A report from the company DTP has revealed why cybersecurity fundamentals need to be at the forefront in order to counterbalance AI hype.
As the cybersecurity industry invests heavily in artificial intelligence and advanced threat detection, a stark reality persists: most successful cyberattacks exploit the same fundamental weaknesses that should have been solved a decade ago.
According to analysis from DTP Group’s Head of IT & Security, Guy Hawkridge, the cybersecurity crisis is not about sophisticated attacks; instead, it is about ignored basics.
“Cyber attackers no longer need to break in, they simply log in,” Hawkridge tells Digital Journal. “Most breaches are entirely preventable, and the tools to end them already exist, they’re just not being implemented effectively.”
The Uncomfortable Truth About Modern Cyber Attacks
While the cybersecurity industry has not previously had as many tools, technology, or talent at its disposal, breaches continue to accelerate. Hawkridge’s analysis points to a fundamental disconnect: organisations are being compromised by issues that represent basic cyber hygiene failures rather than advanced persistent threats.
For example, the Sophos 2025 Active Adversary Report underscores this reality, revealing that 65 per cent of breached organisations lacked multi-factor authentication (MFA) – a dramatic rise from just 22 per cent in 2022. This trend reflects what Hawkridge describes as the “commoditisation” of ransomware through Ransomware-as-a-Service platforms.
Cloud Adoption Outpaces Security Strategy
As organisations accelerate cloud migration, their security strategies often lag behind, creating significant attack surfaces. Hawkridge identifies misconfigured cloud services, particularly exposed AWS S3 buckets containing sensitive data like payroll information and credentials, as a critical blind spot.
Recent high-profile incidents support this assessment. The Snowflake breaches affecting Ticketmaster and Santander originated from a single legacy demo account that was left without multi-factor authentication (MFA) protection – an account that was intended to be temporary but was not deactivated.
AI Hype Creates Dangerous Distraction
Perhaps most controversially, Hawkridge argues that the industry’s focus on AI-powered security solutions is creating a dangerous distraction from fundamental protective measures that actually work.
The concern centres on organisations reallocating budget and attention to AI tools before addressing basic security flaws in their environments.
The Unsexy Security Practices That Actually Work
Hawkridge advocates for a simplified cybersecurity approach focused on fundamental practices: comprehensive asset discovery, universal MFA implementation, systematic patch management, privilege separation, and proper legacy system management.
Industry Outlook: Further of the Same
Looking ahead, Hawkridge does not expect the threat landscape to change dramatically. “We’re still seeing the same problems we encountered five years ago,” he said. “Breaches caused by old software, missing patches, and lack of MFA. Attackers know this pattern and continue to capitalise on it.”
