The cybersecurity landscape has changed irreversibly. It is no longer enough to scan systems once a month or quarter. Attackers exploit flaws within hours, and organizations still anchored in periodic vulnerability management models are exposed to increasing risk. According to CrowdStrike data, 2025 is shaping up to be a record year in the number of reported vulnerabilities: more than 21,000 CVEs (Common Vulnerabilities and Exposures) were disclosed in the first half alone, equivalent to 133 new flaws every day. Each of these flaws represents a potential cost for businesses, whether in the form of breaches, regulatory fines, or reputational loss.

The key question is no longer how many vulnerabilities we can identify, but how to contextualize them and act with the speed that business demands. Intelligence, automation, and comprehensive attack surface visibility become the pillars of a modern strategy. As Iratxe Vázquez, Senior Product Marketing Manager for Cybersecurity at WatchGuard Technologies, points out, “a periodic scan offers a static snapshot of an environment that is constantly changing.” Between two assessments, new cloud services may be deployed, devices added, privileges modified, or unmanaged assets may appear. Therefore, an analysis performed a week ago may not represent the actual exposure at the present moment.

The End of Periodic Scans as the Sole Model

Traditional periodic scanning models are no longer sufficient. Attackers have automated much of their reconnaissance, weakness identification, and exploitation tasks, drastically reducing the time available to react. Vázquez insists that periodic scans remain useful as a baseline, for audits, or to verify compliance, but they must be complemented with continuous asset discovery, change monitoring, threat intelligence, and accelerated mitigation processes. The relevant indicator is no longer how many vulnerabilities have been identified, but how long a critical exposure remains unpatched or without compensating controls.

The Role of AI and Deepfakes in the New Era of Attacks

Artificial intelligence and deepfakes are two major drivers of the increase in attacks. Álvaro del Hoyo, Technology Strategist for Southern Europe at CrowdStrike, distinguishes between the uses of AI outside networks (infrastructure reconnaissance, vulnerability identification) and social engineering attacks. For example, Business Email Compromise (BEC) has evolved into attacks that use audio or video deepfakes to impersonate executives, partners, or clients. When these attacks succeed, their impact is significant. Generative AI is also used to create more sophisticated and harder-to-detect malware, as discussed in our article on Implementing Generative AI in Workflows.

Prioritization: Beyond CVSS

The major challenge for security leaders is not a lack of alerts, but the saturation of raw data. Doris Seedorf, CEO of Sofftek for Spain, states that “the conversation at the C-level no longer revolves around abstract technical metrics, but around economic responsibility and structural stability.” To prioritize effectively, the focus must shift from isolated technical severity to financial and operational impact.

Iratxe Vázquez agrees that prioritization cannot rely solely on a CVSS score. It is necessary to combine at least four axes: severity, likelihood of exploitation, level of exposure, and business impact. Sources such as the CISA catalog of exploited vulnerabilities or models like EPSS (which estimates the probability of exploitation in the next 30 days) provide valuable signals, but they must be integrated with internal context. The same vulnerability can be critical on an exposed authentication server and have much lower urgency on an isolated device.

Automation: The Balance Between Speed and Governance

To what extent can automation take over real-time management without compromising governance? For Seedorf, operational maturity is achieved when the organization becomes a self-adjusting ecosystem where automation and AI operate naturally, but under a strict framework of traceability. Vázquez adds that automation can handle much of the operational work (triage, patch deployment) as long as it acts within a clear control framework. Not all scenarios require the same speed; some situations justify accelerated processes, while others require human review for service stability. When no patch is available, automation can activate temporary measures such as isolation or access restrictions.

Visibility: The Fundamental Requirement

Visibility remains a fundamental requirement: you cannot protect what you cannot see. Vázquez notes that lack of visibility is not always due to absence of data, but because information is scattered across tools that do not communicate with each other. The challenge is to connect the pieces, understand who is responsible for each asset, and transform data into rapid operational decisions. Moreover, visibility should no longer be limited to knowing which assets exist, but to understanding how they behave. In many incidents, the problem is not an unknown asset, but an unexpected communication or lateral movement that goes unnoticed. That is why technologies that analyze behaviors and relationships between assets, identities, and communications are gaining importance.

The Transition to CTEM Models

We are witnessing a definitive shift from vulnerability management to models like CTEM (Continuous Threat Exposure Management), focused on real exposure and attack paths. Seedorf considers this transition “irreversible in business strategy.” The traditional model was limited to a reactive technical support function; modern models understand security and resilience as fundamental components of business design.

Vázquez explains that for years the focus was on detecting and patching technical flaws, which worked in static environments. Today, adversaries combine compromised identities, weak configurations, and lateral movements that do not always appear in a traditional scan. Models like CTEM emphasize real exposure, possible attack paths, and continuous validation. They do not replace vulnerability management but expand it with a more operational and dynamic vision. The value lies in understanding which assets are accessible, which identities can open unexpected doors, and which controls fail when an attacker starts moving.

For companies looking to strengthen their security posture, adopting a continuous, data-driven approach is essential. Configuring secure VPNs and firewalls remains a key piece, but it must be integrated into a broader exposure management strategy. Business productivity is also affected: a secure environment allows teams to focus on their tasks without interruptions, as addressed in our guide on Business Productivity with Microsoft 365.

Original source: ComputerWorld. Analysis and adaptation by ForgeNEX.