I don't think there are many CISOs who use Bruce Lee as a reference for improving cybersecurity strategies? However, the philosophy of his hybrid martial art is Jeet Kune Do – based on many principles to stay ahead of hackers using ransomware.
The UK's National Crime Agency recently outlined how the ransomware situation came to be. post-racial ecosystem. This applies to a more unpredictable and dangerous threat landscape, as well as an interconnected environment. Nothing is off limits for cybercriminals. They are willing to push the boundaries of innovation, experimentation and collaboration to stay ahead of law enforcement and improve ransomware attacks that force victims into action.
The recent “strategic alliance” between three ransomware groups – DragonForce, LockBit and Qilin – epitomizes how the ecosystem is changing and adapting. Hacker news said their coalition is committed to sharing technology, resources and infrastructure to strengthen common capabilities. Moves like these demonstrate the level of interconnectedness and evolution in the creation and deployment of ransomware threats, requiring organizations to be more vigilant and aware. This is where the principles of Jeet Kune Do apply.
Enter the Dragon
Bruce Lee founded Jeet Kune Do on a philosophy that promotes the practice of absorbing what is useful, discarding what is not, using directness and simplicity to effectively and quickly end confrontation, and, perhaps most importantly, the core principle of the martial art, the “way of the intercepting fist.” It is a martial arts style designed to neutralize an attack through simultaneous defensive and offensive movements. So how does this apply to fighting ransomware?
Many forward-thinking organizations have invested in robust cybersecurity protection. However, ransomware attacks are successful because their attackers can penetrate organizations in a variety of ways, making it difficult for security teams to detect and monitor all possible entry points. Every security group is overloaded with monitoring; The tuning and prioritization directions are an infinite balance between noise and signal. Essentially, can I watch for all possible attacks? And at what stage would you like to discover it? Knowing in advance can help reduce the impact, but creates more warnings to check. This is a dilemma.
Hackers are constantly putting organizations under a microscope, examining how they build defenses and amassing the knowledge to justify their attack methods. Cybersecurity teams must adopt the same level of surveillance and control by actively monitoring the threats they face.
Cyber threat analytics can help organizations better understand the ever-evolving ransomware threats. Sophisticated vulnerability and attack surface analysis will analyze billions of data points from the public and dark web, as well as technical sources, providing a comprehensive, external view of the vulnerabilities, misconfigurations, and other vulnerabilities that most urgently need verification and potential remediation. This approach represents the Jeet Kune Do principle of absorbing what is useful and discarding what is not, allowing organizations to prioritize the highest risk threats.
GCHQ's National Cyber Security Center (NCSC) said the UK was facing four national cyberattacks every week within a year until September 2025. This is a snapshot of the growing and unrelenting level of threats facing organizations, and not all threats are created equal. Some risks are more immediate, meaning today's cybersecurity strategies must have actionable, up-to-date information to prioritize detection, remediation or mitigation to ensure defenses are working as intended.
Anticipating attacks
Ransomware tools, techniques, and tactics do not stand still. Attackers are leveraging new artificial intelligence (AI) capabilities, finding earlier entry points into supply chains to exploit, and improving social engineering and phishing to make attacks more difficult to predict. Cyber threat analytics can enable organizations to keep pace with these developments by providing business-critical information about; what, why, when and how the threat actor behaves.
For example, identity intelligence can allow organizations to effectively track compromised employee credentials by analyzing exposed credentials in near real-time across the dark web, forums, insertion sites, criminal marketplaces, and bot infrastructure. Socially engineered passwords and trusted credentials can be discovered and addressed before attackers use them as a gateway to deploy ransomware. This is a level of proactivity that reflects the Jeet Kune Do principle of directness and simplicity to effectively end confrontation.
Gaining knowledge of ransomware threats gives organizations the opportunity to “get the ball” before an attacker strikes. Cyber threat analytics can help teams efficiently collect, compile, and analyze threat data, turning it into actionable insights across all key components of a cybersecurity program—people, processes, products, and policies. All of these factors can be factored into a real-life understanding of what hackers are doing, opening up the potential to better predict, prioritize, and prevent ransomware attacks. This cannot be achieved with protection alone.
Jason Steere is the Chief Information Security Officer at Recorded future.
