As cyber threats continue to evolve and become more sophisticated, adversaries are not only advancing their tactics but also collaborating with each other. Social engineering attacks, such as vishing, saw a significant increase of 442% between the first and second half of 2024, according to a report by CrowdStrike. This surge in social engineering attacks has led threat actors to shift away from traditional cyberattacks like deploying malware via malicious documents, opting instead to target help desks. CrowdStrike’s 2025 Global Threat Report reveals that a hacker can achieve lateral movement across a network in just 51 seconds.
Todd Felker, executive healthcare strategist at CrowdStrike, emphasizes that the rise in social engineering attacks highlights the exploitation of human psychology by adversaries. In a recent session at the CDW Executive SummIT in Chicago, Felker stated that organizations face more of an adversary problem than a vulnerability problem.
To combat these evolving threats, IT leaders must adopt a proactive and sophisticated defense strategy that focuses on data resilience, understanding adversary behavior, and leveraging artificial intelligence to counter social engineering tactics. Building a strong defense against cyber threats requires a deep understanding of the adversary landscape and implementing proactive measures to mitigate risks.
Shifting the security mindset from prevention to preparation is crucial in today’s threat landscape. Rex Washburn, data solutions architect at CDW, highlights the importance of cyber resiliency over the illusion of total prevention. With threat actors evolving rapidly, organizations must prioritize bouncing back from breaches and reducing downtime rather than solely focusing on preventing attacks.
Data resiliency plays a vital role in cyber resiliency, as it determines how quickly a team can recover lost data and respond to incidents. A multistep approach that includes immutable storage, continuous data validation, and an isolated recovery environment is key to achieving data resiliency. Building a modern cyber recovery environment, with features like immutable storage and regular data validation, can help organizations restore operations quickly after an attack.
Understanding the adversary landscape is essential for effective defense strategies. Security teams must be aware of the different types of threat actors, such as nation-state, e-crime, and hacktivists, and tailor their defenses accordingly. By implementing solutions that enhance identity and access management, secure cloud environments, and eliminate visibility gaps, organizations can strengthen their defenses against cyber threats.
Using AI to combat social engineering attacks is becoming increasingly important. Insurity CIO and CISO Jay Wilson suggests leveraging AI to simulate the tactics of cybercriminals and identify potential vulnerabilities in the system. Red-teaming exercises can help security teams understand the tactics of adversaries in social engineering attacks and improve their overall security posture.
In conclusion, staying ahead of cyber threats requires a proactive and adaptable approach to cybersecurity. By focusing on data resilience, understanding adversary behavior, and leveraging AI technologies, organizations can enhance their defense strategies and effectively combat evolving cyber threats. Stay informed and prepared to defend against the ever-evolving threat landscape.
