Ransomware, deep fakes, OT/IoT, supply chains, and the AI arms race: key takeaways from the New York Cybersecurity Summit emerging threats panel
At this week’s New York Cybersecurity Summit, the “Emerging Threats and Security Trends” panel brought together leaders from RedSeal, Reversing Labs, Cato Networks, Veeam, Cloudflare, Arctic Wolf, and Vanta to discuss the forces reshaping the global cyber risk landscape. RedSeal CEO Greg Enriquez highlighted an uncomfortable reality: organizations cannot defend what they cannot see, understand, or validate. The five themes below captured not just the threat picture, but what security leaders must do next.
- Ransomware and APTs are no longer just attacks, they are fully functioning business ecosystems
Ransomware remains the dominant cyber threat, but the panel stressed that its maturity and operational sophistication are often underestimated. Today’s attackers do not simply encrypt data and demand payment — they run scalable revenue operations. The triple-extortion model is becoming standard: attackers encrypt, exfiltrate, and then pressure victims’ partners, vendors, and customers to increase leverage.
More concerning, many ransomware campaigns are intertwined with Advanced Persistent Threat (APT) groups. APT operators quietly map the target environment, identify the most valuable assets, locate backups, and position themselves for maximal blast radius before pulling the trigger.
Actions to take:
- Design for recovery, not just prevention. Backup strategies must be immutable, offline, and paired with real recovery playbooks, not just technology.
- Assume reconnaissance is already happening. Deploy continuous hybrid environment modeling to identify lateral movement paths and isolate high-value assets.
- Segment aggressively. Flat networks are ransomware accelerants; micro-segmentation and access controls slow attackers and protect core functions.
- Run ransomware simulations quarterly. “Paper plans” don’t survive first contact; exercises build muscle memory.
The takeaway was clear: ransomware is not a cybersecurity tool problem, it is an organizational resilience problem.
- Phishing remains the #1 initial access vector and AI is making it smarter
Despite security awareness programs, phishing continues to dominate. The Verizon 2024 Data Breach Investigations Report once again identified phishing as the top initial access method. Classic red-flag emails are being replaced by messages that feel authentic, contextual, and even personal.
AI has made this worse. Attackers now scrape social media, corporate directories, LinkedIn posts, earnings releases, and leaked breach databases to craft believable narratives. Deep fakes and voice cloning enable vishing campaigns that sound like real executives, real suppliers, or real support staff.
Greg reinforced a core principle: you cannot defend against phishing simply by training users. Preventive controls must be supported by deep architectural understanding of your environment, where sensitive data resides, how identities authenticate, and how lateral movement happens.
Actions to take:
- Implement multi-layered phishing defenses — filter, authenticate, analyze behavior, and enable adaptive MFA.
- Use behavioral analytics for identity-driven anomalies — escalation at odd hours, unusual SaaS usage, or atypical data transfer must trigger response workflows.
- Invest in engaging training, not checkbox training. Training should be narrative, scenario-based, and updated quarterly.
- Maintain immutable backups outside your primary environment so ransomware cannot destroy recovery capability.
Phishing succeeds not just because attackers are persuasive, it succeeds because most organizations do not understand their own networks well enough to respond.
- Automation and orchestration are no longer optional, they are survival tools
The panel agreed: security teams are drowning in alerts, complexity, and operational debt. Tool sprawl and talent shortages create environments where analysts are stuck in triage instead of strategy. Automation is not replacing staff — it is enabling them to do the work that matters.
Greg noted that visibility + automation = force multiplier. RedSeal models hybrid and multi-cloud environments, maps exposure paths, and validates controls, while RedSeal Workflow embeds cyber exposure intelligence into operational systems to automate from discovery through remediation.
Automation reduces noise, accelerates incident response, and helps analysts understand why an alert matters, not just that it exists.
Actions to take:
- Deploy workflow automation end-to-end, not as a single-use point tool.
- Operationalize exposure intelligence. Automate the mapping of reachable paths, insecure routes, and emergent vulnerabilities.
- Automate policy validation. Don’t wait for audits; verify segmentation rules continuously.
- Use automation to keep engineers in their zone of genius, not buried in triage queues.
The organizations that scale resilience aren’t the ones with the most people, they’re the ones with the most strategic automation.
- AI and IoT/OT: two innovation curves creating a perfect attack surface
Artificial intelligence and IoT/OT represent unprecedented leverage on both sides of the cyber battlefield.
Attackers use AI to craft lures, identify weaknesses, and adapt malware. Defensive AI helps analysts detect anomalies, correlate behavior at scale, and respond in seconds instead of hours. But defensive AI only works if the underlying network model is accurate.
On the OT/IoT front, Greg highlighted an issue few executives fully grasp: most organizations don’t actually know what is connected to their networks. IoT devices —sensors, cameras, HVAC systems, manufacturing robotics — often cannot be patched or updated. They are “forever devices,” and they sit inside mission-critical environments.
When those devices are invisible, they become weaponized entry points.
Actions to take:
- Create a unified asset inventory that includes IoT and OT, not just servers and laptops.
- Segment OT and smart-building systems from corporate networks.
- Enforce zero-trust for device identity. Treat IoT like a hostile entity until proven otherwise.
- Monitor device behavior for abnormal connections, not just malware signatures.
AI may be the newest risk, but IoT remains the oldest blind spot.
- The ransomware market is evolving faster than most security programs
The panel returned to ransomware at the end, because it ties everything together: identity, automation, IoT entry points, and AI-driven reconnaissance.
Threat actors wait. They map your network. They learn your supplier ecosystem. They target the backups you rely on. They strike when business impact is highest.
Greg urged the audience to abandon the illusion of perfect prevention:
“Preventive controls matter, but you cannot assume they catch everything. You must know your environment.”
This is core to RedSeal’s philosophy: resilience comes from knowing how attackers move, what they can reach, and how controls fail in real life.
Actions to take:
- Adopt “assume breach” as a governance principle.
- Validate segmentation, access controls, and backup isolation continuously.
- Conduct tabletop exercises and rehearse critical decision paths.
- Define ransom decision authority now, not during a crisis.
The difference between recovery and catastrophe is awareness, not optimism.
Cybersecurity is no longer an IT problem, it is a business resilience mandate
Every speaker agreed on this: the threat landscape is accelerating faster than traditional controls. Identity, supply chain, AI, and IoT now intersect with business operations, regulation, brand, and revenue.
Organizations that treat cybersecurity as a strategic pillar, not an expense line, will outperform the ones that treat it as a compliance checklist.
RedSeal enables that shift: from guessing to knowing, from reacting to anticipating, from gambling to engineering resilience. In hostile digital terrain, clarity is not a luxury, it is the operating system of survival.
If you don’t understand your network, you can’t defend it. Contact RedSeal today to turn uncertainty into clarity and resilience.
