Cybersecurity has entered a new era. What was once a contest of firewalls and intrusion detection, is now a high-stakes game driven by AI. On one side, defenders are using AI to predict, prevent, and respond to cyber threats with precision. On the other, hackers are harnessing the same technology to outpace defences, sharing AI-enhanced strategies that make them faster, smarter, cheaper and more adaptable.
In this blog, I’ll be examining how AI is reshaping the fight on both sides, shedding light on the unprecedented collaboration among hackers, and why the old cybersecurity playbook is no match for today’s challenges.
I’m once again partnering with Commvault to highlight the transformative power of Commvault® Cloud. This platform offers a comprehensive solution for risk assessment, recovery testing, and rapid business restoration post-breach, all while maintaining full compliance. It delivers enterprise-grade resilience tailored for the speed and scale demands of today’s cloud-centric world.
Let’s dive in.
The AI-Powered Hacker Collective
Today, hacker groups no longer operate in isolation. Instead, they function as dynamic, decentralised collectives, united by the ambition to make money and or disrupt. Empowered by AI, this advanced technology has transformed these threat actors into interconnected ecosystems where tactics, tools, and procedures (TTPs) are shared freely, and at speed.
On the dark web, AI tools are traded like commodities by cybercriminal hacking groups, powering a thriving underground economy. This has given rise to Cybercrime-as-a-Service (CaaS) and Hacking-as-a-Service (HaaS)—turnkey offerings that provide everything from ransomware kits to AI-generated malware and phishing campaigns. What once required deep technical expertise can now be easily purchased or outsourced, dramatically lowering the barrier to entry, and effectively democratising the field.
State-sponsored groups amplify this ecosystem by circulating zero-day vulnerabilities, hi-tech tools and high-value intelligence, Meanwhile, hacktivists have evolved beyond traditional web defacements, DDoS, and hack-and-leak attacks. They now leverage ransomware, training schemes, and affiliate programmes to fund operations, repurpose fraud tools to breach defences, and sow widespread disruption.
The result is a global, well-resourced, and adaptive network of hackers—collaborating, scaling, upskilling, and constantly innovating. This relentless evolution is driving a surge in the speed, complexity, and volume of attacks across every sector, making it clear that only a complete rethinking of defence strategies can meet the challenge.
Prevention Alone is a Failing Strategy
Traditional, prevention-first security models—built around firewalls, endpoint detection and response (EDR), and intrusion prevention systems—were designed for a time when threats moved slower and corporate perimeters were more clearly defined. But today, these controls are no longer sufficient on their own. The daily drumbeat of high-profile cyberattacks and data breaches underscores a sobering reality: determined hackers are routinely bypassing even well-funded prevention stacks.
What’s more, many CEOs, and tech executives have been lulled into a false sense of security by equating compliance with protection. While frameworks like ISO 27001, NIST, SOC 2 and others play an important role, they’re often retrospective in nature—offering a baseline, not a defence. They cannot keep pace with adversaries who are using adaptive and polymorphic malware that can evade and iterate faster than policies can be updated.
The harsh truth is that no prevention strategy can ever be 100% effective. Relying solely on preventative measures—without equal investment in detection, response, and recovery—creates a critical blind spot.
To stay resilient, cybersecurity strategies must move beyond the illusion of control, and embrace a more adaptive, intelligence-driven approach.
The Disaster Recovery Tripwire
Too often, CEOs and tech execs assume that a solid disaster recovery (DR) plan will carry them through a cyberattack. It won’t. While DR is critical for restoring operations after events like hardware failures, power outages, or natural disasters, it’s not designed to address the complexity and volatility of cyberattacks. The fundamental difference comes down to data uptime vs. data integrity.
In a traditional disaster, the goal is to restore physical systems and resume operations as quickly as possible, and that’s why replication is important. However, the assumption is that the data is trustworthy. But when a cyberattack occurs—especially one involving ransomware, data corruption, or advanced persistent threats—that assumption breaks down.
You see, you’re no longer just recovering systems. You’re dealing with Cyber Recovery and a different set of challenges, for example:
- Data Trust and Integrity: After a cyberattack, restoring uptime is meaningless if the data you’re recovering has been tampered with. Cyber Recovery must validate the integrity of data, not just restore it.
- Malware Persistence: Hackers often leave behind backdoors or deeply embedded malware designed to survive reboots and re-imaging. Without deep forensic analysis and clean recovery orchestration, you risk reinfecting your environment during recovery.
- Ransomware-Specific Response: Traditional DR doesn’t account for encrypted systems, exfiltration threats, or the operational dilemmas of paying ransoms. Effective Cyber Recovery plans include rapid isolation capabilities, alternative communication channels, and predefined playbooks for ransomware scenarios.
Shift Right: Moving Towards a Proactive Security Approach
As cyber risks evolve into a question of when, not if, tech execs must build cyber-resilient architectures that go beyond conventional DR. This includes:
- Isolated recovery environments to test and validate clean backups.
- Immutable and indelible backups that cannot be altered or deleted by hackers.
- Automated recovery orchestration to reduce downtime and avoid human error under pressure.
It’s where the Shift Right philosophy comes in—a strategic complement to the widely adopted Shift Left model.
While Shift Left rightly focuses on building security into design and development, Shift Right recognises the inevitability of cyberattacks and places critical emphasis on detection, response, and recovery. It’s not just about preventing attacks—it’s about preparing for them, containing them swiftly, recovering with minimal disruption, and cost.
With Shift Right, your response capability becomes a competitive differentiator: how quickly can you identify a threat, neutralise it, communicate it transparently, cleanly recover, and restore operations?
Leaders who are embracing Shift Right, invest in real-time threat intelligence, AI-powered detection, automated containment, and resilient recovery planning. They conduct cross-functional crisis simulations and ensure executive-level fluency in incident response protocols. The result is not just stronger defences—it’s enterprise resilience.
To End
In a world where cyberattacks are both inevitable and scaling, the ability to recover securely and confidently is a strategic win. As AI evolves and hackers collaborate more and more, a fundamental shift in how we approach cybersecurity is needed. Preventing breaches is no longer enough. CEOs and tech execs must prioritise Cyber Recovery and adopt a Shift Right mindset to detect, respond to, and recover from attacks with agility and confidence. These strategies aren’t just about survival; they lay the foundation for long-term resilience and competitive advantage in a hostile digital world.
Now I Want to Hear from You
What will you do today to build resilience for tomorrow? Join me on Linkedin and let me know in the comments there.
Then, if you’re ready to make this vision of cyber resilience achievable, head on over to Commvault. With Commvault Cloud and features like Cloud Cleanroom Recovery, Cloud Rewind, Multi-Copy, and Clumio, plus education resources contained within the Readiverse, Commvault you can ensure seamless, secure operations to empower your organisation to not just withstand cyber threats but thrive in an era of constant change.
Finally, in the spirit of full disclosure, please be aware that I’ve received compensation for promoting this thought leadership blog for Commvault. Because your success is important to me, I only align myself with brands I believe in, and Commvault is one of them.
