COMMENTARY: Cybersecurity functions as a team sport — and just like football, building a winning team requires a focus on basics like blocking and tackling.Yet in today’s cybersecurity landscape, it feels like we’ve forgotten that. The industry’s obsession with AI, quantum, and zero-trust frameworks often overshadows the basics, like patching, access control, email hygiene, asset inventory, and identity management.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]Everyone wants to talk about technological advancements that can transform defenses, but today, roughly 80% of breaches still come down to fundamentals we already know how to fix. The fundamentals aren’t as flashy, but they win games every time.Security teams can use AI to improve fundamentals, but it doesn’t replace them. Great football teams use analytics to fine-tune blocking schemes — they don’t skip practice because of it.In cybersecurity, the same rules apply. AI can spot anomalies, prioritize vulnerabilities, and block threats faster than any human team, but its impact depends on the fundamentals. If the company stores unreliable data, the organization’s access controls are lax, or the team lacks process discipline, even the smartest models will fall short.Technology can coach people, but it can’t make the tackle for them. No amount of flashy play design matters if the line can’t protect the quarterback. The same goes for cybersecurity operations: the latest technology won’t save the security team from weak execution.Mick Leach, Field CISO, Abnormal AISC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
The state of play today
Security teams today are being asked to do more with less. Budgets are tightening, headcounts are limited, and the attack surface keeps expanding. Meanwhile, threat actors still walk through the same open doors they’ve used for decades, whether it’s unpatched vulnerabilities, overprivileged accounts, or simple human mistakes.The 2025 Verizon Data Breach Investigations Report found that 68% of breaches stemmed from known vulnerabilities that hadn’t been patched. We’ve also seen that 98% of security leaders consider misdirected email a significant risk — a problem that has nothing to do with cutting-edge malware and everything to do with ordinary human error.Many organizations have turned to AI-driven detection tools, large language models, and automated response platforms to bridge these gaps. And while these technologies are undoubtedly powerful in their ability to rapidly surface insights and even automate some responses, they still rely on human judgment to ensure outcomes remain accurate and secure.AI can augment defenders, but it’s not a substitute for discipline, process, and good security hygiene. Even with the best tools money can buy, if the teams forgets the fundamentals, the defense breaks down fast.The playbook
Winning teams don’t rely on trick plays, they execute the fundamentals flawlessly. And that holds true for security organizations. AI can help teams move faster and see further, but it’s only effective when the basics are solid. Here’s what effective blocking and tackling looks like for security teams:- Know the company’s environment: Asset management still represents a blind spot for most enterprises. If we don’t know what we have, we can’t protect it, and AI won’t magically discover shadow IT or orphaned systems. Machine learning can accelerate discovery, but only if the underlying inventory and ownership are well-defined. Build continuous visibility into the infrastructure, and update it religiously. This might mean tapping discovery tools to continuously monitor the environment, enforcing consistent asset tagging and ownership, and reconciling inventories to quickly catch and remediate discrepancies.
- Build a culture around patch management: Automation helps, but culture matters more. For example, every engineer should own both uptime and update cycles. Make default configurations secure out of the box – and validation continuous, as opposed an annual exercise. AI may help prioritize what to patch first, but it can’t enforce accountability — that’s still a human responsibility.
- Focus on identity and access control: Attackers know how to exploit MFA fatigue. Strong identity protection isn’t just about adding more verification factors: it’s about applying least privilege, routinely reviewing high-value accounts, and watching for behavioral anomalies that hint at compromise.
- Invest in awareness programs that highlight the human element: Phishing remains one of the most persistent and costly threats to organizations. Behavioral AI — technology that learns normal patterns of user behavior and communication — can help identify and block malicious messages that traditional filters miss. However, lasting protection still depends on employee awareness and resilient system design. Investing in ongoing security awareness training ensures that the team can recognize and accurately verify threats that technology alone might miss.
- Develop a strong incident response program: When was the last time the team actually ran a tabletop or red team exercise? Regularly scheduled exercises — ideally run once or twice a year, with targeted mini-drills quarterly — helps build the muscle memory that can make the difference between a contained incident and a full-blown breach. These drills ensure that the team knows exactly how to respond under pressure, understands gaps in its processes, and can test the effectiveness of its tools. After all, even the smartest AI alert doesn’t matter if the team hasn’t practiced what to do when it fires.
