Modern Cybersecurity Must Now Be Proactive

March 3, 2025  |  Mark Hillary

The Crowdstrike Global Threat Report is produced annually and is always a good summary of the latest cyber threats that all executives should be aware of – even beyond just security professionals. Cybersecurity now affects every industry and therefore an awareness of the strategies needed to protect your business should be on the boardroom agenda.

The 2025 report should be coming soon, but I was looking back at the 2024 report when I noticed a really important difference in the way that cyber threats have been reported to date.

The 2024 Global Threat Report explicitly stated that: “…a reactive approach is no longer sufficient—staying ahead of cyber threats requires continuous adaptation, investment in modern defenses, and a commitment to cybersecurity resilience.”

This is why I consider that cybersecurity needs to be one of the most important priorities for most businesses today. After all, almost every company is now storing customer data, using and analyzing this data, and processing orders and payments using financial data. Almost every business now has valuable data that can be stolen.

Cybercriminals are refining their tactics and leveraging emerging technologies, such as AI, so deepfakes, and supply chain compromises are becoming more common. Organizations must remain vigilant and proactive in their security strategies.

There are many reasons for this emphasis on proactivity, but the increased risk of a distributed workforce (greater attack surface) is now combined with the ability of AI to find weaknesses in both physical systems and people.

Attacks are accelerating. The time between a breach and a threat actor moving laterally within an organization is drastically reduced. Only automated surveillance tools can now offer a defense against this.

But there is also an increase in identity-based attacks. Criminals are using social engineering, phishing, and MFA bypass techniques to use the credentials of employees and trusted system users. Attackers increasingly rely on stolen identity credentials, making it harder for security systems to distinguish between legitimate users and malicious actors.

Generative AI is both a powerful tool and a growing security risk. While AI can enhance security operations, it is also being used by cybercriminals to automate attacks, craft highly convincing phishing emails, and bypass traditional security defenses.

The lowering barrier to entry for cybercrime means that more actors, including inexperienced hackers, can leverage AI to carry out sophisticated cyber operations with minimal effort.

The research outlines many more specific threats, but I believe the important point is that companies can no longer just deploy a reactive strategy. You can no longer just build a security ‘wall’ and assume that you are safe.

As the cybersecurity landscape becomes more hostile, organizations must adopt proactive defense strategies to mitigate these evolving threats.

The Crowdstrike report emphasizes the need for:

  • Zero Trust Security Models. Continuous verification of users and devices to reduce the risk of identity-based attacks. This is critical as there has previously been an assumption of trust once a user is logged in
  • AI-Powered Threat Detection. Using AI-driven analytics to identify and respond to threats faster than human analysts alone. This is especially important as the time from breach to criminals taking action is now very short – there is a much shorter window of time in which to act
  • Cloud Security Enhancements. Strengthening identity access management (IAM) and reducing misconfigurations in cloud environments. This is a bread and butter issue – it should be very basic – but it is a common mistake that allows criminals access to networks
  • Incident Response and Threat Hunting. Proactively monitoring for suspicious activity and rapidly containing threats before they escalate. Potentially the most important issue raised in the entire report – you can no longer just react to threats as they happen

The Crowdstrike research is useful because it is comprehensive and it makes some extremely important points. Cybersecurity is no longer a process of building a firewall and then monitoring for breaches. The reactive approach is no longer enough – by the time a breach is detected the criminals may have vanished with your corporate data or encrypted all of it.

Cybersecurity must now be proactive and this means AI has to be considered as one of the most important tools in the fight against hackers and cybercriminals. They are using AI to break in – you need to use AI to keep them out.

For examples of IBA expertise in cybersecurity, including penetration testing and cloud security, please click here. Follow IBA Group on LinkedIn for regular updates and comment. 

February 10, 2025
Data Teams Need To Lead When Organizations Become AI-Driven
Mark Hillary Continue Reading
March 11, 2025
Mark Hillary Interviews Sergei Levteev on AI and Business Innovation
Mark Hillary Continue Reading
Blog

    Access full story Leave your corporate email to get a file.
    Yes

      Subscribe A bank transforms the way they work and reach
      Yes