There is a relentless evolution of cyber threats and defenders struggle to keep pace. As threat actors continue to innovate, shifting their tactics toward leveraging legitimate credentials and using more sophisticated techniques, defenders are being urged to return to the basics of cybersecurity, while also embracing the advantages that AI can offer—without losing sight of the crucial role humans still play in this battle.
The evolving nature of cybercrime is an intricate game of cat and mouse, but with foundational security practices, AI, and a focus on resilience, organizations can maintain an advantage.
The Changing Tactics of Cybercriminals
In the past decade, threat actors have drastically changed their approaches, moving away from simple malware exploits to more insidious strategies such as “living off the land” tactics.
I recently spoke with Matt Olney, director of Talos Threat Intelligence and Interdiction at Cisco, and Mick Baccio, global security advisor at SURGe for Splunk. The pair shared that attackers now increasingly rely on tools and binaries already present within a system to carry out malicious activities, making it far harder for defenders to detect and respond.
The prevalence of credential theft underscores this shift. Rather than exploiting software vulnerabilities, attackers are now more likely to use stolen credentials to gain access to corporate systems. Mick pointed out during a presentation at Black Hat that adversaries no longer have to hack into systems; they simply log in. This trend highlights the growing importance of identity management in securing an organization’s digital assets.
Ransomware: From Encryption to Extortion
One of the most prominent cyber threats discussed during the Splunk and Cisco session at Black Hat was ransomware, which has rapidly evolved beyond traditional encryption tactics. Early ransomware attacks locked victims out of their own data, demanding payment for decryption. However, today’s ransomware is often more focused on extortion. Attackers steal data and threaten to publicly release sensitive information if their demands aren’t met. The infamous MOVEit breach in 2023 serves as a prime example. Attackers bypassed encryption entirely, exfiltrating sensitive information and then using the threat of exposure to coerce victims into paying a ransom.
Matt pointed out during the panel that what makes ransomware such a high-priority threat is that it directly impacts a company’s ability to function, forcing businesses to take immediate action and allocate resources toward security measures.
Cyber Vegetables: Security Basics Are Still Key
Despite the sophistication of modern cyber threats, the panel discussion repeatedly emphasized the importance of “cyber vegetables,” or the security basics. These fundamentals, such as multi-factor authentication (MFA), patching vulnerabilities, and properly configuring systems, remain the most effective defenses against many types of attacks. Yet, many organizations still struggle to implement these basics due to friction in user experience or a perceived lack of urgency.
“Organizations often face budget constraints or prioritize convenience over security,” said Baccio during the conversation. He emphasized that MFA is not a cost-prohibitive measure, but rather an essential practice that should be adopted by every organization.
The failure to implement these basics leaves enterprises exposed to even the simplest attacks, while doing the basics well takes organizations “miles ahead” in terms of their overall security posture.
AI in Cybersecurity: Tool, Not Replacement
Artificial intelligence has become a buzzword in cybersecurity, but the panel cautioned against over-reliance on AI alone. While AI can significantly augment security teams—particularly in automating routine tasks like threat detection and analysis—it should not replace human expertise.
Olney noted that AI offers defenders a new advantage by helping automate the “grunt work” traditionally handled by junior analysts, allowing human experts to focus on more strategic, high-level decisions. However, he also warned that replacing entry-level analysts entirely with AI could lead to a shortage of more experienced security professionals in the future. Without proper training and experience at the lower levels, junior analysts cannot progress to become more advanced, seasoned defenders.
Of course there are also risks associated with adversarial AI. While AI is currently being used by attackers primarily for reconnaissance and phishing, its potential for more dangerous uses—like AI-powered disinformation campaigns—poses a significant threat.
Building Cyber Resilience: Beyond Prevention
Cyber resilience—the ability to recover from attacks—was another crucial theme from the Black Hat panel. It is not enough to simply prevent attacks; organizations must be prepared to recover quickly when incidents do occur. Baccio and Olney stressed that resilience is what enables companies to withstand attacks and minimize downtime, a critical factor given the financial costs associated with prolonged service outages. In fact, downtime can cost businesses hundreds of millions in lost revenue, as detailed in Splunk’s recent “Hidden Costs of Downtime” report.
Ultimately, resilience isn’t just about having a backup plan—it’s about integrating proactive and reactive security strategies to ensure that organizations can continue to function even in the face of sophisticated attacks.
The Future of Cybersecurity
As cyber threats continue to evolve, defenders must embrace a multifaceted approach that combines security basics with cutting-edge technologies like AI, while also fostering a culture of resilience. While attackers innovate, defenders have the advantage of new tools and greater awareness, but only if they commit to staying ahead of the curve. By doing the basics well, integrating AI to augment human teams, and investing in resilience, organizations can navigate this constantly shifting landscape and defend themselves more effectively.
In the end, it’s not just about keeping pace with cybercriminals—it’s about outlasting them.
Read the full article here