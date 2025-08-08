COMMENTARY: During my attendance at Black Hat USA i n Las Vegas this week, it’s now very clear that AI will enhance productivity of security teams and end users while allowing for new and novel methods of attack by malicious actors.

AI can deliver faster threat protection, predict attacks, monitor IT networks 24/7, detect fraud, automatically quarantine affected systems, and block malicious IPs or disable compromised accounts.

On the downside, AI-powered attacks have become more sophisticated and can misclassify threats or miss them altogether.

AI represents a double-edged sword: it’s only as good as the data it’s trained on and references. However, if that training data is biased, incomplete, or maliciously modified, it can lead to serious security vulnerabilities. Additionally, AI has become cumbersome to protect, requiring skilled people and novel protection strategies.

Conversations I’ve had with fellow conference attendees and the speaker sessions I attended left me thinking that we have entered very aturbulent and chaotic time.

One risk alone, like the complications and implications of AI, would be a lot for security teams to focus on. Adding to the chaos are increasingly complicated security-related regulations. Meanwhile, supply chains are being disrupted by technical and natural disasters.

Power outages and network failures can disable firewalls, intrusion detection systems and security monitoring tools. Backup systems can fail if they rely on technology that has been compromised by the disaster. Data centers or cloud zones in disaster zones may go offline, leading to security downtime and lack of visibility into a potential attack.

Geopolitical conflict and trade wars are adding to hysteria and complication, thereby expanding the cyberspace battlefield. Trade conflicts often lead to geopolitical tensions, which facilitate retaliatory state-sponsored cyberattacks.

Nations are competing with tariffs, and also with cyber capabilities to protect their interests. Stealing intellectual property, disrupting rival economies and gaining negotiation leverage during trade talks are common impacts of a trade war.

For example, U.S.-China trade tensions in the late 2010s coincided with a surge in Chinese APT activity targeting American tech and manufacturing businesses. Tariffs may also raise costs for hardware, software and services, diverting budgets for cybersecurity spend.

From the front lines of the global cyber war, I have seen how ransomware and phishing campaigns spike during and after disasters, especially when organizations may be at their weakest. Threat actors commonly use social engineering to target vulnerable populations and lax cybersecurity systems. Attackers will target critical systems, such as hospitals and utilities, as well as third parties, which may become weakened or distracted during a disaster.

Security teams are often short-staffed or unreachable during a disaster. Therefore, organizations that integrate security into their broader resilience planning are much better prepared to weather both physical and virtual storms.

Today, we are dealing with mind-boggling complexity. It requires new technologies and ways of thinking — it requires resilience and flexibility. I have long-been a fervent advocate that the ability to recover from a cyberattack outweighs the ability to prevent one.

Reflecting on my experience at Black Hat, I come away more convinced than ever that cyber resilience and flexibility of professionals and systems must be the new standard — that it is our most important weapon against breaches.

Let’s face facts. No IT system is 100% secure. Threats evolve daily, while attack vectors are growing for cloud, IoT, remote work environments and more. Breaches are inevitable despite all the preventative measures in place, an over-reliance on AI notwithstanding. So, as threat actor tactics evolve, data backup technology presents itself as an organization’s best security defense.

Through the proper orchestration of multiple copies of encrypted data backups — those that are immutable — an organization can maintain the confidence that they are storing information that’s protected and retrievable, with a minimum of operational downtime should it get hit by an attack.

Rather than only focusing on preventing threat actors from getting in, organizations must first ensure its ability to recover all the data. It’s what I describe as solving in reverse.

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.