There is a constant evolution of cyber threats and defenders are struggling to keep up. As threat actors continue to innovate, shifting their tactics toward leveraging legitimate credentials and using more sophisticated techniques, defenders are being asked to go back to cybersecurity basics while also embracing the advantages that AI can provide—without overlooking the crucial role people still play in this battle.
The evolving nature of cybercrime is a complex game of cat and mouse, but with fundamental security practices, artificial intelligence and a focus on resilience, organizations can maintain an edge.
The Changing Tactics of Cybercriminals
Over the past decade, threat actors have drastically changed their approaches, moving away from simple malware exploits to more insidious strategies such as “living off the land” tactics.
I recently spoke with Matt Olneyhis director Talos Threat Intelligence and Ban on Cisco, and Mick Baccioglobal security advisor to SURGe for Splunk. The pair shared that attackers now increasingly rely on tools and binaries that already exist on a system to perform malicious activities, making it much more difficult for defenders to detect and respond.
The prevalence of credential theft underscores this shift. Instead of exploiting software vulnerabilities, attackers are now more likely to use stolen credentials to gain access to corporate systems. Mick pointed out during a presentation at Black Hat that adversaries no longer need to break into systems. They just connect. This trend highlights the growing importance of identity management in securing an organization’s digital assets.
Ransomware: From encryption to extortion
One of the most prominent cyber threats discussed during the Splunk and Cisco Black Hat session was ransomware, which has rapidly evolved beyond traditional encryption tactics. Early ransomware attacks locked victims out of their own data, demanding payment for decryption. However, today’s ransomware often focuses more on extortion. Attackers steal data and threaten to release sensitive information if their demands are not met. The infamous MOVEit hack in 2023 serves as a case in point. Attackers bypassed encryption entirely, exfiltrating sensitive information and then using the threat of exposure to force victims to pay a ransom.
Matt pointed out during the panel that what makes ransomware a high-priority threat is that it directly affects a company’s ability to operate, forcing businesses to take immediate action and allocate resources to security measures.
Cyber Vegetables: The basics of security are still basic
Despite the complexity of modern cyber threats, the panel discussion repeatedly emphasized the importance of “cyber-vegetables” or security fundamentals. These fundamentals, such as multi-factor authentication (MFA), patching vulnerabilities, and properly configuring systems, remain the most effective defenses against many types of attacks. However, many organizations still struggle to implement these fundamentals due to user experience friction or a lack of urgency.
“Organizations often face budget constraints or prioritize convenience over security,” Baccio said during the conversation. He emphasized that MFA is not a cost-prohibitive measure, but rather an essential practice that should be adopted by every organization.
Failure to implement these fundamentals leaves businesses exposed to even the simplest of attacks, while executing the fundamentals well puts organizations “miles ahead” in terms of their overall security posture.
AI in Cybersecurity: Tool, Not Replacement
Artificial intelligence has become a buzzword in cyber security, but the panel cautioned against over-reliance on AI alone. While AI can greatly augment security teams—particularly in automating routine tasks like threat detection and analysis—it should not replace human expertise.
Olney noted that AI gives defenders a new advantage, helping to automate the “quick work” traditionally handled by junior analysts, allowing human experts to focus on more strategic, high-level decisions. However, he also warned that completely replacing the original analysts with artificial intelligence could lead to a shortage of more experienced security professionals in the future. Without proper training and experience at the lower levels, junior analysts cannot progress to become more advanced, experienced defenders.
Of course there are also risks associated with adversarial artificial intelligence. While AI is currently used by attackers primarily for reconnaissance and phishing, its potential for more dangerous uses—such as AI-powered disinformation campaigns—is a significant threat.
Building cyber resilience: beyond prevention
Cyber resilience – the ability to recover from attacks – was another critical topic from the Black Hat panel. It is not enough to simply prevent attacks. Organizations must be prepared to recover quickly when incidents occur. Baccio and Olney emphasized that resiliency is what allows companies to withstand attacks and minimize downtime, a critical factor given the economic costs associated with prolonged outages. In fact, downtime can cost businesses hundreds of millions in lost revenue, as detailed in Splunk’s recent report “Hidden costs of downtime“reference.
After all, resilience isn’t just about having a backup plan—it’s about incorporating proactive and reactive security strategies to ensure organizations can continue to operate even in complex attacks.
The future of cyber security
As cyber threats continue to evolve, defenders must adopt a multifaceted approach that combines security basics with cutting-edge technologies like artificial intelligence, while fostering a culture of resilience. While attackers innovate, defenders have the advantage of new tools and greater awareness, but only if they commit to staying ahead of the curve. By getting the basics right, incorporating artificial intelligence to augment human teams, and investing in resilience, organizations can navigate this ever-changing landscape and defend themselves more effectively.
In the end, it’s not just about keeping up with cybercriminals – it’s about outlasting them.