Cyberattacks are moving at breakneck speed, partly due to the use of artificial intelligence. Christopher Fielder, Field CTO at Arctic Wolf, explains why remote access tools are an underestimated risk, how AI is weaponizing both attackers and defenders, and why continuous education is more important than ever.
The idea that a cyberattack can take place in less than a minute sounds like a scene from an action movie. Yet, it is the reality that security teams face today. Fielder clarifies that not every attack happens instantly; there are significant differences in attack types.
“Not every attack moves at the same speed,” says Fielder. “There are advanced persistent threats from nation-states, where attackers stay in an environment for months, slowly stealing data. But on the other hand, you have attacks that can happen very, very quickly.”
From months to seconds
He compares it to crime in the physical world: there is long-term theft, but someone can also smash a window and take something in a matter of seconds. In the cyber world, it works exactly the same way.
A crucial factor is that many organizations unknowingly leave the door open for attackers. “What we discovered is that 65 percent of the attacks our incident response team responded to had some kind of remote access tool that the company had installed itself as the initial point of attack,” Fielder says.
“65 percent of attacks had a remote access tool that the company had installed itself as the initial point of attack.”
Christopher Fielder, Field CTO at Arctic Wolf
“Think of VPNs, remote desktop protocols—those tools you install to make your work easier. Attackers use those too, because unfortunately, not all companies take the necessary steps to secure them.”
The metaphor is striking: installing a lock on the door but never turning the key. If the door is open, an intruder can strike within seconds.
AI as both weapon and shield
Artificial intelligence is playing an increasingly large role on both sides of the cybersecurity spectrum. For attackers, AI means they can automate and accelerate their methods. For defenders, it offers the ability to detect and respond faster.
Fielder emphasizes that AI is essentially neutral. “I always view AI as a tool. It’s not good or bad. It’s like a hammer: you can use it to build a building, but you can also use it to smash a window.”
A concrete example is phishing. In the past, employees could recognize suspicious emails by spelling mistakes or strange language. Those days are over.
“AI is like a hammer: you can use it to build a building, but you can also use it to smash a window.”
Christopher Fielder, Field CTO at Arctic Wolf
“I don’t speak German, Dutch, or French,” says Fielder. “But I guarantee that I can use one of these AI models to write an email in almost perfect Dutch, German, or French. You wouldn’t be able to tell that I didn’t speak that language, because the AI translates it not just linguistically, but culturally as well.”
The logical follow-up question is: how do you still detect such emails? The answer, Fielder says, is with AI itself. Artificial intelligence can be deployed to recognize attacks generated by artificial intelligence.
Monitor everything, everywhere
To keep up with the speed of modern attacks, Fielder believes it is essential to leave no aspect of the IT environment unguarded.
“At Arctic Wolf, we believe in monitoring all aspects,” he explains. “Endpoints, network, all the logs we receive, the cloud, the behavior of everyone in the environment. Any one of those puzzle pieces could be the single piece that enables us to detect the threat.”
The combination of broad monitoring and AI-driven detection makes it possible to respond quickly. But speed alone is not enough: humans must always be involved in the process to verify that the AI is acting correctly.
“We deploy AI in the right capacity, in the right facets, with people in the loop to ensure that AI doesn’t do anything it shouldn’t do,” Fielder emphasizes.
The human factor remains crucial
Despite all technological progress, humans remain a weak link. Fielder sees an increase in what he calls “high-tech, low-tech attacks”: attacks where advanced technology is used to manipulate individual employees.
“We have very strong technical tools. We can build very strong walls. But if you can manipulate the people, you can bypass those technical controls,” he says. The solution? Continuous education, not one-off training sessions.
“We need to educate people weekly, run phishing simulations, and update them on current attacks.”
Christopher Fielder, Field CTO at Arctic Wolf
“Many organizations do it like this: here is an annual security training, watch this one-hour video, sign this paper, and you’re done. That’s not enough. We need to educate people weekly, run phishing simulations, and update them on current attacks.”
Fast attacks require a fast response
Fielder concludes with a clear message: organizations must prepare for the moment things go wrong, not for the idea that they might go wrong.
“Have an incident response plan. Something ready to go, so that you can automatically take action during an attack. Like muscle memory: you’ve practiced it so often that you don’t have to think about it anymore.”
And if the right people aren’t available internally? Then partnering with a specialist is the logical step. “That’s why Arctic Wolf exists. We have an incident response team that, like the fire department, can come in to put out the fire as quickly as possible.”
The core message is clear: cyber threats are becoming faster, more advanced, and harder to detect. But with the right combination of technology, AI, and human expertise, organizations can keep up if they invest now in prevention, detection, and response.
This is an editorial article in collaboration with Arctic Wolf. Want to know more about their solutions? Head over to this page to receive the full video interview.