There’s something strange about our industry: the more we invest, the more we get attacked!
We know it, we talk about it, and yet we carry on pretty much as before. It’s not a lack of budget. It’s not a lack of tools. It’s a matter of clarity.
Most organizations today have a cybersecurity posture designed for a world that no longer exists: one where the company had a defined perimeter, an “inside” and an “outside.” That world has disappeared due to the rise of the cloud, mobility, widespread outsourcing, and IT/OT convergence. Infrastructures now extend to service providers, partners, connected devices, and industrial systems. But our defensive reflexes have remained unchanged.
Compliance gives us peace of mind. Nothing more.
This may be the most costly misconception of the moment. We conduct audits, obtain certifications, and check off the boxes for NIS2, DORA, and ISO 27001, and we implicitly conclude that we are protected. Except that an audit only reflects our status as of the date it was conducted. The attacker, however, didn’t wait.
This discrepancy is not insignificant: it fosters a false sense of control that can be more dangerous than a lack of control, because it reduces vigilance. Compliance is necessary, but confusing compliance with safety is a strategic mistake that is, unfortunately, all too common.
The economics of the attack have changed
What people underestimate is the economic disruption currently underway. AI doesn’t just make attacks more sophisticated—it slashes their cost! Generating exploits, customizing large-scale phishing campaigns, automating reconnaissance: tasks that used to take an experienced team weeks to complete can now be done in a matter of hours for just a few hundred euros.
The concrete result is that lateral movement—that is, the time it takes for an attacker to move through a system after gaining entry—has dropped from 62 minutes to less than 30 minutes in two years. The window of opportunity is therefore closing faster than it can be reopened.
Meanwhile, the cost of defense remains structurally high. The asymmetry is worsening, and it cannot be resolved simply by purchasing yet another tool.
We secure the infrastructure. Rarely is that what really matters.
Here’s a blind spot that doesn’t get enough attention: the disconnect between where security controls are concentrated and where the real value lies. Teams secure endpoints, firewalls, and network access—in short, what’s visible and measurable.
But strategic data, critical processes, and intellectual property (the real "crown jewels"!) are often less well protected than file servers.
The attacker thinks in terms of value, not technique. He seeks to achieve what matters, not to overcome the most robust architecture. This disconnect between our defensive strategy and the reality of what we need to protect is systematic, yet rarely acknowledged.
Identity has become the true scope
For the past three years, major data breaches have mostly been driven by valid credentials—not zero-day vulnerabilities or sophisticated exploits. Over-privileged accounts, permissions that were never revoked, and poorly managed vendor access.
Once an attacker gains access using legitimate credentials, the distinction between “inside” and “outside” becomes meaningless. Trust can no longer be granted once and for all; it must be continuously verified, context-sensitive, and revocable. This represents a profound shift in approach, yet in many companies it is still treated as just another project among many.
We need to stop trying to stop everything
This is probably the hardest truth to accept in our line of work: in a complex system, partial compromise is inevitable. The real question isn’t “How can we prevent any intrusion?” It’s “How long does it take from the point of entry to detection, from detection to response, and from response to a return to normal?”
These delays come at a direct cost. 86% of organizations affected by a breach report having experienced significant operational disruptions: halted production, interrupted services, and blocked sales. Resilience is not a vague concept. It is a concrete operational capability that must be built and tested—and one that most organizations still lack.
The best ones aren't the ones that never get attacked. They're the ones that absorb the blow without crumbling.
What this means in practice
It’s not about starting from scratch. It’s about refocusing: real visibility into what’s actually exposed, not just what’s declared compliant. Identity at the heart of the architecture, not on the periphery. Detection and response viewed as skills to be honed, not as tools to be installed. And an honest question about what we’re really protecting—and why.
That’s what I call Modern Cybersecurity. It’s not a list of solutions, but a shift in perspective on what security means now that the traditional perimeter has disappeared.
About the Squad Group
Squad is a pure-play cybersecurity company and one of France’s leading cybersecurity providers. Against a backdrop of escalating threats and increasing regulatory pressure, the Group helps large enterprises and public institutions achieve sustainable control over their cybersecurity risks.
From governance to operational resilience, from continuously reducing the attack surface to securing identities in a Zero Trust environment, and from cloud protection to modern AI-enhanced SOCs, Squad designs, integrates, and operates robust, sovereign architectures tailored to the most sensitive environments.
With more than 1,000 experts spread across 14 agencies in France, Switzerland, Spain, and Canada, Squad combines technical excellence, proximity, and large-scale deployment capabilities. In 2026, the Group will recruit 300 new talents to support its growth trajectory.
Press contacts
Lily Magagnin | Franck Tupinier |
