Image: – ©AFP
A report from the company's DTP revealed why the foundations of cybersecurity need to be at the forefront to combat AI hype.
The harsh reality continues as the cybersecurity industry invests heavily in artificial intelligence and advanced threat detection. The most successful cyberattacks take advantage of the same basic weaknesses that should have been resolved 10 years ago.
According to an analysis by Guy Hawkridge, head of IT & Security at DTP Group, the cybersecurity crisis is not about sophisticated attacks. Instead, it's about the ignored basics.
“Cyberattackers no longer need to break in, they just log in,” Hawkridge says. Digital Journal. “Most violations are completely preventable and there are already tools to terminate them, so they are not effectively implemented.”
The unpleasant truth about modern cyberattacks
While many tools, technologies, or talents were previously not freely used in the cybersecurity industry, the breaches continue to accelerate. Hawkridge's analysis shows basic cutting. Organizations are compromised by issues that represent fundamental cyber hygiene disorders rather than advanced threats.
For example, the Sophos 2025 Active Actsversary Report highlights this reality, revealing that 65% of compromised organizations lack Multifactor authentication (MFA). This is a dramatic increase from just 22% in 2022.
Cloud adoption outweighs security strategies
As organizations accelerate cloud migration, security strategies often lag behind, creating critical attack surfaces. Hawkridge identifies misunderstood cloud services, particularly exposed AWS S3 buckets containing sensitive data such as payroll and credentials, as important blind spots.
Recent famous cases support this assessment. The Snowflake violations affecting Ticketmaster and Santander came from a single legacy demo account left without multifactor authentication (MFA) protection.
AI hype creates dangerous distractions
Perhaps most controversial, Hawkridge argues that the industry's focus on AI-powered security solutions creates dangerous distractions from the basic protective measures that actually work.
Concerns are focused on organizations that relocate budgets and attention to AI tools before addressing basic security flaws in their environments.
Sexy security practices that work in practice
Hawkridge advocates a simplified cybersecurity approach focusing on basic practices, including comprehensive asset discovery, universal MFA implementation, systematic patch management, privilege separation, and appropriate legacy systems management.
Industry outlook: And the same
Looking ahead, Hawkridge doesn't expect the threat situation to change dramatically. “We still see the same problems we encountered five years ago,” he said. “Violations caused by outdated software, missing patches, lack of MFA. Attackers know this pattern and continue to take advantage of it.”
