**Beyond the Spike: Building Resilient Infrastructure in an Era of Sustained Attacks**

The cyber threat landscape has undergone a significant shift in recent years. Gone are the days of singular, catastrophic breaches that make headlines worldwide. Instead, we're seeing a new normal: sustained operational pressure from coordinated campaigns that combine volumetric attacks, automated reconnaissance, and application layer abuse over extended periods.

A recent industry event brought together senior security leaders who shared a common concern – the steady drumbeat of activity that creates strain on organizations' defenses. Distributed denial-of-service (DDoS) traffic at the network edge, elevated DNS query volumes, persistent threats targeting authentication flows and APIs, and more – all contribute to the operational fatigue that can lead to oversight.

**The New Normal: Sustained Attacks**

Recent research has made it clear that attackers are favoring coordinated campaigns over isolated incidents. Global geo-political tensions contribute to further instability on attack surfaces. The implications of this shift are profound, affecting not only technical architecture but also governance and regulatory accountability.

DDoS attacks have pushed into multi-terabit territory, fueled by sophisticated botnets and globally distributed infrastructure. However, bandwidth alone does not define the modern threat. Campaigns now layer volumetric traffic with slower, more targeted techniques such as API abuse, credential stuffing, and automated endpoint probing.

Even when peak traffic subsides, low-level reconnaissance often continues, with the objective of discovery rather than disruption. Mitigating a spike over several hours is manageable, but sustaining defensive posture over days introduces operational fatigue and increases the likelihood of oversight.

**Regulatory Expectations: Sustained Resilience**

Regulators are watching how organizations manage these incidents closely. The EU's Digital Operational Resilience Act (DORA) requires institutions to demonstrate the ability to withstand severe but plausible disruption and continue operating critical services.

The UK's operational resilience frameworks require firms to identify important business services and prove they can remain within impact tolerances under stress. NIS2 extends accountability across essential and important entities, raising expectations around risk management and incident handling.

**A Broader Resilience Model**

In response to sustained cyber pressure, security leaders must shift their focus from incident response to sustained resilience. DDoS defense is no longer a perimeter control measure alone but the first layer of a broader resilience model.

Absorbing traffic is only part of the equation; requests still need to be routed accurately and reliably. That makes DNS a critical operational control layer, often forgotten in favor of more prominent security concerns. Recent outages have highlighted the importance of DNS infrastructure under adversarial query patterns.

**DNS Resilience: A Foundational Component**

From a customer perspective, the distinction between attack-driven disruption and infrastructure fragility is irrelevant. Yet DNS is still often architected for availability in normal conditions rather than performance under adversarial stress.

As regulators focus on systemic risk and third-party dependencies, DNS resilience becomes more than a technical concern – it's a foundational component of operational continuity. Reputations suffer alongside revenue loss and monetary fines when outages occur.

**Integrity and Trust: The Missing Dimension**

Availability is only one dimension of resilience; integrity and trust sit alongside it. DNS operates in unison with public key infrastructure (PKI). Certificates authenticate services, enable encrypted sessions, and underpin digital identity.

If certificates expire unexpectedly or keys are poorly governed, services fail, and trust erodes. Modernizing PKI is not just about efficiency – it's about cryptographic agility, automated certificate lifecycle management, and clear visibility into trust dependencies.

**The Trust Layer: Robustness Under Sustained Pressure**

Each component – DDoS mitigation, DNS infrastructure, and PKI – depends on the other. Cyber security leaders should treat multi-terabit DDoS attacks as credible baseline scenarios, testing DNS infrastructure for behavior under adversarial query patterns and assessing certificate and key management processes with the same rigor as network controls.

**Executive Ownership: The Key to Sustained Resilience**

Boards and regulators are no longer asking whether attacks can be prevented entirely. They're asking whether critical services can remain available, secure, and trusted under continuous strain. That requires executive ownership of resilience, clarity around impact tolerances, and investment in infrastructure that underpins both availability and integrity.

The era of the short-lived cyber incident is fading; a landscape defined by coordination, persistence, and scale has emerged. Staying online is essential, but staying trusted is non-negotiable. Building infrastructure that can do both, even when the pressure does not subside, is fast becoming the defining challenge of digital resilience.

**Conclusion**

In conclusion, building resilient infrastructure in an era of sustained attacks requires a broader understanding of the threat landscape and its implications on governance and regulatory accountability. Organizations must shift their focus from incident response to sustained resilience, investing in DDoS mitigation, DNS infrastructure, PKI modernization, and executive ownership of resilience.

The views expressed in this article are those of Lakshmi Hanspal, Global Chief Security Officer at Box.