When a cyberattack strikes a government agency, the impact is immediate and far-reaching—crippling critical services, eroding public trust, and putting sensitive data at risk. In 2024 alone, an increase in ransomware attacks disrupted government offices, affecting the public services of millions.
At this year’s Rubrik Forward conference, former government cybersecurity leaders delivered a clear message: basic compliance and backups are not enough. The federal government must embrace cyber resilience as a core operational imperative.
“The attackers only have to get lucky once,” said Ron Ross, a former NIST Fellow, during Rubrik Forward 2025. “Cyber defenders have to be right 100% of the time.”
The Expanding Attack Surface: A Shared Challenge Across The Federal Government
Building on the importance of cyber resilience, Ross described today’s digital landscape as one defined by trillions of lines of code, billions of devices, and ubiquitous connectivity—a true shared risk scenario.
The complexity of modern systems means vulnerabilities (especially zero-day vulnerabilities) are proliferating at a pace that’s nearly impossible to manage.
Rob Joyce, former director of cybersecurity at the National Security Agency (NSA), echoed these concerns, noting that attackers often know networks better than the people who own and operate them. Today’s adversaries—nation-states, cybercriminals, and hacktivists—are highly organized, specializing in everything from initial access to ransomware deployment. Offense has been outpacing defense, and the criminal element is now as professionalized as nation-state actors.
Why Cyber Resilience Matters Now
Legacy backup systems were never designed for today’s relentless, sophisticated cyber threats. Modern attackers exploit government organizational silos, misconfigurations, and slow recovery processes. “The attackers will know your network often better than the people who own and operate it,” warned Joyce.
The stakes are especially high for government agencies tasked with safeguarding public services and critical infrastructure.
For instance:
Expanding attack surface: Trillions of lines of code and billions of connected devices create vulnerabilities at every layer.
Resource constraints: Government agencies face tight budgets and lengthy procurement cycles, making it harder to keep up with evolving threats.
Operational silos: Government backup and cybersecurity teams often work in isolation, leaving gaps attackers can exploit.
Compliance ≠ Security: Meeting regulatory requirements does not guarantee protection against modern ransomware or data exfiltration.
Expert Tips for Building Government Cyber Resilience
Cyber resilience should be a top priority and a shared responsibility across all levels of the federal government. To help your agency begin strengthening its cyber resilience, here are several practical tips shared by experts during the conference:
Break Down Agency Silos: Foster collaboration between federal cybersecurity, information technology, and operations teams. Tabletop exercises and joint incident response planning will be crucial in this case.
Automate and Orchestrate: Automate backup, threat detection, and recovery to minimize human error and accelerate response.
Monitor Continuously: Implement continuous risk assessment and vulnerability scanning within your agency. Backups must not only be performed religiously but also tested regularly.
Assume Breach, Plan for Recovery: Adopt a zero-trust mindset. Expect attackers to gain access and focus on limiting damage and restoring services as quickly as possible.
Reduce Your Agency’s Attack Surface: Be disciplined about reducing attack surfaces. Remove unnecessary government applications and components.
Segment and Harden: Use zero trust principles and micro-segmentation to limit lateral movement and contain breaches within your agency.
Test and Exercise: Regularly test your agency’s data recovery plans and conduct hands-on training (such as Rubrik’s Camp Rubrik and tabletop exercises) to ensure readiness.
Leverage Partnerships: Your agency is not in this fight alone. Use NIST’s resources, Information Sharing and Analysis Centers, and peer networks to share best practices.
How Rubrik Can Accelerate Your Agency’s Cyber Resilience Journey
The federal government requires solutions that surpass traditional defenses as the risks escalate. Rubrik Security Cloud—Government is built on zero trust principles and engineered to meet the strictest federal standards, providing immutable, access-controlled backups and continuous threat monitoring to ensure that critical data remains secure, recoverable, and compliant—no matter where it resides.
With real-time risk assessment, rapid recovery capabilities, and dedicated United States-based support, Rubrik gives agencies the ability to minimize downtime and maintain public trust, even in the face of advanced cyber incidents.
As more government data moves to the cloud, Rubrik’s multi-layered security architecture and compliance with programs like the Federal Risk and Authorization Management Program (FedRAMP®) and Government Risk and Authorization Management Program (GovRAMP™ and formerly StateRAMP) help agencies achieve true cyber resilience and mission continuity in an evolving threat landscape.
Rubrik Security Cloud—Government also meets requirements for the Criminal Justice Information Services (CJIS), Family Educational Rights and Privacy Act (FERPA), and Department of Defense (DoD) Cloud Computing standards, ensuring comprehensive protection for sensitive government data.
As cyber threats escalate, your agency’s ability to recover quickly and securely is as vital as your ability to prevent attacks before they strike. Rubrik stands ready to help your agency bridge the gap, strengthen its cyber resilience, and ensure mission continuity for the citizens who depend on your agency and its services.
“Downtime is unacceptable,” Joyce said. “It is an existential threat to your entity, whether it’s your nation or your agency.”
Learn more about how Rubrik can help your agency build true cyber resilience and safeguard its mission. Request a demo today to speak with an expert.