Looking back: The most surprising shifts in cybersecurity

Cybersecurity researchers spend a lot of time trying to predict the future. But no matter how hard we work to lay out a clear picture of what’s coming next, the field of cybersecurity will always surprise us with developments we didn’t expect. 

We asked Umer Khan (CIO and Senior VP of Software Engineering at Relativity Space) and Kirsten Davies (Founder of Institute for Cyber; three-times Fortune 500 CISO) to share one development they’ve observed in the field of cybersecurity over the last five years – something that has taken them by surprise. 

Cybercrime-as-a-Service platforms that operate like legitimate businesses

For Umer, cybercrime-as-a-service platforms have been “one of the most surprising recent developments in cybersecurity.” 

“These platforms have made sophisticated attacks accessible even to non-technical individuals,” he said, “transforming cybercrime into a highly organised and scalable business model.”

Ransomware-as-a-service (RaaS) is one of the most widespread examples of this – “where developers provide ransomware tools for a fee or a share of the ransom, and affiliates can use these tools to execute attacks without having any coding knowledge.” They often operate like legitimate businesses, providing customer support and profit-sharing schemes – and Umer cited Conti and REvil as platforms that have become popular by operating in this way. 

Umer also noted a number of different forms of cybercrime-as-a-service that are breaking down the barriers-to-entry for cybercriminals, including: 

• Phishing-as-a-Service (PhaaS): “Platforms now provide ready-made phishing kits, email templates, and even fake login pages. These services often include analytics dashboards that help attackers track how many victims clicked their links.”
• Credential-Stuffing-as-a-Service: “Attackers can now buy credentials in bulk and leverage automated tools to test them across multiple platforms. Some services even offer warranties that the credentials are valid.”
• Social Engineering-as-a-Service: “Some cybercrime groups even provide professional social engineers for hire. These individuals can impersonate employees or support staff to manipulate their targets into divulging sensitive information.”
• DDoS-as-a-Service: “Distributed Denial of Service (DDoS) attacks have become incredibly easy to execute with platforms offering DDoS-as-a-service. These platforms allow attackers to pay a fee to overwhelm a target's servers with traffic, taking them offline. Some services even let users choose the size and duration of the attack.” 

“The most surprising part of this development,” Umer added, “isn’t just the availability of these services – but how professionalised and accessible they’ve become.” 

As well as customer support, many platforms now offer subscription models, and some even include guarantees on the effectiveness of their services. 

“This democratisation of cybercrime has made it more critical than ever for organisations to stay vigilant and adopt layered security measures to counter the growing variety of threats.” 

Increased innovation driven by the startup ecosystem 

Kirsten pointed out that we’ve seen a lot of shifts in defence across the last five years – “some have been great, some less effective.” 

“What has been a delight is the broad adoption of innovative, startup technologies. For the longest time, it was only a handful of us CISOs who were giving startups an opportunity to test in our large environments,” she said.

Before, it was more common for CISOs of large organisations to stick to established or well-known tools, or build tools internally – although very few organisations “have the engineering power and headcount budget to build versus buy.”

Over the last five years this has changed: “We've seen a tremendous uptick in the adoption of innovative solutions (think Wiz, Abnormal Security, Halcyon, ClarOTy) at varying scales of deployment.”

And importantly, these solutions are coming from the startup ecosystem; “from companies which are largely pre-IPO, and many have remained as ‘stand-alones’ and not gone the route of being acquired by bigger companies to fold into their ‘platform of solutions’ – which is often the death knell for innovation (sorry, not sorry).” 

The result?

“What we're seeing is the increasing influence investment and venture groups have on the shape, scale, and capabilities of our defences. We're seeing a rapid and positive evolution in the defenders' space, because these investment and venture groups are incorporating the voice of their CISO customer into their investment decisions, and the evolution and development cycles of the solutions themselves. It's really an exciting time to be a Defender and to partner with these innovative companies!” 

What’s coming next? 

We know – hindsight’s a wonderful thing, and we’ve got to look to the future as well as the past. In our next blog post, we ask Umer and Kirsten about the developments they expect to see in cyber by 2030. 

Join us at Black Hat MEA 2025 to share your perspective and meet potential partners – and shape the future together.