The year that speed changed cyber security – Computer Weekly

Brian Jackson – stock.adobe.com
If last year proved anything in cyber security, it’s this: the battleground doesn’t just belong to those with the best tools or largest teams anymore. It belongs to those who can act faster than their adversaries.​
2025 was a watershed year – not because attackers unveiled new zero-days or defenders fell behind – but because of one defining shift that quietly reshaped the entire landscape: speed.​
Attackers didn’t become more intelligent. Defenders didn’t lose their skill. What changed was the tempo of operations. Intrusion, lateral movement, and exfiltration now happen at machine speed, outpacing human escalation chains designed for a slower era.​
Organisations have spent years investing in detection fidelity and recovery strength. Now, the ones that win are those that excel in response velocity, making quality decisions with incomplete information before an attacker completes their playbook.​
Early last year, a major Asia-Pacific logistics provider dealt with what appeared to be routine credential theft. Within an hour, the attacker had moved laterally across subsidiaries in three countries and began exfiltrating sensitive shipment data, assisted by automated tooling and reused playbooks.​
In another case, a financial services firm in Sydney saw ransomware encrypt critical systems less than 90 minutes after the initial intrusion point. Their endpoint detection and response (EDR) platform raised an alert within minutes, but the organisation’s escalation path required executive approval for major isolation actions. By the time that approval arrived, the attack had already propagated.​
These examples aren’t anomalies. They’re indicators of the new norm. In 2025, reaction lag, not detection gaps, became the dominant vulnerability.​
Cyber security principles have traditionally treated certainty as sacred: verify before isolating, confirm before containing. That approach emerged from decades of risk management discipline, but 2025 showed how dangerous it has become when timelines collapse.​
Enterprises that insisted on confirmation before containment often discovered their confidence too late. By the time an incident was “proven,” data had already been copied, encrypted, or destroyed, and recovery options were narrower and more expensive.​
By contrast, the enterprises that fared best weren’t reckless. They were pre‑authorised. For example, a large healthcare network in New Zealand successfully contained a stealthy persistent threat last July because of a pre‑agreed “isolate first” methodology. Their security operations centre (SOC) had the authority to trigger segmented network lockdown the moment their correlation engine flagged simultaneous credential anomalies across critical systems.​
They didn’t wait for certainty. They acted on the assumption that inaction was riskier. Later analysis showed that part of the triggering activity was benign, but leadership agreed the temporary disruption cost was trivial compared to the damage a successful compromise would have caused. The new resilience calculation: error is cheaper than hesitation.​
If 2024 was the year of tooling upgrades, then 2025 exposed a subtler gap: one not in technology, but decision architecture.
Security teams today can detect faster than ever. Machine‑learning‑based detection, cross‑layer correlation, and anomaly scoring have compressed identification times to minutes. Yet, organisational latency – the delay between alert and authorisation – remains measured in hours or days.​
The gap has become one of the most exploitable dimensions in modern defence. Attackers have no board approvals, no compliance committees, no external auditors. They can act within seconds while defenders remain constrained by governance designed for safety over speed.​
As many CISOs across Australia and New Zealand (ANZ) are discovering, the defender’s playbook still assumes time exists. In a growing number of breaches, the adversary finishes before the defender begins.​
Bridging the decision gap requires an enterprise to understand their minimum viable business (MVB), the smallest version of the business that can still function and serve customers when an incident compromises systems and operations.
Rather than attempt to restore everything, everywhere, all at once, this approach focuses on essential services for revenue generation and regulatory requirements. It prioritises the minimum set of applications and data those services rely on, and the infrastructure required to run them safely, even during degraded conditions.
In a world where attacks complete in minutes but forensics take days, understanding MVB can be the difference between business continuity and existential crisis.
Speed changed cyber last year. In 2026, those who understand their MVB – and can restore it fast – will be the ones that stay in business long enough to tell the story.
Niraj Naidu is head of engineering at Rubrik ANZ
Agentic AI is forcing CIOs to rethink IT strategy. Success depends on identifying key use cases, assessing data readiness, …
The real risk of AI isn’t experimentation—it’s deployment. Leaders must address governance, data gaps and oversight before …
Sustainability as a business initiative has rocketed up the priority list as investors, consumers and legislators demand …
Next-generation firewalls are critical tools in today’s evolving threat landscape. Learn how to evaluate and select an NGFW that …
Elevating cybersecurity to a state of resilience requires a security team to adapt and strengthen defenses. The result should be …
Business email compromise feeds on professional email norms — and exploits emotions such as fear or urgency. Learn what BEC is, …
FWA delivers wireless broadband internet to remote regions, temporary setups and other locations not suitable for wired …
The internet would be different today without DNS anchoring digital communications. Companies can take some basic steps to ensure…
Cisco’s entrée into 102.4 Tbps silicon boasts in-place programmability and new AgenticOps features as enterprise AI …
Follow this step-by-step guide on decommissioning a data center, covering planning, inventory management, data security, and …
Smart data centers reduce costs and enhance grid stability, enabling operators to evolve from passive consumers to active …
Due to rapid AI hardware advancement, companies release advanced products yearly to keep up with the competition. The new …
Establish a multi-phased approach that turns a risky situation into a managed process with several departments working in …
New Agentic Data Plane features enable users to create a governance layer for agents and could help the vendor differentiate …
AI’s competitive advantage is shifting from model scale to data quality. Organizations that invest in governance and …
©2025 TechTarget, Inc. d/b/a Informa TechTarget. All Rights Reserved.

Privacy Policy
Cookie Preferences
Cookie Preferences
Do Not Sell or Share My Personal Information

source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.