The debate about cybersecurity today is almost inseparable from the debate about artificial intelligence, but the focus on new tools must not obscure the fact that many attacks still happen because of basic weaknesses, says Joe Tidy, the BBC journalist specialising in cybercrime and ransomware attacks. In his view, the industry is at a moment marked by both high expectations and serious fears. “Everyone is talking about AI,” Tidy says, noting that the same technology is being described both as a potential breakthrough for defenders and as a major advantage for criminals.
The key question is whether artificial intelligence will help defenders more than attackers. Tidy believes it is still too early to give a definitive answer. “It is really hard to know what the future holds,” he says, but he adds that his own view is cautiously optimistic. If advanced models and tools are first released to a limited group of cybersecurity professionals rather than immediately to the wider public, defenders may gain valuable time to strengthen systems before criminals get access to the same capabilities. “Let’s give the tools first to the defenders, the good guys,” Tidy says.
Such an approach, in his view, could allow organisations to harden targets before attackers can exploit the new technology at scale. But he also warns against becoming distracted by the newest and most visible threat. “Cyber criminals don’t need AI,” Tidy says. The reason is straightforward: many attacks still succeed because of poor password management, insecure software, weak identity checks, and insufficient security discipline. While public attention turns to the latest technology, attackers often continue exploiting old and familiar weaknesses.
Tidy stresses that the threat does not come only from highly sophisticated actors. Teenage hackers, hacktivists, and lower-skilled groups can still cause serious damage without advanced AI tools. “We forget the fundamentals,” he warns. For defenders, that means monitoring developments in artificial intelligence, but also focusing very hard on the basics: password management, timely software updates, staff awareness, and internal verification processes.
One of the most memorable recent attacks he covered involved Canvas, a software platform used by thousands of universities and colleges around the world. According to Tidy, the system was compromised by ShinyHunters, a group known for data theft and extortion. “They break into an organisation, steal the data and ransom the companies,” he says. Tidy notes that, as a journalist, he sometimes speaks with such actors, but he also makes clear to them that what they are doing is criminal.
What made the Canvas case particularly striking was that the attack became visible in the everyday lives of users. During exams in the United States, students were logged out of the system and saw the attackers’ ransom note on the screen. “Cyber is very hard to visualise,” Tidy says, explaining that this was a rare example of a digital attack becoming visible in real time and in a real environment. It was not just a technical incident, but a direct disruption of an important moment in students’ lives.
When discussing how individuals and organisations can protect themselves, Tidy distinguishes between personal and corporate cybersecurity. For companies, he highlights the importance of cyber awareness because phishing emails remain one of the main ways organisations are breached. “If you can teach your staff to look out for phishing emails, that seems like a good idea,” he says. For individuals, he points to measures that may sound boring but remain essential: strong password management, a different password for every service, the use of a password manager, and regular software updates.
The conclusion is simple, but difficult to implement consistently. Artificial intelligence will change the cybersecurity contest, but it will not eliminate old weaknesses. Organisations that ignore the fundamentals will remain vulnerable regardless of new tools, while those that combine basic security hygiene with careful use of emerging technologies will be better positioned to withstand the next wave of attacks.
The debate about cybersecurity today is almost inseparable from the debate about artificial intelligence, but the focus on new tools must not obscure the fact that many attacks still happen because of basic weaknesses, says Joe Tidy, the BBC journalist specialising in cybercrime and ransomware attacks.
Layoff discussions among influencers signal a surging moment where workforce budgets are being diverted into massive digital infrastructure for staying ahead in the tech race, according to GlobalData.
European directives, local laws, and new compliance requirements have opened the door to more serious management of cybersecurity risks, but they have also brought uncertainty, superficial interpretations, and fragmented solutions to the Croatian market, says Antonija Vojnović, Head of the Governance, Risk and Compliance Department at Span.
