I don’t imagine there are many CISOs who use Bruce Lee as a point of reference for enhancing cyber security strategies? However, the philosophy of his hybrid martial art – Jeet Kune Do – is based on many principles relevant for staying ahead of ransomware hackers.
The UK’s National Crime Agency recently highlighted how the ransomware landscape has entered a post-trust ecosystem. This refers to a more unpredictable and dangerous threat landscape, and an environment that’s interconnected. Nothing appears off limits for cyber criminals. They are willing to push the boundaries of innovation, experimentation and collaboration to stay ahead of law enforcement agencies and to remaster ransomware attacks that force victims into coercion.
A recent ‘strategic alliance’ between three ransomware groups – DragonForce, LockBit and Qilin – epitomises how the ecosystem is changing and adapting. The Hacker News reported their coalition aims to share techniques, resources and infrastructure to strengthen overall capabilities. Moves such as this show a level of interconnectivity and evolution in the creation and deployment of ransomware threats, which requires organisations to be more alert and informed. This is where the principles of Jeet Kune Do apply.
Enter The Dragon
Bruce Lee based Jeet Kune Do on a philosophy which advocates practices of absorbing what is useful, discarding what is not, engaging in directness and simplicity to effectively and quickly end confrontation, and perhaps most importantly, the martial art’s core tenet of ‘the way of the intercepting fist’. It’s a style of martial arts crafted to neutralise an attack through a simultaneous defensive and offensive move. So, how does this apply to ransomware mitigation?
Many forward-thinking organisations have invested in robust cyber security defences. However, ransomware attacks are successful because their perpetrators are able to establish entry into organisations via a multitude of ways, making it harder for security teams to detect and monitor every possible entry point. Every security team is overwhelmed with monitoring; tuning and prioritising directions is an endless balance of noise to signal ratio. Essentially, can I observe every possible attack? And at what stage would I like to detect? Knowing earlier can help lessen impact but creates more alerts to review. It’s a dilemma.
Hackers are constantly putting organisations under the microscope, scrutinising how they build defences and knowledge building to inform their attack techniques. Cyber security teams must adopt the same level of observation and scrutiny by proactively monitoring the threats they face.
Cyber threat intelligence can enable organisations to better understand ever-shifting ransomware threats. Sophisticated vulnerability and attack surface intelligence will analyse billions of data points from across the open and dark webs, and technical sources, providing a comprehensive external view of the vulnerabilities, misconfigurations and other exposures that are in the most urgent need of review and potential remediation. This approach is the Jeet Kune Do principle of absorbing what is useful and discarding what is not, allowing organisations to prioritise the highest-risk threats.
The GCHQ’s National Cyber Security Centre (NCSC) reported that the UK experienced four nationally significant cyber attacks every week in the year to September 2025. This is a snapshot of the escalating and relentless level of threat that organisations face, and not all threats are equal. Some risks pose a more immediate danger, meaning today’s cybersecurity strategies should have actionable and fresh intelligence to prioritise detection, remediation or mitigation, to ensure defences work as expected.
Anticipating attacks
Ransomware tools, techniques and tactics don’t stand still. Threat actors are leveraging the new possibilities of artificial intelligence (AI), finding earlier points of entry in supply chains for exploitation and refining social engineering and phishing to make attacks harder to predict. Cyber threat intelligence can enable organisations to keep pace with these developments, providing business-critical insight about the; what, why, when and how of threat actor behaviour.
Identity intelligence, for example, can enable organisations to effectively monitor for compromised employee credentials, analysing exposed credentials in near real-time across the dark web, forums, paste sites, criminal marketplaces and bot infrastructure. Passwords and trusted access details gained from social engineering can be detected and actioned before attackers weaponise them as a gateway for ransomware deployment. It’s a level of proactivity that reflects the Jeet Kune Do principle of engaging in directness and simplicity to effectively end confrontation.
Building knowledge of ransomware threats creates the ability and opportunity for organisations to ‘intercept the fist’ before an attacker strikes. Cyber threat intelligence can help teams to efficiently capture, compile, and analyse threat data, turning it into actionable insights across all the key components of a cybersecurity programme – people, processes, products and policies. All these factors can be informed by a real-world view of what hackers are doing, unlocking the potential to better predict, prioritise and prevent ransomware attacks. Being defensive alone won’t achieve this.
Jason Steer is chief information security officer at Recorded Future.
