By Alexander Puutio,Contributor

Copyright forbes

The enteprise is leaking, how to protect it

The modern enterprise looks sleek on the outside with its cloud-powered, AI-augmented, and infinitely scalable exterior walls.

But peek behind the curtains and you’ll find something resembling a sieve rather than a fortress. Security gaps are widening just as stakes are rising and your R&D pipeline is one clipboard error or phishing email away from ending up in a competitor’s code repo.

And it’s not just the usual suspects who are at it anymore. AI is multiplying the number of attack vectors and how virulent they are, and bad actors are evolving faster than the controls designed to stop them. It’s like the red team is walking through your front door, and sometimes you’re the one holding it open.

“What we’re seeing in our daily testing of organizations is that it’s rarely the obvious CVE that leads to initial access and compromise,” says Amitai Ratzon, CEO of Pentera. “It’s the misconfigured cloud asset, the overprivileged identity, the exposed credential buried in a script. As attackers lean on AI to accelerate reconnaissance and execution, the complexity and scale of the modern IT environment becomes their greatest advantage.

“AI is a double-edged sword,” Ratzon continues. “It’s rapidly expanding the toolkit for defenders, but it’s also arming attackers with automation at scale — and creating an entirely new attack surface that still lacks mature defenses.”

It’s easy to see why.

The average enterprise today runs around hundreds of applications across cloud, desktop, and mobile with even the least-IT-intense departments, like legal, having 40 apps per employee on average according to Okta. Each one is a potential leak, just like the users who use them. Meanwhile, deepfake technology is now drag-and-drop simple, and when you add in geopolitical instability and growing tensions between nation states you’ve suddenly got a cocktail no CISO wants to sip.

MORE FOR YOU

Just look at how North Korean-backed groups have infiltrated Western firms using fake job candidates and fabricated online avatars resulting in fully-staffed “laptop farms” of human-shaped malware. And they’re by no means, with many other nation-state actors increasingly acting like private equity shops of malicious code, probing, acquiring, and exploiting the soft underbelly of enterprise systems.

If you suddenly feel like you need to hold on to that IP with both hands before it leaks away, you’re not wrong. But it turns out, you’re not entirely helpless either.

Bring on the unransomable endpoints

Few moments in modern enterprise life are as gutting as watching ransomware grind operations to a halt. That’s exactly what happened to Einhaus Group in 2023 where a ransomware hack that demanded $230,000 ended up being the downfall of the whole company. Similar stories are emerging with alarming frequency, leaving CEOs on the edge about threats that their own employees or hardware configurations might be inviting in.

“CEOs are rethinking the endpoint like it’s 2001 again,” says Klaus Oestermann, CEO of IGEL Technology. “Locking down devices isn’t enough anymore, you have to make sure that if something goes wrong, there’s a built-in parachute.”

IGEL’s spent the past decades quietly building up the category of end-point security, and later this year it is launching a Business Continuity Dual Boot solution that gives every endpoint a second brain in case the first one gets an unwanted surgical operation.

“We’ve learned that our clients need a hardened OS that users can boot into instantly when the main system is compromised, which is happening more often today than it did before,” Oestermann explains.

“Ransomware is surging at unprecedented levels,” and “enterprises need the ability to jump out of a compromised system and land to safety within minutes. For hospitals, for manufacturing floors, there’s just no time to lose.”

Similar solutions are cropping up across the enterprise landscape, as vendors scramble to meet the new baseline of “assume breach, recover fast” trend that is taking over the industry. HP and Lenovo are embedding firmware-level isolation and instant restore capabilities, while companies like Citrix and VMware are leaning into ephemeral environments that vanish after use, leaving no digital breadcrumbs behind.

“The playbook is shifting from ‘prevent at all costs’ to ‘survive and resume,’ Oestermann continues.

Indeed, it is certainly looking like the smart money is now on the concept of layered redundancy where hardened OS fallbacks, self-healing BIOS, and virtual kill-switches that let you cut off compromised sessions without bringing the whole system down are core to the approach.

“For critical operations, there’s no real alternative to redundancy,” adds Oestermann. “We want to avoid our clients making headlines for the wrong reasons.”

And while redundancies won’t solve everything, they introduce a new much needed default mindset: assume compromise, plan for continuity. That alone can shrink your downtime from days to minutes, even before you peer into the clouds for further support.

Why cloud security is today’s real perimeter

If the endpoint is the gateway, cloud is the treasure vault, and attackers know it.

Wiz’s explosive rise to a $32 billion deal is a signal of how valuable the vault has become today. Cloud security is now boardroom priority number one. And the demand isn’t for more dashboards, mind you. It’s for solutions that work across fragmented teams, shadow IT, and tech stacks held together by duct tape and actually deliver outcomes.

“The reason we even got into the field was because of how the cloud made traditional perimeter security obsolete,” says Gil Geron, CEO of Orca Security. “You can’t protect what you can’t see, and cloud environments are often black boxes with only the attackers having a flashlight.”

Orca disrupted cloud security with its patented side scanning of the black box it is looking to secure, and it speaks to how software companies are building success on delivering outcomes, like instant visibility across all workloads, instead of installs and long time to value.

“The first time we demoed it, we didn’t even have a UI,” says Geron. “We just sent the client a PDF showing them their own vulnerabilities that we mapped during the meeting. That was enough.”

But better visibility or stronger end points aren’t what will keep your IP safe. What you’ll also need is smarter workflows and deeper integration between those on the blue team.

“Security teams and DevOps are still siloed,” Geron says. “That’s not just inefficient, it’s outright dangerous. The dev team moves fast and security tries to slow them down leading to tension. In the cloud environment, that tension is where breaches happen, exposing more than just the IP.”

Fixing this issue means shifting cloud security from a policing function to an enabler of secure velocity at scale, which is what clients today have come to expect. That means making sure your security solutions ideally resolve issues without slowing your teams down instead of flagging them for humans to act upon later.

“Productivity and security are the two main pillars of enterprise performance,” says Geron. “We obsess about both, and so should CEOs.”

Security is fundamentally a people issue

Technology will always be the battleground. But your people are the frontline. And the biggest threats aren’t always malicious actors. Sometimes they’re your well-meaning but often poorly trained employees.

“There are a lot of just basic security boxes that don’t get checked in security,” says Kunal Agarwal, CEO of dope.security. “It’s not so much a technology problem as a usability one that legacy security technology doesn’t solve for. In other words, can you configure your security tools without a PhD?.”

Agarwal sees the modern enterprise as in dire need of better ‘parental controls’, not in the literal sense, but in terms of creating security guardrails and digital trust across employees.

“When I was a teenage hacker, it was much easier to break into well-established systems,” he recalls. “Things are better today, but only if a company prioritizes cybersecurity—in many cases, they’ve learned the hard way.”

dope.security is betting that the future won’t involve simply locking everything down. Instead, enterprises will double down on guardrails that insulate their employees from the worst of the internet, ensuring that they don’t fall victim to the myriad of traps that are everywhere on the web today.

“dope.security’s Secure Web Gateway is the ideal line of defense for Internet-connected employees, which remains the entry point to attacking an enterprise IT environment,” Agarwal explains. “Are you on the safe side of the Internet and doing what you’re supposed to? This is what needs quick and efficient protection so that nefarious activity or risky behavior is identified and blocked,” Agarwal continues.

These are the new questions every company has to ask, daily. Uptime and compliance still matter, but the focus has shifted to knowing who accesses core assets, from where, and under what identity. especially when those assets include proprietary research, designs, and codebases.

“We’re hearing sharper concerns from clients protecting R&D and IP,” says Klaus Oestermann of IGEL. “The question more of them are asking isn’t whether a device is locked down or can be wiped if it’s compromised, it’s whether you can trust who’s behind the screen before you ever become aware of an attack. Is that really your engineer in Frankfurt, or a compromised avatar operating out of a fake node in a location you have no staff in?”

As hybrid work expands and state-aligned actors become bolder, the perimeter has moved from the office to the edge. Every endpoint, every login, every keystroke tied to innovation now doubles as a potential point of failure.

The national security dimension of security

Hackers have long since matured from petty criminals and amateur corporate saboteurs to something much more dangerous and capable. Today, nation-states and groups they back are actively probing enterprise systems, not necessarily to make a buck, but to gain leverage.

“Russia likes to gather dirt. China goes for intellectual property,” says Matthew DeChant, CEO of Security Counsel. “And they’re not waiting for your firewall to fail. They’re coming in through your people just as well as through your software.”

DeChant, who provides fractional CISO services to companies across the US, says the focus needs to shift from technical firepower to human-centered design.

“It always starts simple,” he says. “A fake LinkedIn profile or a resume that’s too good to be true that slips past HR. Then it’s just a matter of persistence, getting that work laptop running and suddenly your crown jewels are gone.”

Here, the problem isn’t a lack of tech or software anymore. Instead, many of these attacks are enabled by an overreliance on it.

“If you think you’re secure just because nothing bad has happened,” he warns, “you’re missing the point. The absence of evidence is not evidence of absence.”

Proactivity and vigilance are the key terms here. An ounce of prevention, as they say.

“We love being the hero in the US,” DeChant says. “We wait for disaster and then scramble to fix it. In the Netherlands, they build dykes before the flood, and so should we when it comes to safeguarding our IP.”

Proactive security that covers the endpoints, the cloud and the people, he argues, must become a business function, not an after-market bolt-on.

“That means embedding it in training, hiring, procurement, and leadership as well as treating IP loss like a catastrophic product failure, not an IT issue to patch up quietly,” DeChant adds.

There’s no silver bullet for any of this. If there were, we would have never heard of the founders of Wiz. But there is a new security stack emerging, one that combines endpoint resilience, cloud-native visibility, behavioral control and human-centered governance in ways that give the blue team a fighting chance.

Remember, none of these systems work in isolation. They depend on each other just like they depend on your people understanding how to use them.

Perhaps the best security advice in 2025 isn’t to build a better wall at all. Maybe it’s to assume it’ll be breached, and make sure the plans on the other side are just as strong.

Editorial StandardsReprints & Permissions