**Beyond the Spike: Building Resilient Infrastructure in a Sustained Attack Era**

The cybersecurity landscape has undergone a significant shift in recent years. Gone are the days of isolated, catastrophic breaches that make headlines for weeks on end. Instead, we're witnessing a new normal – one where sustained attacks have become the norm. These coordinated campaigns combine volumetric attacks, automated reconnaissance, and application layer abuse over extended periods, pushing even the most robust systems to their limits.

At a recent industry event, I had the opportunity to discuss this trend with senior security leaders from various organizations. What struck me was the collective sense of operational pressure they were experiencing. No single breach or outage defined their challenges; rather, it was the relentless drumbeat of activity that created strain lasting days, sometimes weeks. The consensus among these experts was clear: it's no longer the spike that defines the threat landscape, but the patient persistence demonstrated by cyber attackers.

Recent research has underscored this shift. Attacks are increasingly favoring coordinated campaigns that combine multiple tactics to achieve their objectives. Global geo-political tensions only contribute to further instability on attack surfaces. This new reality has profound implications for both technical architecture and governance, with regulators closely watching how organizations manage these incidents.

**The New Normal: Sustained Cyber Pressure**

DDoS attacks are once again pushing into multi-terabit territory, fueled by sophisticated botnets and globally distributed infrastructure. However, bandwidth alone does not define the modern threat. Campaigns now layer volumetric traffic with slower, more targeted techniques such as API abuse, credential stuffing, and automated endpoint probing. Even when peak traffic subsides, low-level reconnaissance often continues – the objective is not simply disruption but discovery.

Mitigating a spike over several hours can be manageable, but sustaining defensive posture over days introduces operational fatigue and increases the likelihood of oversight. Systems designed for burst tolerance can struggle under prolonged load. In this context, regulators are watching how organizations manage these incidents closely. Under the EU's Digital Operational Resilience Act (DORA), institutions need to demonstrate the ability to withstand severe but plausible disruption and continue operating critical services.

**The Importance of DNS in Sustained Attacks**

In addition to DDoS mitigation, DNS infrastructure plays a critical role in sustained attacks. DNS is often overlooked as an operational control layer, but it's essential for routing requests accurately and reliably. Recent outages have highlighted the importance of DNS, with many experiencing volumetric query floods, random subdomain attacks designed to bypass validation, and malformed request patterns intended to degrade resolver performance.

Moreover, DNS tunnelling techniques enable command and control traffic to blend with legitimate queries. If DNS latency rises or authoritative servers become unstable, the consequences are immediate – applications fail to resolve endpoints, authentication services stall, and cloud platforms become inaccessible.

**The Trust Layer: PKI Modernization**

Availability is only one dimension of resilience; integrity and trust sit alongside it. DNS operates in unison with public key infrastructure (PKI). Certificates authenticate services, enable encrypted sessions, and underpin digital identity. If certificates expire unexpectedly, keys are poorly governed, or cryptographic standards become outdated, services fail, and trust erodes.

As infrastructure becomes more distributed and workloads more ephemeral, certificate volumes grow rapidly. Manual lifecycle processes that once sufficed can become hidden single points of failure. A mismanaged certificate can create an outage indistinguishable from a denial-of-service event. Modernizing PKI is therefore not just about efficiency – it's about cryptographic agility, automated certificate lifecycle management, and clear visibility into trust dependencies.

**Conclusion: Building Resilient Infrastructure for the Sustained Attack Era**

The era of short-lived cyber incidents is fading, replaced by a landscape defined by coordination, persistence, and scale. Staying online is essential, but staying trusted is non-negotiable. Building infrastructure that can do both – even when pressure does not subside – is fast becoming the defining challenge of digital resilience.

As regulators increasingly focus on systemic risk and third-party dependencies, DNS resilience becomes more than a technical concern; it's a foundational component of operational continuity. Boards and regulators are no longer asking whether attacks can be prevented entirely; they're asking whether critical services can remain available, secure, and trusted under continuous strain.

This requires executive ownership of resilience, clarity around impact tolerances, and investment in the infrastructure that underpins both availability and integrity. The challenge ahead is clear: building resilient infrastructure for a sustained attack era demands a collective effort from cybersecurity leaders, executives, and regulators alike.