Cyber Security
Phil Lewis, SVP – Market Strategy & Development, On Why 2025 Marks The Turning Point For Cyber Resilience On Why 2025 Marks The Turning Point For Cyber Resilience
Share
Overview
Here is a brief introduction to Phil:
Phil Lewis is the Senior Vice President of Market Strategy and Development at Titania, where he leads global initiatives around network readiness, resilience, and recovery technologies. With a background spanning Deloitte, telecoms, and law enforcement cybersecurity, Phil brings over two decades of experience in strategic risk management. He is a trusted voice on how enterprises can transition from reactive defense to resilience-first strategies in the face of evolving cyber threats.
Lewis points to real-world examples such as the Salt Typhoon campaign, which infiltrated networks across 80 countries, to illustrate how attackers now “live off the land,” exploiting unmonitored routers and flat networks to move undetected for months. He emphasizes that network segmentation has become “the single most practical line of containment,” urging organizations to design segmentation by mission criticality and validate it continuously through automation.
Read the Q&A to know more.
TD Editor: Cyber resilience has become a buzzword in boardrooms, but you’ve argued that 2025 is the year resilience finally eclipses reaction. What makes this shift inevitable, and why now?
Phil Lewis: Because the threat landscape, and expectation, has shifted. We've moved into an era of sustained, state-sponsored cyber campaigns that are slower, more intelligent, and more insidiously embedded than ever before. Recent Salt Typhoon advisories from the FBI, NSA, and allied agencies underscore that this was a year-long effort, targeting high-value networks in more than 80 countries, utilizing routers as points of entry and persistence layers within critical infrastructure.year-long effort, targeting high-value networks in more than 80 countries, employing routers as points of entry and persistence layers inside critical infrastructure.
The attackers are no longer opportunistic. They are patient. They don't use a lone CVE exploitation and exit; they live off the land, have presence, and stealthily mold the environment. That's why I believe 2025 is the year that resilience supersedes reaction. Detection and response are insufficient to hold at bay adversaries who remain below the radar for several months.
Meanwhile, regulatory action is picking up steam. For example, frameworks such as the EU's Digital Operational Resilience Act (DORA) and NIS2 require financial institutions to demonstrate that their own infrastructure is robust enough to stay resilient through and isolate disruption.
Resilience, therefore, has evolved from a buzzword to a quantifiable mandate. You're no longer judged on how you recover. You're judged on how you endure.Resilience, therefore, has gone from buzzword to quantifiable mandate. You're no longer judged on how you recover. You're judged on how you endure.
In 2024, a third of network breaches involved ransomware or extortion, and researchers predict that such attacks will occur approximately once every two seconds by 2031, likely costing victims a total of $265 billion per year. A recent report outlines how for financial institutions, the foundation of world critical infrastructure, that's not a prediction, it's a call to arms. The only effective answer is operational resilience.A recent report outlines how for financial institutions, the foundation of world critical infrastructure, that's not a prediction, it's a call to arms. The only effective answer is operational resilience.
TD Editor: You highlight network segmentation as “no longer optional.” With attackers harnessing AI for faster, more sophisticated campaigns, how should organizations rethink their segmentation strategy to stop lateral movement?
Phil Lewis: Network segmentation has always been a sound idea, but it’s now the single most practical line of containment we have. AI-driven adversaries can map and traverse a flat network faster than humans can respond.
Recent state-sponsored campaigns made this painfully clear. These Advanced Persistent Threat (APT) groups didn’t just breach the perimeter—they used internal routers to pivot laterally through five ATT&CK phases: access, persistence, lateral movement, collection, and exfiltration. Those devices were unmonitored and often misconfigured, which made them perfect conduits.
To prevent that sort of movement, segmentation must be dealt with on a living, rather than a fixed, design premise. That is:
-
Segment by mission criticality, not by topology. Start with your most important business services (the systems DORA calls Important Business Services (IBS) and isolate them with explicit access controls.
-
Validate continuously. Networks evolve daily. Each config tweak or ACL adjustment has the potential to break segmentation. Automation now validates, at scale, whether your isolation is intact after each change.
-
Instrument for compromise. Monitoring configuration drift, unauthorized port enablement, or traffic from blacklisted IPs can unveil signs of compromise long before payloads execute.
Analysts from Forrester, Gartner, and Omdia have identified segmentation as a key measure for mitigating ransomware and reducing the attack surface. As the UK’s National Cyber Security Centre describes it, “the difference between an inconvenience and a catastrophe.” For financial services, segmentation isn’t just a fortification of defense; it makes compliance a whole lot easier, reducing scope for audits, demonstrating containment.
TD Editor: Many CISOs admit they still struggle with blind spots in their environments. Why is achieving full network visibility so mission-critical today, especially in the context of supply-chain risks and insider threats?
Phil Lewis: The unit of measure for resiliency is observability. You cannot protect what you cannot see, and you cannot prove compliance on trust alone.
The FBI's recent warnings about Russian-backed threat groups exploiting a seven-year-old Cisco Smart Install CVE provide the example. Attackers need neither novelty nor sophistication; they need a lack of attention. Several devices attacked were theoretically compliant on paper, yet unmonitored in practice. they need lack of attention. Several devices attacked were theoretically compliant on paper yet unmonitored in practice.
Actual visibility entails being aware of what controls cover what services, and what each configuration does for your risk position. This isn't about gathering logs, since Salt Typhoon has proven that attackers have their ways of spoofing or clearing them. Visibility needs to be established at the configuration level, including checking ACLs, routes, and privileges on the devices themselves.
Under DORA, visibility is no longer optional; it's enforceable. Financial institutions must undertake ongoing operational readiness testing, dependency mapping, and testing that key ICT systems remain resistant to disruption. Continuous visibility is therefore the cornerstone of continuous resilience.
TD Editor: Flat networks have come under scrutiny due to regulations such as DORA and NIS2. Why are they particularly risky, and how can macro- and micro-segmentation help financial institutions comply and reduce ransomware impact? Flat networks have come under scrutiny under regulations like DORA and NIS2. Why are they particularly risky, and how can macro- and micro-segmentation help financial institutions comply and reduce ransomware impact?
Phil Lewis: Flat networks are a dream for attackers. Once inside, they can move laterally with minimal resistance, exfiltrate data, or disrupt operations on a large scale. That’s why regulators are now demanding segmentation as proof of resilience.
DORA expects financial institutions to be able to "instantaneously sever or segment connections" so that they "prevent contagion." That's a direct response to the reality that a single compromised router can cascade across interconnected systems.
Macro-segmentation builds boundaries between business areas, such as between payment processing and corporate IT. Micro-segmenting then constrains the blast radius for a given area, restricting movement between applications or workloads.
Segmentation also offers secondary benefits: it reduces audit scope, streamlines compliance assessments, and enables prioritized remediation of vulnerabilities in line with risk-based vulnerability management. The result is a measurable reduction in ransomware exposure and an increase in regulatory confidence that critical services remain operational under duress.
TD Editor: And finally, if you had to make one recommendation to CISOs going forward, what would it be on the eve when there isn't a competitive advantage anymore, but a survival mandate based on being resilient?
Phil Lewis: Assume breach and engineer for proof of readiness.
It means acknowledging that compromise is a given and that your success is based on containment, not avoidance. Keep tabs on what matters:
-
Time to isolate a compromised segment
-
Percentage of critical infrastructure with verified segmentation
-
Rate of unauthorized network changes detected and reversed
-
Average time for restoring configuration integrity
These are KPIs for resilience, proof that your defenses not only exist, but operate.
As the FCC Chairwoman Jessica Rosenworcel responded after Salt Typhoon: "Hope is not a plan." The successful organizations in 2025 are the ones that are able to demonstrate at a quantifiable level that their defenses can bend without breaking.
Phil Lewis has a proven track record in Strategic Risk Management, starting with Deloitte, then with market-leading Telecoms, Law Enforcement, and Cybersecurity firms, and is now championing Titania’s global expansion at the forefront of network readiness, resilience, and recovery technologies.
Wed, Nov 12, 2025
Enjoyed what you read? Great news – there’s a lot more to explore!
Dive into our content repository of the latest tech news, a diverse range of articles spanning introductory guides, product reviews, trends and more, along with engaging interviews, up-to-date AI blogs and hilarious tech memes!
Also explore our collection of branded insights via informative white papers, enlightening case studies, in-depth reports, educational videos and exciting events and webinars from leading global brands.
Head to the TechDogs homepage to Know Your World of technology today!
Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. While we aim to provide valuable and helpful information, some content on TechDogs' site may not have been thoroughly reviewed for every detail or aspect. We encourage users to verify any information independently where necessary.
Trending Discover Dialogues
Sangeet Kumar, Co-founder And CEO Of Addverb On Industry 5.0 Playbook: From Automation To Adaptation
Greg Young VP Cybersecurity & CorpDev, Trend Micro On Beyond Firewalls: Culture, Clarity & Resilience
Lakshman Arthimalla, Director – Data And Analytics At YASH Technologies On Unlocking Enterprise Intelligence With SAP BDC
Bob Friday, Chief AI Officer & CTO Enterprise, Juniper Networks On Agentic AI & The Future Of Networking
Michael Bushong VP Data Center Nokia On AI, Discipline & Leading Transformation
Join Our Newsletter
Get weekly news, engaging articles, and career tips-all free!
By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.
Join The Discussion