cybersecurity
Anatomy of an Attack
Explore how real-world Scattered Spider cyber attacks unfold and how your team can be more resilient and defend against them.
Our COO, Kevin Banks, and our VP of Service Delivery and Innovation, Stephen Mathezer, sat down for a fireside chat about the past year and the shifts they’ve experienced in the cybersecurity industry and how this will impact cyber trends for 2026. In our conversation, we pinpointed the three major trends we saw make an impact last year.
Trend #1: The AI and cybersecurity reality check
For the past three years, organizations have primarily focused on the promised benefits of AI, specifically its ability to drive efficiencies. This has pushed organizations to implement AI as fast as possible. In 2025, that headlong rush has caused security issues that are making organizations rethink how they implement best practices and cybersecurity for AI.
Kevin Banks, COO
At the beginning of this year, you saw this blind optimism or blind drive towards AI.
Board and C-suites were coming to us saying, ‘We need to adopt AI because it's going to drive massive efficiency in our business.’ But people were struggling to actually articulate what those efficiencies were.
As a result, some of these companies they got out ahead of their skis a bit.
I sat down with one of our clients who basically said, ‘We started down this path of doing this broad deployment of AI, and we exposed things we didn't intend to.’
So, they wanted help strategically defining their AI implementation into a narrow set of business use cases.
This more pragmatic approach to AI is becoming the norm. That’s really forced organizations to focus the AI conversation on the data.
Stephen Mathezer, VP of Service Delivery & Innovation
Centralizing data in the conversation was a much-needed development.
We’re talking a lot less about putting guardrails on the AI itself or controlling the user.
The focus is moving to putting guardrails on what's feeding into the AI, and how organizations are managing data internally.
Kevin
The problem is that security teams really struggle with standing up an effective data security program.
Most organizations have all this data floating around unprotected, and it’s like gas to AI’s book of matches. When you add AI to a system that’s leaking data like that, it will find that unprotected data and expose it.
Ironically, one of the most effective ways of getting a handle on your data is with AI.
So it becomes a circular conversation, which just reinforces the complexity of it.
Stephen
That security debt isn’t the only legacy problem either.
There is a lot of technological debt in institutions.
For a lot of these organizations, you know, someone installed Windows NT in the early 2000s, and, while the operating systems have, of course, evolved, the same basic environment is still running today.
AI has been a catalyst to look at that and go, we've got some work to do here.
Add the complexity of the Microsoft ecosystem and the relative lack of security knowledge and focus in the infrastructure specialists, and you have a huge blind spot in the security team’s visibility.
Kevin
Speaking of Microsoft, I think one of the big things that really changed the dynamic this year is the work Microsoft has done around Copilot Studio.
It’s made it easy to create AI agents, which sounds great,
Because it’s easy, and the potential benefits are huge, you have this proliferation of non-human agents with access to your systems, your data, your processes. Not only do they have wide access, but they’re also acting like humans, who were already the number one risk in your security program.
Stephen
And those agents, they work 10,000 times faster than a human being, and they don't sleep.
So, whereas a human generally has the opportunity to go, ‘oh, crap, that’s not what I meant to do,’ when they make a mistake, with agentic
AI, mistakes happen at exponentially higher speed and most often without a human watching, sometimes even while you're sleeping. By the time a mistake is discovered, there is no, ‘Oh, crap, I take that back. Let's undo that.’
You're already 10,000 steps down the path, like when Replit went rogue and deleted a company’s entire database.
Kevin
Exactly. That's where I've really seen the acceleration of risk this year, the success that Microsoft has had, particularly with Copilot and agentic AI within the business context.
Stephen
But, it’s important to point out, nobody's slowing down on AI.
They may be slightly more aware of the risk, but they're still trying to implement as fast as possible. We see leaders with KPIs that essentially boil down to ‘use more AI in the business’ in the belief that at least some of it will lead to greater efficiency or profit.
Kevin
It’s not slowing down because the reality is, AI, while still very noisy, will become more defined and more focused and will become the differentiator in business strategy.
Businesses have to adopt it.
Stephen Mathezer, VP of Service Delivery & Innovation
Yeah, but hopefully with a little more intentionality, right?
Overview
In 2025, the headlong rush to adopt AI has been tempered by the risks. Instead of adding AI to everything, organizations are taking a more pragmatic approach, focusing on specific use cases and the benefits AI can bring. This has re-focused the security conversation around AI on getting control of data to lower the risk of AI implementation.
Trend #2: The arms race in ransomware
Unlike AI, ransomware isn’t new. It has been around nearly since the internet began. According to the Canadian Centre for Cyber Security, “Ransomware is the top cybercrime threat facing Canada’s critical infrastructure.” However, this past year, attackers (like Scattered Spider) and victims have entered into a type of arms race, increasing the volatility of these attacks.
Stephen
There’s been a continued trend for a few years now, as attackers are getting better at targeting their attacks to get the most money.
It used to be more like ‘I'm going to ransomware everybody and hope for the best.’ That’s not true anymore. Critical infrastructure, for example, has become a major target because attackers know that the operators of that infrastructure will spend large sums to ensure that critical services are available.
That doesn’t stop with who they’re attacking. More and more, they’re taking the time to find the most valuable information. Insurance policies, for example, tell attackers where there's money to be had. So there’s a bigger move to find and leverage those.
Even once they have the data, they’re finding new ways to apply more pressure. It's obviously still about potentially publishing sensitive data, but attackers are also revoking access, for example.
For example, if an attacker locks your organization out of Microsoft 365, that can be more impactful than publishing your data.
As victims stop paying, which I think is a trend as well, attackers are driven to find those different buttons to push.
Kevin
Exactly. It’s not just the attackers who are getting bolder. Ransomware victims are getting more aggressive as well.
A great example of that was the Coinbase attack back in May.
They got breached. They got a $20 million ransom. And the founder came out and not only refused to pay the ransom, but offered $20 million to find out who did it.
In a lot of ways, it's turned into an arms race.
And, going back to the first trend, AI is a big part of that arms race. This year, we started to see the evolution and proliferation of AI in ransomware attacks and defence.
And it’s very much becoming an arms race of AI versus AI.
Stephen
And, not always in the way you think. What I’ve seen is that attackers are using the victim’s Copilot, not to conduct the attack, but to aim the attack.
They go to Copilot and say, ‘Show me the insurance policy, find me the valuable information.’
That takes a lot of the work out of the attacker's hands and greatly accelerates the process.
And that’s going to continue to ramp up next year.
Overview
Attackers are evolving more effective tactics and targeting (e.g., targeting critical infrastructure, revoking access) as more victims refuse to pay. They are also using victims' own AI tools to accelerate attacks. The combination of more aggressive tactics and AI use means strong security has more value than ever.
Trend #3: Increasing supply chain & geopolitical risk
This year, organizations have faced pressure to find efficiencies through outsourcing and AI. At the same time, geopolitical instability has increased the already high risk to supply chains. This has left organizations struggling to find partners they can trust.
Kevin
This year, we saw cost and complexity driving organizations to outsource more.
And those third parties don’t always operate with the same care and diligence that the base organization would.
Clients will say, ‘I need to cut costs, so I have to outsource. But when it comes to security, I need to have my trusted, internal team do it.’
Stephen
You can really see the tension with third-party help desks. Organizations are outsourcing these help desks to save money, but it’s exposing them to risk.
In the last year or two, the help desk has been the first target of attackers every single time. In fact, social engineering attacks against outsourced help desks or low-level infrastructure personnel have provided all the access necessary for ransomware to be deployed. No vulnerabilities or malware were required.
Kevin
Exactly. And as third-party vendors ourselves, that vulnerability is always top of mind for me.
So it was nice when, two weeks ago, I had the opportunity to sit down with three enterprises in Calgary and, unprompted, they each, in different ways, said, ‘The relationship that we have with you guys is so important because we know you and we trust you.’
The political landscape, the technology landscape, including AI, and, of course, the complexity of supply chains is putting a lot of pressure on companies that rely on third-party vendors.
So that trust is becoming more and more important to our clients
Stephen
As much as AI is impacting everything, the political landscape is maybe the biggest impact on supply chains this year.
I just came back from Taiwan, and there’s this feeling that something’s lurking in the dark, like the warfare aspect of cyber attacks is ramping up.
I think, right now, it's subtle because nobody wants to trigger a war based on a cyber attack. But countries are positioning their cyber capabilities to support a war on many, many fronts.
And that includes China, Russia, North Korea, Iran, Israel, the US, UK. Everybody's doing it.
I think that as everything is getting more and more digitized, it just creates more and more opportunities to make a real impact with cyber warfare.
Overview
Outsourcing for cost savings is growing into a major security vulnerability. That vulnerability is further exacerbated by geopolitical instability. This makes trusted, local partnerships with established history more valuable than ever.
How to prepare your cybersecurity for 2026
Heading into the new year, AI implementation remains a top priority for many growing organizations. However, it’s essential to control your data first, then implement AI in ways that complement business priorities. This ensures your business capitalizes on the benefits of AI while minimizing risks, like unintentional data exposure and ransomware attackers using your own AI against you.
Secondly, when outsourcing, it’s important to find a partner you can trust to have the same security priorities as your organization.
At iON, we build relationships with organizations that don’t have the budget to tackle all their cybersecurity challenges in-house, but can’t afford to allow new developments or attack vectors to disrupt their systems. We stay on top of cyber trends and help you sort through the noise to take advantage of leading tech or updated processes that support your company.
You need a trusted partner to ensure your cybersecurity is ready for the future. Talk to our team now to get started.