Lessons for business leaders in winning the cyber war

In 2024, ransomware incidents increased by 9% quarter-over-quarter in Q2, and AI-driven phishing attacks skyrocketed by 60%. If “Global Cybercrime Inc.” traded on a stock exchange, I would buy it because its growth trajectory over the past decade has been breathtaking. Measured by GDP, global cybercrime is now a $10.5 trillion-per-year economy, trailing only the U.S. and China in economic “productivity.” These alarming trends reflect a cyber landscape that’s growing more threatening by the day, fueled by an expanding digital ecosystem.

With over one billion unique URLs on the internet, thirteen million new malicious domains discovered monthly and more than 70% of traffic used for malicious purposes, the attack surface for organizations has reached unprecedented levels. 

Yet, the portion of the internet most businesses actually need is minuscule: less than 15,000 URLs, tailored to their specific operations and devices. This staggering contrast raises critical questions: Why focus on detecting an ever-growing “bad” when the portion of the internet we need, which is “good,” is incredibly small? Why remain on a battlefield dominated by adversaries when we can reshape the terrain entirely?  

The solution is simple: stop fighting the cyber war on the adversary’s terms. By removing digital assets from the battlefield, organizations can adopt a radically different posture that prioritizes attack surface reduction over endless reactive measures. This approach simplifies cybersecurity and strengthens resilience, allowing businesses to focus on growth without being bogged down by constant threats. 

Business Case for Attack Surface Reduction

Winning the cyber war demands a shift from defending against every conceivable threat to proactively reducing exposure. This begins with removing assets from the battlefield, which means ensuring devices connect only to what is necessary and safe, with every other connection denied by default. By focusing exclusively on “known good” connections and blocking all others, organizations can shrink their attack surface by over 7,000 times. This approach removes countless entry points for attackers, forcing them to expend more resources for diminishing returns. 

This approach simplifies modern cybersecurity challenges for business leaders. As attack methods grow more sophisticated, monitoring and mitigating every potential threat is unsustainable. Narrowing the focus to critical assets and connections streamlines decision-making, enhances resilience, and enables organizations to allocate resources more effectively. 

Proactively reducing exposure decreases vulnerabilities and operational risks, leading to fewer disruptions and a lower likelihood of costly breaches. Financially, this strategy allows organizations to reclaim budgets previously reserved for responding to high-profile threats, such as ransomware-as-a-service (RaaS) attacks. These resources can then be reinvested in growth, innovation or further strengthening the organization’s cybersecurity posture. 

To harness these benefits fully, organizations must address the cultural and strategic alignment needed to support this approach. 

Aligning Cybersecurity With Business Strategy

Cybersecurity cannot exist in isolation; it must align with broader business objectives to deliver lasting value. This alignment ensures teams work together to minimize exposure and safeguard critical assets. 

One common challenge is the disconnect between technical priorities and organizational goals. Security teams may focus on deploying advanced tools to reduce vulnerabilities, while leadership prioritizes cost management or operational efficiency. When these priorities diverge, organizations risk underutilizing tools or strategies designed to shrink their attack surface, leaving critical vulnerabilities unaddressed. Closing this gap requires leaders to frame cybersecurity as a business enabler that supports long-term growth. 

Effective leadership drives this shift. Business leaders set the tone by embedding attack surface reduction into the organization’s strategic vision and fostering a culture of proactive defense. This involves clear communication about how security initiatives align with broader objectives, such as minimizing downtime, maintaining customer trust and ensuring regulatory compliance. When cybersecurity is an integral part of the business strategy, teams are more likely to collaborate, and employees at all levels are more likely to embrace their role in maintaining a secure environment. 

Lessons from the Frontlines

Proactive security measures, like reducing the attack surface, can differentiate between a catastrophic breach and a manageable disruption. One example that comes to mind is a multi-continent manufacturing company that approached us during an active ransomware attack. As the breach unfolded, they deployed a default-deny-all solution at the network edge, allowing only verified, necessary connections and blocking all others by default. While the attack disrupted a single weekend shift, the organization avoided paying the ransom and maintained connectivity to critical systems. 

Notably, the incident involved an unpatched Windows XP system on one of their manufacturing floors—a system that remains operational and unpatched today. Since the initial breach, the same proactive measures have thwarted over 5,000 reinfection attempts by blocking each unknown connection before it could cause harm, as it wasn’t part of that device’s version of the internet.

The default-deny-all solution didn’t have to recognize malicious connections; it simply disallowed unknown connections by default. This example illustrates how reducing the attack surface makes it exponentially harder for adversaries to gain traction, allowing operations to continue with minimal disruption. 

For business leaders, this underscores how proactive strategies yield measurable results. Success isn’t about eliminating every threat but minimizing their impact. Metrics like avoided ransom payments, uninterrupted connectivity and reduced operational disruptions provide tangible proof of an effective cybersecurity approach. 

Turning Cybersecurity into a Competitive Advantage

Winning the cyber war requires more than reactive threat detection tools; it demands a proactive approach that allows organizations to create a unique version of the internet for each device. This shift begins with a commitment to minimizing exposure and fostering a culture where cybersecurity integrates into every level of the organization. By doing so, businesses can protect critical systems, build resilience and maintain customer trust, creating a foundation for sustained growth. 

The path forward is clear: connect to only the good and necessary and deny malicious connections by default. This approach increases resilience, reduces the threat landscape, and allows for reinvestment in the business and its people. By embracing truly proactive solutions today and pairing them with a security culture, we can confidently and controllably face a world of growing cyber threats.