Today cybersecurity looks very different than it did five years ago, and Bernard Montel of Tenable explains what’s behind the shift. He says the pandemic changed everything: companies moved operations online overnight, and employees worked from home using unsecured routers that effectively expanded the corporate attack surface. While VPNs and MFA helped at first, the explosion of cloud services quickly replaced those stopgaps and reshaped how security teams protect environments.
Montel points out that ransomware remains the top threat. Breaches now routinely break records for data volume, and attackers steal and encrypt information. At the same time, increasingly complex cloud environments challenge traditional perimeter-based security. In response, identity now serves as the frontline of defense. Enterprise environments now juggle federated identities across Active Directory, EntraID, AWS, Azure, and GCP—and organizations must protect that sprawling digital identity fabric.
Meanwhile, AI emerges as both a threat and a defense tool. On one hand, attackers now use generative tools to automate attacks. On the other, security teams can deploy AI platforms such as GPT‑4 and Vertex AI to accelerate threat research, pattern detection, and decision-making. Montel emphasizes that defenders who adopt AI intelligently can analyze threats faster and respond more effectively. Yet they must remain vigilant against attackers who exploit those same capabilities.
He also stresses that many incidents begin with known vulnerabilities or human error. Attackers exploit misconfigurations, outdated systems, or default settings with ease. As a result, even small businesses should not assume they stay under the radar—threat actors often target supply chain partners to infiltrate larger networks. Montel warns that misconfigurations left unchecked become open doors for attackers.
Montel recommends organizations shift from reactive detection to proactive exposure management. They should first identify their most significant vulnerabilities, prioritize patching or configuration updates, and then monitor for unusual behavior. He explains that today’s threats move quickly, so chasing after attackers is inefficient—but closing the most significant gaps up front builds a stronger defense.
Ultimately, he says, the mix of remote work, hybrid cloud, ransomware evolution, complex identity environments, and AI use demand a more proactive and layered security strategy. However steadily organizations adopt post‑pandemic learnings—such as exposure scanning, identity verification, and AI‑driven analysis—they position themselves better to confront emerging threats head‑on.
