Cyber risk is now 'trust abuse'
Reporting shows attackers are increasingly exploiting valid credentials, VPNs and approved remote‑management tools instead of breaking perimeters, which shifts the threat model from 'outside' intruders to abuse of trusted access. That trend is prompting calls for zero‑trust, tighter third‑party governance and higher‑level industry convenings — including a banking summit about AI‑enabled threats (channellife.co.nz) (devdiscourse.com).
The old cyber story was a burglar picking a lock. The new one is someone walking in through the front door with a real badge, a real password, or a real remote-control tool that the company already approved. (blackpointcyber.com) Blackpoint Cyber said its 2026 Annual Threat Report is based on activity its security operations center watched across 2025, and its core finding is that attackers increasingly used valid usernames, legitimate passwords, virtual private network sessions, and normal business software instead of noisy malware first. (blackpointcyber.com) A virtual private network is the tunnel employees use to log in from home or on the road. If an attacker has the employee’s real login, that tunnel opens cleanly and many older security tools treat the session as normal traffic. (blackpointcyber.com) Remote monitoring and management tools are the software information technology teams use to fix laptops, push updates, and control machines from far away. Blackpoint documented repeated cases where those same tools were abused because they were already allowed inside the network. (blackpointcyber.com) That changes what defenders are looking for. Instead of asking only “is this file malicious,” they now have to ask “is this trusted account doing something strange at 2:13 a.m. from the wrong place on the wrong machine.” (blackpointcyber.com) Blackpoint said its team disrupted 56 percent of incidents in 2025 before a payload was deployed, which points to a race that starts earlier than the old model of waiting for ransomware or a destructive program to appear. (blackpointcyber.com) The security idea getting pushed hardest here is zero trust. Zero trust means a company stops assuming that a user, device, or vendor is safe just because it is already inside the network, the same way a bank vault does not open just because someone made it into the lobby. (blackpointcyber.com) Third-party governance is the other piece, because many of these trusted pathways belong to contractors, software providers, managed service firms, and support vendors. The International Monetary Fund warned on April 2, 2026 that growing reliance on third-party technology is turning cyber risk into a wider financial-stability problem. (devdiscourse.com) Banks are treating this as more than an information technology issue because artificial intelligence can help criminals write better phishing emails, clone voices, and automate reconnaissance at scale. Devdiscourse reported on April 10, 2026 that top United States financial leaders held a banking summit focused on cyber risks tied to Anthropic’s new artificial intelligence model, Mythos. (devdiscourse.com) So the perimeter is not exactly gone, but it is no longer the whole fight. The harder problem in 2026 is proving that every login, every device, and every “approved” tool is being used by the right person for the right reason at the right moment. (blackpointcyber.com)
