Page 239 - Cyber Defense eMagazine September 2025
P. 239
In the field of cyber defense, there has always been a great deal of emphasis on defending the network
perimeter – so much so, in fact, that many organizations still focus their entire cybersecurity strategy on
perimeter-based solutions.
Beyond the blurring of physical boundaries, there are many other reasons why defending the perimeter
is no longer enough. The entire concept of securing the perimeter is inherently reactive, and the
proliferation of AI-accelerated threats has created a situation in which it’s difficult (if not impossible) for
defenders to keep up with the speed and volume of automated attacks coming in from the outside.
Although software patching remains critical, each patch is written and distributed only after a vulnerability
has been exploited. By then, the damage has already been done. It’s like playing a perpetual game of
Whack-a-Mole in the midst of a 24/7 Urgent Care Center.
But perhaps the most urgent reason to move beyond a perimeter-only approach is the reality that – even
now, as you read this article – hackers are likely already silently inside your IT systems.
External vs. Internal Threats
Cyber threats can be separated into two main categories: External attacks and internal attacks.
Unfortunately, for most organizations, their IT networks are still extremely vulnerable to both types.
• External attacks are perpetuated by criminal persons, organizations or even nation state
adversaries who find highly creative ways to gain access to systems so they can steal or ransom
data. External attacks can take many different forms, but some of the most common include
malware, phishing, ransomware, Denial-of-Service (DOS) and Man-in-the-Middle (MITM)
attacks. In larger organizations, we also see SQL Injection, Zero-day exploits, and Spoofing
attacks. In the first five months of 2025, more than 22,000 new Common Vulnerabilities and
Exposures (CVE) records were received by the National Institute of Standards and Technology
(NIST), with a backlog of nearly 25,000 more reportedly awaiting analysis. In 2024, over 40,000
new CVEs were published, up by more than 37% from 2023. These vulnerabilities are being
exploited and weaponized faster every year on a massive scale.
• Insider Threats happen when individuals with credentialed access misuse their privilege – either
intentionally or unintentionally – to harm the organization. These are perhaps one of the most
concerning types of threat. The Cybersecurity Insiders 2024 Report indicates that 83% of
organizations reported insider attacks in 2024, with 51% experiencing six or more attacks in the
past year. In many cases, these are socially engineered, either by bribing existing employees or
intentionally placing individuals as employees/contractors within an organization, just to gain
access to data. Internal administrators often have inappropriate or unnecessary access to data
that would normally be off limits to someone at their level of responsibility. Another form of insider
threat is a Supply Chain attack, which targets third-party vendors or partners to compromise their
products or services, which are then used to attack the main organization.
Cyber Defense eMagazine – September 2025 Edition 239
Copyright © 2025, Cyber Defense Magazine. All rights reserved worldwide.
