Lydia HudsonDon't blame the user. Get the fundamentals right.

At Infosecurity Europe 2026, our CEO & Co-Founder Jon Abbott made the case for a return to fundamentals. Speaking to EM360Tech on the show floor, and earlier that day on the case study stage alongside Doug Weekes, CISO and Director of Data Governance at Sainsbury's, his message was consistent.

Stop pointing at the person who clicked the link. Start looking at the controls that let it happen.

The hygiene gap is still wide open

Jon and Doug's session, The Hygiene Gap: How Simple Failures Enable Sophisticated Attacks, drew on real-world examples of breaches that had nothing to do with sophisticated adversaries and everything to do with basic controls being broken or missing.

The pattern is familiar to anyone working in enterprise security. An endpoint without EDR. A device outside the patch window. A cloud account where MFA was never enforced. None of it exotic. All of it exploitable.

"You really got to look back at those controls," Jon told EM360Tech. "You could have a web proxy or make sure you have EDR everywhere instead of blaming the user for clicking links."

The fundamentals, done consistently and at scale, prevent most of what organisations are spending heavily to detect and remediate after the fact.

Shadow AI is the next hygiene gap

A challenge Jon foresees in cybersecurity is shadow AI. There seems to be a noted cultural shift where businesses are now willing to grant AI tools access to sensitive systems, like Microsoft 365, in ways they would have previously rejected. That shift could lead to significant attacks in the next 12 months.

"When you tag the action with AI now, it seems to be acceptable," Jon said. "People are connecting their tools to an AI agent or granting an AI provider access to take actions on your behalf."

It is the same hygiene problem in a new disguise. A new category of access has appeared faster than the controls needed to govern it.

Visibility is the starting point

You cannot secure what you cannot see. Every example Jon raised, whether a missing EDR agent or an ungoverned AI connection, comes back to the same root cause: a gap in asset visibility that nobody knew existed until it was exploited.

ThreatAware exists to close that gap. Agentless deployment means full visibility into every device, user and integration in under an hour, with no rollout project and no blind spots for attackers to hide in.

Want to see where your own hygiene gaps might be? Book a demo with ThreatAware and find out what you are missing.