Speed, Identity, and AI: Redefining Cybersecurity for Australian Organisations

Cybersecurity teams have always grappled with emerging technologies, increasingly sophisticated attacks and new regulations. However, as organisations accelerate AI and cloud adoption, digitise services, and adapt to evolving compliance regulations, security challenges continue to grow in tandem with the expansion of attack surfaces.

What’s concerning is that threat actors are no longer waiting in the shadows to probe for weaknesses. They now prioritise immediate execution – leveraging AI, targeting identity, and monetising attacks quickly.

The latest Elastic Global Threat Report (GTR) 2025 reveals that execution-first attacks on Windows now account for 32% of all observed malicious activity, nearly doubling from last year and surpassing defence evasion as the top tactic. This shift signals that attackers are prioritising speed and impact over persistence and stealth.

For Australian businesses, the message is clear: traditional perimeter-focused, compliance-driven approaches are no longer enough. Cyber resilience must be strategic, proactive, and data-driven. The window to detect and contain threats is narrowing, identity has become the most heavily targeted asset in cloud environments, and generative AI is lowering the barrier for adversaries to launch more frequent and sophisticated attacks.

Execution First: Speed over Stealth

The GTR shows that attackers are running malicious code immediately upon entry, shifting away from stealthy persistence. This aligns sharply with the local landscape, where the Australian Cyber Security Centre (ACSC) reported over 94,000 cybercrime incidents in 2023–24, a 23% increase year-on-year.

As adversaries accelerate their tactics, the window for detection and response is shrinking. Legacy, compliance-driven approaches are no longer sufficient. Organisations must pivot to proactive threat hunting, memory safeguards, and advanced endpoint detection that can flag anomalous execution in real-time.

Cloud and Browser: Identity Is the New Battleground

Another key finding from the GTR is how attacks in cloud environments are highly focused, with over 60% of incidents targeting initial access, persistence, and credential access. With cloud adoption in Australia among the highest globally, the risks are acute given that usage is projected to grow at around 12% annually, and nearly 90% of organisations are relying on multi-cloud strategies.

Compromised accounts and credentials are the leading incident type across critical infrastructure and government sectors. Protecting identity is now paramount. Phishing-resistant MFA, least-privilege access, and continuous monitoring of privileged activity are the most effective safeguards.

At the same time, browser-stored credentials and accidental source code leaks are emerging as key vectors for attack. Around one in eight malware samples are designed to steal browser data, which fuels the global access-broker economy and drives ransomware, business email compromise (BEC), and extortion campaigns. In Australia, these threats are increasingly driving breaches, often via employees’ personal or BYOD devices, making compromised credentials the largest category of reported incidents.

AI and Source Code: Escalating Threats for Australian Organisations

AI is lowering the barrier to entry for cybercrime, enabling more frequent and varied attacks. Findings from the GTR have revealed a 15.5% increase in ‘Generic’ threats, which are malicious files or programmes that cannot be categorised elsewhere. The increase may have been driven by the use of large language models (LLMs) to quickly generate malicious loaders and tools. Australian organisations are already feeling the impact, with 78% reporting significant disruption and over half unprepared to defend against AI-driven threats.

Another threat that can even potentially transform into a permanent risk to organisations is accidental source code leaks. Whether they are API keys, credentials, or sensitive data, such leaks create permanent, distributed exposure that attackers can exploit long after the initial mistake, carrying regulatory, operational, and reputational consequences for Australian businesses. Mitigation requires treating browsers and developer workflows as critical security boundaries, enforcing phishing-resistant MFA, hardening endpoints, securing credentials and session tokens, continuously monitoring development environments, and embedding automated detection and remediation directly into workflows.

The Path Forward for Australian Defenders

These trends may appear to be disparate, but they are in fact deeply interconnected. For example, threat actors can use AI-generated malware to steal browser credentials and gain access to a cloud account.

The risks for Australian organisations are immediate and tangible.

The path forward is clear: prioritise runtime visibility, strengthen the identity layer, treat browsers and developer workflows as critical assets, and embed AI-driven threat detection and behavioural analytics throughout operations. Organisations that act decisively can turn today’s complex threat landscape into a strategic advantage- reducing risk, safeguarding critical assets, and staying one step ahead of adversaries.