GUEST OPINION: Society is now at the stage where cybercriminals can easily leverage artificial intelligence (AI) to send hyper-personalised phishing emails that look like they’re from trusted sources, create deepfake videos and audio for fraud, automate ransomware that spreads across networks in minutes, and find and exploit software vulnerabilities faster than ever.
These attacks are unrelenting and can be exasperating for defenders. Too often, attention is focused on building robust preventative systems; however, the last 25 years have shown that intercepting every incident is practically impossible. The answer isn’t to prevent every attack at the edge; it’s to have the capability to respond fast enough to detect, contain, and recover when attacks happen before damage escalates.
Glenn Maiden, director of threat intelligence, FortiGuard Labs, Australia and New Zealand, Fortinet, said, “Today’s cybercriminals operate at a level of speed and sophistication that many organisations are simply unprepared to match. Some attackers offer services specialising in breaching networks and selling access to compromised systems. Others can purchase ‘off-the-shelf’ turnkey solutions that bypass security controls, making a devastating breach easier than ever.
“This underground economy of cybercrime has created an environment where vulnerabilities can be weaponised within days of being discovered. Companies face attacks that are targeting data as well as operational continuity, revenue streams, and even human safety in sectors like healthcare.”
The urgency is clear; however, so is the solution. Cyber resilience starts with being proactive. This means prioritising threat intelligence and incident response as core components of security strategy. It’s about shifting from a reactive posture, where teams scramble to contain damage after an incident, to a proactive approach. By assuming compromise and building playbooks around an initial intrusion, teams can anticipate, identify, and neutralise threats before they escalate.
Glenn Maiden said, “At its core, threat intelligence is about clarity. Security operations (SecOps) teams often face an overwhelming flood of alerts and logs, making it difficult to distinguish critical threats from background noise. Advanced threat intelligence systems can process billions of data points to generate actionable insights. This doesn’t negate the need for highly skilled defenders; however, it does help reduce the noise of false positives, giving defenders more time to identify and prosecute real threats.”
Once a threat is identified, time and response strategy become the most critical factors. Attackers move quickly and organisations must respond even faster. This is where automation becomes indispensable.
Glenn Maiden said, “Playbooks that outline step-by-step responses to specific threats let SecOps teams react within minutes. For example, in a simulated advanced persistent threat (APT) attack, an automated response process can detect and contain a sophisticated attack in under two minutes. In contrast, manual methods could take hours or even days, underscoring the value of proactive preparation.”
Preparation doesn’t end with automation. Cyber resilience requires a cohesive strategy that aligns technology, processes, and people. Every member of the company, from the C-suite to the IT help desk, has a role to play in securing the business. Implementing rigorous role-based access and principle of least privilege, as well as establishing greater visibility, understanding of assets, and a sense of cybersecurity normality, can make all the difference when trying to decide if an event is standard or a threat.
Another area that deserves attention is the evolving attack surface. As companies adopt hybrid and multi-cloud environments, their digital ecosystems become more interconnected and more vulnerable. Misconfigured cloud resources or shadow application programming interfaces (APIs) can create exploitable gaps that let attackers gain entry. The solution lies in adopting an integrated security framework that provides visibility across all platforms and automates responses to emerging threats.
Glenn Maiden said, “It’s also worth considering the broader picture. Cyber resilience isn’t just about protecting the organisation. It’s about maintaining trust with customers, partners, and stakeholders. In today’s climate, a data breach or operational disruption can have far-reaching consequences, from financial losses to reputational damage. Taking proactive steps to build resilience demonstrates a company’s commitment to security, for its own sake as well as for the people who rely on it.
“The stakes have never been higher, yet neither has the opportunity to innovate. Organisations can turn the tables on attackers by focusing on threat intelligence, automation, and preparedness. Instead of playing catch-up, they can regain the upper hand, protecting not just their current systems, but their future as well.”