Cybercrime
,
Events
,
Fraud Management & Cybercrime
Rapid7’s Thom Langford on Vulnerability Exploitation and Cybercrime
Cybercriminal groups are becoming more efficient and adaptable, responding quickly to law enforcement disruptions and changing defensive strategies. Ransomware operators increasingly focus on data theft and extortion, while service-based criminal ecosystems continue to lower the barriers to entry for attackers, said Thom Langford, EMEA CTO at Rapid7.
See Also: Know Thy Enemy: Threats to Cyber Resilience
At the same time, vulnerability exploitation has overtaken social engineering as the leading initial access vector. As organizations manage increasingly complex technology environments, security teams must improve their ability to identify which vulnerabilities pose the greatest risk and require immediate attention, Langford said.
“If you can’t distinguish what you need to patch versus what you don’t need to patch, you will just be lost under that tsunami,” Langford said.
In this video interview with ISMG at Infosecurity Europe 2026, Langford also discussed:
- How ransomware groups are evolving their business models and affiliate programs;
- Why threat intelligence and context are critical for vulnerability prioritization;
- How organizations can use compensating controls when immediate patching isn’t possible.
With more than two decades of experience in security strategy, information security and risk management, Langford has built a reputation for bridging the gap between technical teams and business executives. He is known for his pragmatic approach to cybersecurity, focusing on aligning security initiatives with business objectives to drive growth and resilience. Langford’s expertise has been instrumental in shaping robust security postures for global organizations across various industries.
Click Here For The Original Source.
