In the latest episode of Detonation Point presented by Elastio, host Matt O’Neill sits down with Jason Shafferman, CISO of Kaleris, to unpack how the cyber threat landscape has evolved and why speed has become one of the most dangerous weapons attackers now wield.
One theme stands out clearly. Cybercrime has become specialized, commercialized, and dramatically faster.
Cybercrime as a Supply Chain
Today’s attackers no longer need to handle every phase of an intrusion themselves. Instead, many groups focus on a single step: initial access. Once they gain a foothold, often through compromised credentials or identity based attacks, that access is sold to other actors who specialize in ransomware deployment, extortion, or data theft.
This model lowers the barrier to entry, allowing more actors to participate without needing deep technical expertise across the full attack lifecycle. The result is a cybercriminal ecosystem that looks increasingly like a legitimate supply chain, with specialized roles, faster execution, and clearer monetization paths.
Identity Is the New Front Line
Shafferman’s background in incident response offers a clear throughline between past and present threats. While earlier attacks often relied on endpoint exploitation or brute force access, the shift to SaaS and cloud environments has made identity the primary attack vector.
With a single compromised identity, attackers can gain access to email, file storage, cloud resources, and internal applications, often without triggering traditional security controls. This is why stolen credentials remain one of the most valuable commodities on underground markets.
And unlike malware or exploits, credential reuse is difficult to fully prevent without layered controls such as multi factor authentication, device registration, and behavioral monitoring.
The Shrinking Window Between Breach and Impact
Perhaps the most concerning trend discussed in the episode is how quickly attacks now progress.
Where organizations once had weeks or even months between initial compromise and attacker action, that window has collapsed. Shafferman explains that the time between entry and action on objective has shrunk dramatically over the last several years and continues to accelerate.
The adoption of AI by attackers is only amplifying this shift. Automation, reconnaissance, and decision making are all becoming faster, leaving defenders with far less time to detect and respond.
Defense Is Advancing, But So Is the Threat
While the threat landscape is intensifying, Shafferman emphasizes that defensive tooling has also improved significantly. Identity controls, endpoint detection, cloud visibility, and backup resiliency are all far more mature than they were just a few years ago.
Still, the fundamental challenge remains. Organizational attack surfaces continue to grow. SaaS usage and third party dependencies expand risk. Speed favors attackers when controls are not well integrated.
Security leaders must assume that initial access may already exist and focus equally on detection, containment, and recovery.
Looking Ahead
As organizations plan for 2026 and beyond, the episode reinforces a critical mindset shift. Ransomware and extortion are not isolated problems. They are simply the most visible outcomes of broader access and identity failures.
The question is no longer “Can we prevent every breach?”
It is “How quickly can we detect, respond, and recover?”
🎧 Listen to the full episode of Detonation Point presented by Elastio with Jason Shafferman for a deeper discussion on identity risk, ransomware economics, AI driven threats, and what CISOs should prioritize next.
The full episode is available on YouTube, Apple Podcasts, and Spotify.