The Attack Surface Changed but the Fundamentals Didn't

Every few years, something comes along that reshapes the threat landscape and sends the industry scrambling for new tools, new frameworks, and new buzzwords. The perimeter died. Then it came back. Endpoints became the priority. Now they’re not the whole story. Identity is the new battleground. AI is changing everything.

And yet, the more I talk to people who’ve spent decades in the trenches, the more I keep hearing the same thing: the fundamentals still work. We just stopped trusting them.

I had that conversation recently with Will Ledesma, a cybersecurity veteran with over 25 years in the field and a current role at N-able. Will also serves as a cyber warrior in the U.S. Air Force — and as a fellow Air Force vet, I can say the service tends to instill a certain appreciation for doing things right the first time.

We talked about what N-able’s latest State of the SOC report actually shows about where attacks are coming from — and the answer probably isn’t what you’d expect if you’ve been following the conventional wisdom around endpoint protection. The data points somewhere else, and Will does a good job of explaining why that shift makes sense when you look at what’s been happening across the business world over the last few years.

From there, the conversation moved into identity — not just the username-and-password kind, but the full scope of what “identity” means in a world where your network includes laptops, IoT devices, cloud workloads, software applications, and increasingly, AI agents running on behalf of your employees. If an attacker can own any one of those identities, a lot of your other defenses stop mattering.

Companies are bringing in AI tools at a rapid pace, leaning on them to augment their workforce and drive efficiency. That’s fine. But what happens when those systems become mission-critical, and someone decides to take them out?

We also got into something I’ve been saying for years about compliance. Compliance and security aren’t the same thing. You can check every box on a framework audit and still get breached — plenty of high-profile companies have proven that. The frameworks have value, but they’re a floor, not a ceiling. And too many organizations treat them like the finish line.

Will’s framing for all of it comes back to defense in depth — a concept he learned early in his career and one that he argues is more relevant now, not less. The attack surface has expanded. The identities have multiplied. The stakes are higher. But the logic of layering your defenses, covering your fundamentals, and not betting everything on any one control? That hasn’t changed.

The episode is worth your time whether you’re a practitioner, a leader trying to make sense of your security investments, or just someone trying to figure out what “cyber resilience” actually means when you strip away the marketing. Hint: it’s bigger than cybersecurity.

About
Latest Posts

Tony Bradley

Editor-in-Chief at TechSpective

I have a passion for technology and gadgets and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 3 dogs, 5 cats, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Threads, Facebook, Instagram and LinkedIn.

Related Posts