“Microsoft Patch Tuesday, exploit Wednesday” used to be a joke. Now it’s reality. Adversaries use LLM disassemblers to reverse-engineer patches, identify underlying flaws, develop exploits, and begin scanning the internet for targets — all within a day of publication. Five months ago that window was four days.
James Blake is Global Head of Cyber Resiliency Strategy at Cohesity.
The problem isn’t new attack methods. It’s patching speed. Very few organizations can patch in a day. CISA gives even the most critical US organizations 30 days to patch internet-facing vulnerabilities. If you have Fortinet, Ivanti, Cisco, or Microsoft infrastructure facing the internet, the question is not whether you will be hit, but when.
That is not a prediction. It’s simple arithmetic.
Protection can’t close the gap
The reason organizations need resilience is that protection has failed. Not occasionally — routinely. Security teams’ instinct is to respond with more protection: better EDR, more threat intelligence, faster patching cycles. All of that is necessary, but none of it is sufficient.
Across every incident my team has responded to, all the companies whose data was encrypted had an up-to-date EDR solution in place. It didn’t matter.
There are at least eight known methods for evading EDR tools. The most common involves deploying a vulnerable kernel module via an initial exploit that sits above the firmware, where detection capabilities are effectively blind. This is the standard playbook, not an edge case.
Threat intelligence has the same structural problem. By definition, intelligence about adversary behavior lags behind that behavior. Even threat intelligence-led patching strategies — where organizations prioritize vulnerabilities based on known exploitation activity — have a built-in delay. The intelligence arrives after the window has already opened.
AI is also accelerating attacks in the phishing space, though in a different way. AI can analyze how individuals construct their emails and generate impersonations convincing enough to fool colleagues.
Business email compromise attacks that once required significant skill and access can now be assembled quickly and at scale. Adversaries were always doing this. AI just lowered the barrier considerably.
The conversation organizations need to have
Companies need to embrace an unsettling truth: Attacks are going to land no matter how exceptional the security team is. Some CISOs still believe otherwise. They will tell their board that given enough budget and headcount, the company can be protected. But breaches at even the largest, best-funded organizations show that assumption is not grounded in reality.
Most security leaders still avoid having that conversation with the business. They should be leading with it. AI isn’t introducing fundamentally new attack techniques. It’s accelerating ones adversaries were already using. And if protection was already failing before AI, the case for building genuine resilience is stronger than ever.
Mature security planning starts not with how to prevent every attack but with accepting that some will inevitably succeed. That shifts the discussion from an unrealistic hope of closing all vulnerabilities to how to continue operating when an attack succeeds.
Three places to start:
- Map your most critical business services and the infrastructure behind them. Most organizations find gaps they didn’t know existed.
- Check whether your network configurations are backed up. Most organizations don’t.
- Simulate losing Active Directory and corporate email simultaneously. What surfaces will tell you more about your resilience posture than any audit.
Whether an exploit takes four days to develop or one, the resilience strategy is the same: identify the most essential services before a crisis hits, maintain them under duress, and rebuild trust at every level — network, identity, access — before declaring the environment safe.
When vulnerabilities are exploited in hours, not days, security stops being about prevention alone. It becomes about how quickly an organization can operate through failure. In a world of “exploit Wednesday,” resilience—not speed—determines who stays operational.
We’ve featured the best endpoint protection software.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit
https://cdn.mos.cms.futurecdn.net/UjSNcAZ5SebctebKAMQNVF-2560-80.jpg
Source link
