© Dell
October marks European Cybersecurity Month, an initiative that raises awareness of increasing cyber threats and encourages organisations and employees worldwide to strengthen their digital security. Dell is actively participating in this month by informing organisations about the latest threats and providing practical tips to increase their resilience against cyber attacks.
The threat landscape is in a new era, characterised by speed, complexity and the deployment of Artificial Intelligence (AI). Threat actors are using AI to amplify different types of attacks, from ransomware and zero-day exploits to Distributed Denial of Service (DDoS). It is also making sophisticated spear-phishing attacks increasingly difficult to spot, often rendering traditional security measures inadequate.
In this context, awareness within organisations is becoming more important than ever. Employees are often the first line of defence and need to be able to recognise threats that are looking increasingly credible thanks to AI. To keep pace with these rapidly evolving threats, organisations need to rethink their cybersecurity strategies and adopt proactive, intelligent and resilient approaches. Dell therefore shares five ways in which organisations can strengthen their cyber resilience in this new era.
Five strategies to stay resilient against cyber threats
1. Adopt a zero trust approach
As threat actors use AI to explore systems, steal credentials and adapt attack techniques, traditional, perimeter-based defences fall short. Organisations would therefore do well to adopt a zero trust approach, based on the principle 'never trust, always verify'. This principle assumes that threats can come from both outside and inside the network, and that no user, device or application is automatically trusted. Therefore, the National Cyber Security Centre (NCSC) advises organisations to implement a Zero Trust model; this protects better against cyber attacks than the traditional 'castle model', which assumes that the inside of the network is secure.
Implementing zero trust helps mitigate risks by continuously verifying every access request and applying strict authentication processes. Role-based access control (RBAC) allows organisations to regulate access to sensitive systems. In addition, network segmentation helps limit the impact of any attack.
Zero trust is more than a philosophy, it is an integrated and adaptive strategy for identity and access management. Organisations applying zero trust not only reduce their attack surface, but also strengthen their ability to detect, respond to and contain threats.
2. Reduce the attack surface
In an environment where AI-driven attackers are constantly looking for vulnerabilities, reducing the attack surface is a crucial line of defence. Every exposed endpoint, unsecured API or overlooked vulnerability in the supply chain presents an opportunity for attackers to penetrate systems. They can install malware and steal sensitive data.
To mitigate these risks, organisations must first map their attack surface and associated vulnerabilities. Then, a layered defence strategy is needed, focused on securing entry points and minimising exposure. This includes strong authentication, encryption of data, regular vulnerability testing and active monitoring of endpoints. In addition, keeping systems up-to-date and hardening devices further reduces the likelihood of successful attacks. By reducing the attack surface, organisations make themselves harder to hit and the likelihood of a successful attack decreases significantly. An additional way to reduce vulnerabilities is to use external services such as Digital Trust Center, which helps organisations test APIs and keep them secure.
3. Detect and respond to threats continuously
The pace and complexity of statewide cyber campaigns are increasing, according to the NCTV. To effectively combat AI-enhanced attacks that exploit vulnerabilities, mimic legitimate behaviour and bypass traditional tools, a combination of advanced threat detection and rapid response is essential.
Modern detection and response systems process large amounts of operational data to identify risks and automatically trigger appropriate countermeasures. Thanks to AI and machine learning, these systems learn to recognise behavioural patterns, detect anomalies and respond to threats in real time. Thus, the AI-driven threat intelligence system continuously becomes smarter and more effective in identifying and neutralising attacks.
Organisations that need support in scaling up their detection and response capabilities can outsource these functions to a trusted partner. This provides 24/7 monitoring, faster response times and reduces pressure on internal security teams.
4. Establish an incident response and recovery plan
As many as one in five organisations face a cyber incident every year, according to NCTV. It is therefore important to draw up an incident response and recovery plan. Although prevention is usually the first step in a cybersecurity strategy, organisations should assume that an attack is inevitable. An effective strategy combines prevention with a clearly defined response and recovery plan.
It is therefore important that organisations create an Incident Response & Recovery (IRR) plan and practice regularly. The plan describes how incidents are detected, mitigated, communicated and recovered. Roles and responsibilities, internal and external contacts, communication structures and regular testing are part of the plan. Pre-approved messaging templates and routine updates are essential to maintain operational continuity during a crisis.
Backing up critical data and applications offline or separately protects against ransomware and provides a recovery option in case of compromise. By anticipating disruptions and establishing a cyber recovery strategy, organisations can restore critical functions with resilience, speed and confidence.
5. Increase awareness among employees
Employees are the first line of defence against cyber threats. Yet 1 in 5 small SMEs still do not take any action. This is according to Alert Online 2025, the annual survey on cyber awareness commissioned by the Ministry of Economic Affairs. Organisations can strengthen them by deploying continuous awareness programmes and realistic attack simulations. By mimicking AI-specific threats such as advanced phishing and deepfakes, employees learn to recognise more quickly what is suspicious and respond appropriately to new tactics by attackers.
Solid programmes combine ongoing education, open communication, realistic simulations and a culture of shared responsibility. The goal is a well-informed workforce that can recognise traditional as well as AI-enhanced attacks.
As threat actors deploy AI for increasingly complex attacks, organisations must respond with the same keenness and foresight. Traditional defences alone no longer suffice. A modern cybersecurity strategy requires a proactive, layered approach that seamlessly combines advanced technologies, incident response plans and vigilant personnel.
By applying these strategies, organisations can transform their cybersecurity posture from reactive to resilient. The aim is not only to resist attacks, but also to be stronger, more agile and better prepared for tomorrow's ever-changing threat landscape.
More information