Apr 07 2025
Security

CDW Executive SummIT: Leaders Can Leverage Adversary Intelligence to Thwart Attacks

Experts said organizations must learn how adversaries operate and prioritize risk mitigation over the illusion of total prevention.

Adversaries are not only getting more advanced, they’re also collaborating. Social engineering attacks such as vishing increased by a staggering 442% between the first and second half of 2024. EDR has also led more threat actors to abandon traditional cyberattacks, such as deploying malware via malicious documents, in favor of targeting help desks. In only 51 seconds, a hacker can achieve lateral movement across the network, according to CrowdStrike’s 2025 Global Threat Report.

Todd Felker, executive healthcare strategist at CrowdStrike, said the rise of social engineering attacks means they are less about software issues now and more about exploiting human psychology. “You don’t have a vulnerability problem, you have an adversary problem,” he said in a session at the April CDW Executive SummIT, hosted in Chicago last week.

IT leaders must anticipate, outmaneuver and defeat adversary behavior. Experts said building a sophisticated defense hinges on data resilience, a deep understanding of the adversary and using artificial intelligence to counter social engineering.

Click the banner below to learn why cyber resilience is critical to business continuity.

 

Shifting Your Security Mindset From Prevention to Preparation

“Bad things happen to good people, and cyberattacks are a perfect example,” said Rex Washburn, data solutions architect and head of modern data platforms at CDW. He noted that security teams today can follow every step in a playbook and attacks still will occur. With threat actors evolving faster than most security teams can patch vulnerabilities, Washburn said, “organizations must prioritize cyber resiliency and risk mitigation over the illusion of total prevention.”

Todd Felker
You don’t have a vulnerability problem, you have an adversary problem.”

Todd Felker Executive Healthcare Strategist, CrowdStrike

A cyber resilient mindset focuses less on blocking every attack than it does on bouncing back from breaches and reducing downtime.

The amount of acceptable downtime varies per organization. “How long can your company survive being down?” Washburn asked. “For some, it’s one to three days. That downtime must be spent in an environment that offers both compute resources and guaranteed isolation from reinfection.”

Why Data Resiliency Is the New Cyber Resiliency

For Rashid Rodriguez, cyber resiliency practice lead at CDW, “data resiliency is a kind of cyber resiliency,” he said. In other words, how fast can your team recover lost data and respond to an incident? “You don’t know how long a threat actor has been hiding in your environment,” he said. That’s why a “multistep approach is key,” added Gary McIntyre, managing director of cyber defense at CDW. To achieve data resiliency, experts suggested immutable storage, continuous data validation and an isolated recovery environment.

FIND OUT: How to build a modern cyber recovery environment.

An isolated, secure environment helps teams evaluate compromised data and validate clean backups. “Customers often say it’s not worth it,” Rodriguez says, “but when production is hit, this becomes essential.”

These clean rooms, also referred to as cyber recovery environments, are organization’s last line of defense. They help teams restore operations after an attack, McIntyre writes in a CDW blog.

Typically, a CRE includes immutable storage, strict access controls, regular data validation and test simulations so teams can keep operations running during an incident.

Click the banner below to become an Insider and gain exclusive insights after the CDW Executive SummIT.

 

Know Your Enemy: An Adversary-Centric Approach

The better security teams know their adversaries, the better their defenses. “There are three types of threat actors: nation-state, e-crime and hacktivists,” Felker said. “Most nation-states want data. They have an agenda that’s related to the government and its policies. E-crime is financially motivated adversaries, as opposed to activists who have some sort of cause. Maybe they don’t like an agenda, and that could be terrorists as well.”

“If a threat showed up in a new remote environment, maybe even one that’s used by some of the vendors, would you know? If the answer is no, then you need to implement a solution,” he said. “There are a lot of adversaries that we track, and they’re collaborating.”

DIG DEEPER: Arm your organization with threat and vulnerability management solutions.

Felker shared five critical defense strategies to combat these attacks:

  1. Secure identities: Identity and access management is the new perimeter, since humans are the weakest link in cyberattacks.
  2. Defend the cloud: Cloud environments must be secure, and IT leaders can set up a shared responsibility model, in which certain users are responsible for securing different aspects of the cloud computing environment.
  3. Eliminate cross-domain visibility gaps: Unify all endpoints, network and cloud telemetry.
  4. Adversary-driven patching: Prioritize active exploitation points, not just severity scores.
  5. Know your adversary: Don’t just collect threat intelligence, operationalize it.

Felker also shared a few examples of global adversaries such as Curly Spider and Scattered Spider that are bypassing traditional defenses. The North Korean group Famous Chollima used AI-generated résumés to get hired at U.S. companies. And according to the CrowdStrike report, “LLM-generated phishing messages had a significantly higher click-through rate (54%) than likely human-written phishing messages (12%).”

442%

The percentage that vishing attacks increased between the first and second half of 2024

Source: CrowdStrike, “2025 Global Threat Report: The Rise of the Enterprising Adversary.”

Using AI To Fight Social Engineering Attacks

“Use AI to fight AI,” said Insurity CIO and CISO Jay Wilson. “Ask a large language model, ‘What are the vulnerabilities in my system?’ or, ‘Write me a phishing email.’”

The goal isn’t to launch real attacks, of course, but to simulate the mindset and tactics of cybercriminals. “Use this to also see what the cyberattacker bots are seeing,” Wilson said.

RELATED: How to detect and remove threatening web shells.

This kind of red-teaming can help security teams identify what areas are most exposed and understand the language of their adversaries in social engineering attacks.

Mike Rapplean, vice president for the central region at CDW, said these strategies should be used in tandem with foundational security practices. “You can’t trade security for speed,” he cautioned. “AI’s promise is transformative, but it must be deployed with careful governance and risk awareness.”

Follow our live news coverage of the CDW Executive SummIT here, on the social platform X at @BizTechMagazine and by using the hashtag #CDWExecutiveSummIT.

Photography by Lily Lopate
Close

See How Your Peers Are Moving Forward in the Cloud

New research from CDW can help you build on your success and take the next step.