We are halfway through 2025, and it seems we are reading about data breaches almost every day. The victims include some of the biggest global corporations, such as U.S. employee screening service DISA (over 3 million affected), Oracle, Marks & Spencer, and telecom giant AT&T (while the breach was in 2024, stolen data of 86 million customers went on sale in June 2025). Customers expect the companies to protect their data. This expectation has clearly not been fulfilled. What can be some (likely) reasons behind this?
The first reason is the most popular one: AI/ML. AI is allowing the bad actors to automate the most critical parts of an attack, which are research and execution. The attack can be further fine-tuned and made elusive as per the response from the victim, because of another AI/ML capability: learning and adjusting. It can also scan for data that can be engineered for phishing and attacks that utilize data scraped from social media. The attacks can also be further customized to increase their effectiveness.
The second reason is THE weakest link in the cyber kill chain: humans. Despite multiple trainings, people may forget to back up critical data, click on a shady link despite being explicitly told not to do so, and feed critical information (deceived by mail supposed to originate from the company higher-ups).
Tool sprawl and reduced visibility are the third culprit. Organizations’ technology stacks may be a mix of both legacy and current tools, which can reduce visibility and correlation, a perfect example of the term “too many cooks…”
Another culprit is the massively expanded attack surface owing to increased cloud adoption, remote work, and a spike in (probably) unsecured IoT and edge devices.
Zero-day vulnerabilities are another critical factor. Attackers may deliver threats before the targeted vulnerability can be patched. The last, and the scariest, are gaps, including regulatory, compliance, and financial. These gaps leave the systems at the mercy of attackers due to poor patching and understaffed SOC. The second factor is particularly found during a downturn or in a budget-first company, where SOC can be classified as a liability, not an asset.
QKS Group’s resident security whiz Sanket Kadam elaborates,” In 2025, the cybersecurity landscape is being redefined by adversarial use of AI/ML, which automates reconnaissance, customizes payload delivery, and adapts attacks in near real-time. Human error continues to be the most exploited vector, with social engineering bypassing even the most advanced controls. The modern attack surface expanded by remote work, IoT, and edge proliferation remains insufficiently monitored. Zero-day exploitation is accelerating, often outpacing patch cycles. Further, regulatory and budgetary constraints contribute to delayed remediation and SOC understaffing, creating systemic exposure. Without unified threat visibility, automated response, and a risk-prioritized architecture, even mature enterprises remain operationally vulnerable.”
These are the problems. Now let us discuss solutions. The first thing is reducing the attack surface. This can be achieved by deploying exposure management tools, rather than vulnerability management solutions. While traditional vulnerability management tools find and patch vulnerabilities, they may be insufficient to detect external threats and web-facing assets. It can also lack threat prioritization. Exposure management reduces the attack surface by focusing on external exposures like misconfigured programs and open ports. They can also prioritize threats based on exploitability instead of relying on severity scores. QKS Group’s security expert Sujit Dubal explains,” Reducing the attack surface in today’s environment requires a shift from reactive vulnerability management to proactive exposure management. Traditional VM tools operate in isolation identifying CVEs without full context, often overlooking misconfigurations, unmanaged assets, and external-facing risks. In contrast, exposure management solutions continuously map the external attack surface, detect shadow IT, and correlate threat intelligence with asset criticality and exploitability. This risk-based approach enables security teams to prioritize exposures that are most likely to be weaponized. By operationalizing threat context and external visibility, organizations can move from static assessments to dynamic surface reduction ultimately aligning remediation with real-world attacker behavior.”
In addition, software capabilities like zero trust and AI/ML can be used to provide better protection. The AI capabilities listed by bad attackers mentioned above can also be used to detect and mitigate threats. Adoption of newer technologies like EDR and XDR can improve endpoint visibility.
In the end, as mentioned above, software and user training are not sufficient to fend off threats. It should be customized as per the users’ requirements and made more resilient. While vulnerabilities will always remain, as completely bug-free coding has not been achieved, a resilient protection system can allow users to detect and eject attacks.