“Stop waiting for the first move.” Cybersecurity CEO Calls for Predictive Defence

Counterterrorism | Geo-Political & Military | National Security | Offensive Security

Posted: Wednesday, Jun 03

KBI.Media
$
“Stop waiting for the first move.” Cybersecurity CEO Calls for Predictive Defence

Karissa Breen, more commonly known as KB, is crowned a LinkedIn ‘Top Voice in Technology’, and widely recognised across the global cybersecurity industry. A serial entrepreneur, she is the co-founder of the TMFE Group, a portfolio of cybersecurity-focused businesses spanning an industry-leading media platform, a specialist marketing agency, a content production studio, and the executive headhunting firm, MercSec. Now based in the United States, KB oversees US editorial operations and leads the expansion of the group’s media footprint across North America, while maintaining a strong presence in Australia, and the broader global market. She is the former Producer and Host of the streaming show 2Fa.tv, and currently sits at the helm of journalism for the group’s flagship arm, KBI.Media, the independent cybersecurity media company. As a cybersecurity investigative journalist, KB hosts her globally-renowned podcast, KBKast, where she interviews leading cybersecurity practitioners, CISOs, government officials including heads-of-state, and industry pioneers from around the world. The podcast has been downloaded in over 65 countries with more than 400,000 global downloads, influencing billions of dollars in cybersecurity budgets. KB is known for asking the hard questions and extracting real, commercially relevant insights. Her approach provides an uncoloured, strategic lens on the evolving cybersecurity landscape, demystifying complex security issues and translating them into practical intelligence for executives navigating risk, regulation, and rapid technological change.

i 3 Table of Contents

“Stop waiting for the first move.” Cybersecurity CEO Calls for Predictive Defence

From Karissa Breen

Cybersecurity has spent decades reacting to attacks after the damage is already done. Now, according to Dmitry Volkov, CEO at Group-IB says that model is breaking under the pressure of AI-driven cybercrime.

“The number of attacks keep growing, complexity and damage keeps growing year over year and threat actors now started to search and use actively artificial intelligence tools for different purposes,” Volkov stated.
“Speed and scale of attacks is going to grow even more and that means that situation will get worse.”

Volkov believes the industry’s next major shift won’t be another ‘detection platform’ or dashboard. It will be predictive cybersecurity, stopping attacks before they even happen.

“For the last 20 years… it’s always been reactive,” he said. “You as a company need to wait until a threat actor will make a first move and then you have to detect it as fast as possible and respond as fast as possible.”

Instead, Volkov says organisations need to predict attacker behaviour in near real time.

“I can say that your organisation will be attacked by a threat actor… this is how exactly he’s going to execute… and this is a list of actions that you need to actually take automatically in ideal case scenario to stop this actor before he actually launched the attack.”

The comments come as enterprises face intense pressure from AI powered cybercrime, deepfake scams, and industrialised ransomware operations. According to Volkov, the problem is no longer a lack of data, it’s what organisations do with it.

“Too much data is also a bad situation,” he said. “We’ve seen that [SIEM] didn’t work in the past, it will not work in the future.”

Volkov argues the industry has become trapped in a cycle of collecting alerts while attackers move faster using automation and AI.

“The next thing will be prediction because all raw alerts and actions with these alerts should be automated,” he said.

But he warned the industry still isn’t ready to hand full control over to these AI systems.

“We cannot give 100% control to AI agents. It’s just impossible. Especially in big enterprises with complicated infrastructure where you have to make many different decisions all the time.”

Mr Volkov also pointed to a growing disconnect between cybersecurity teams and fraud teams inside major financial institutions, despite both fighting the same adversaries.

“They usually have two separate teams, Cybersecurity Team and Anti Fraud Team,” he said. “They should collaborate very actively… but they cannot work altogether. They don’t have common workflow, they don’t have common pipeline.”

That fragmentation, he argues, is helping cybercriminals stay ahead.

“Cybercriminals were always ahead of the cyber defence,” Volkov said. “They always find a way how to earn money.”

He believes the real fight is no longer just about malware or ransomware, it’s purely about disrupting the financial infrastructure behind cybercrime itself.

“Oxygen for them is money laundering,” he said. “If it’s possible to block money flow, the level of cyber attacks, scam calls… everything we see right now will reduce significantly.”

Volkov, whose company works with organisations including INTERPOL and Europol, said public and private sector collaboration still remains too slow for modern cyber threats today.

“When we talk about modern cybercrime, in many cases… threat intelligence should be shared in real time,” he said.

He also pushed back on the growing perception that cybercriminals are untouchable if they operate from offshore safe havens.

“It’s always possible to stop these actors,” Volkov said. “Even in Cambodia, people were arrested. It depends on will of specific nation or leaders.”

Still, he believes the cyber industry is only at the beginning of this next phase.

“Adoption is a complicated thing, especially when you talk about big enterprises,” he said. “I believe that adoption will take probably next five years until we will see that majority of organisations will come to that state.”

For Volkov, the future of cyber defenxe comes down to three main priorities which include predictive security, cutting off criminal money flows and stronger collaboration between industry and law enforcement.

“Let’s stop money flow that feeds criminal ecosystem,” he said. “And let’s help public sector to identify threat actors and arrest them because it really helps to prevent huge damages.”