By cybersecurity expert and J2 Software CEO John Mc Loughlin
Cyber criminals are not sitting alone in a basement somewhere. These are organised business operations and run with the same ruthless discipline you’d expect from any commercial firm. They build strategy, pick an ideal ‘customer’, hone a go-to-market, and when a formula works, they scale it and repeat it.
They no longer operate in silos. Attack groups collaborate with complementary ‘companies’ in the same criminal economy, forming partnerships and joint ventures that deliver a full-service extortion product: access brokers, encryption teams, leak sites and negotiators working together like a supply chain. That coordination makes attacks faster, more surgical and far harder to remediate.
Modern business must stop treating cybercrime as petty vandalism and build resilience across the primary areas of digital risk. At J2 Software, we apply a proven framework that hardens users, email, data, machines and the internet, because defending against an industrialised adversary demands an industrialised, repeatable response.
Ask any boardroom what’s keeping them awake at night and you’ll hear the usual suspects: legacy estates, cloud sprawl, budgets. What they rarely admit, because it’s uncomfortable and inconvenient, is that their adversary has already moved into the C-suite.
No, this isn’t the caricature of a lone script-kiddie. Today’s attackers behave like corporate actors: they research markets, identify profitable verticals, build playbooks and scale the ones that work. Ransomware-as-a-service democratised access to criminal tooling; the current step is consolidation and specialisation.
Some groups now specialise in initial access and reconnaissance, others in encryption and extortion, and still others in reputation-damaging data leaks. When these players cooperate, the result is a modular criminal supply chain that is faster, more effective and ruthlessly economical.
This industrialisation of crime changes the economics of defence. The marginal cost of launching an attack can be tiny; the marginal gain for a successful criminal operation is enormous. Add automation and generative AI into the mix and you have tooling that reduces the technical bar for complex campaigns while increasing their speed and scale.
The attackers who can orchestrate these elements act like any aggressive market player: iterate quickly, double down on winning tactics, and expand into new customer segments.
So how should modern organisations respond? Stop buying point products and start building resilience with a business mindset. Resilience begins with a simple pivot: measure success not by whether an attack was prevented – because some will get through – but by how quickly you can recover and how little business disruption you suffer.
That pivot translates into a program that treats digital risk across five operational pillars: users, email, data, machines and the internet. Make each pillar accountable, measurable and testable. Invest in user behaviour visibility and least-privilege practices; deploy layered email defences and phishing response playbooks; ensure immutable and regularly-tested backups and recovery runs.
More importantly, harden and segment machines with containment-first controls and maintain continuous external-facing visibility to spot access brokers, leaked credentials and unusual exposures before they escalate.
At J2 Software we operationalise these ideas into a repeatable framework: identify likely attackers and their playbooks, harden the five pillars, simulate adversary tactics regularly, and ensure a tested path to recovery and negotiation that minimises operational harm. It’s a programme, not a product, and it needs the discipline of a business operation to work.
Here’s the uncomfortable truth: organisations that treat cybercrime as an IT checkbox will be the highest-value targets. Attackers chase return on investment the same way any business does. If your systems present a predictable, profitable target, you’ll receive attention.
Boards and CISOs must stop debating prevention theatre and start asking the right question: how fast can we be back to business if the attackers win? That one change in perspective drives different investments, governance and culture – and it’s the only way to meet an adversary that now behaves like a competitor.
