Spektrum Labs is providing early access to a platform that enables cybersecurity and IT teams to mathematically prove they have achieved cyber resilience.

Company CEO J.J. Thompson said the Spektrum Fusion platform makes use of cryptographic proofs to validate whether statements made about resilience are indeed true. The output from those mathematical algorithms provides the visibility needed by security and IT teams to ensure that, for example, backups of data are actually occurring, he added.

Cybersecurity and IT teams are, of course, under increased pressure to achieve higher levels of resiliency that enable organizations to recover quickly from cyberattacks. A cryptographic proof makes it possible to irrefutably prove what level of resiliency is being achieved in a way that can then be shared with a board of directors or a provider of cyber insurance.

At the core of the Spektrum Fusion platform is a data fabric that aggregates the various time-stamped cryptographic proofs in a set of validated Cyber Resilience Tokens that make it simpler to track which processes have been validated.

Additionally, Spektrum has developed a set of artificial intelligence (AI) agents that can audit workflows in a way that enables organizations to continuously analyze their security posture and streamline compliance workflows. There are also AI underwriting agents that triage submissions and renewals in addition to generating real-time updates whenever the status of a safeguard changes.

It’s not clear how confident organizations are in their current level of cyber resiliency, but most will likely be surprised to discover that one or more critical tasks that they are relying on to achieve and maintain it is not being performed as expected. That not only leaves them open to cyberattacks, it also creates a point of contention that might lead to an insurance claim being denied.

Historically the challenge when it comes to achieving resilience is the simple fact that the cybersecurity and IT teams responsible for applying patches and running backups are not as closely aligned as they should be. IT teams, for example, might be regularly backing up data but a test that ensures those backups have not been corrupted might not have been run. Just as likely, no one might have determined exactly how long it might take to recover data after a cybersecurity syndicate starts demanding ransom for the data they have encrypted. Many organizations to their chagrin have already discovered that the day or more required to restore data is going to result in far more revenue being lost than the amount of ransom demanded.

Each organization will need to determine to what degree being able to mathematically prove they are resilient is worth the extra investment level required, but in an age where executive leaders are more focused on this issue than ever, there is a lot to be said for simply being able to sleep easier. After all, no one can really prevent a cyberattack from being launched. The only part of the equation that organizations actually have any control over is how well they ultimately respond.