video's most-watched movie this week

Tech Radar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.

Key Takeaways

• News, deals, reviews, guides and more on the newest smartphones
• News, deals, reviews, guides and more on the newest computing gadgets
• Start exploring exclusive deals, expert advice and more
• Unlock and manage exclusive Techradar member rewards

• Beyond the spike: building resilient and trusted infrastructure in an era of sustained attacks