Cybercrime is no longer chaotic, it’s commercial.
That’s the central theme of Episode 3 in our Experts on Experts: Commanding Perspectives series, where Craig Adams sits down with Raj Samani, Chief Scientist at Rapid7, for a wide-ranging, no-nonsense conversation on today’s threat economy.
They discuss everything from ransomware trends to access broker tactics and why security teams need to shift how they think about response, partnership, and scale.
Ransomware: still a business model
As Raj points out, ransomware isn’t slowing down, it’s adapting. The “boom-and-bust” cycle we explored in the Q2 Ransomware Trends blog is part of a larger pattern: threat actors running like businesses, adapting based on opportunity, disruption, and payout potential.
They may pause activity or shift techniques, but the business model itself is stable. And that means defenders need to be thinking less about wave cycles and more about structural resilience.
Access brokers are thriving
Another major theme of the conversation is the rise of access brokers - actors who don’t launch attacks themselves, but sell network access to others. As Raj explains, this model makes initial compromise faster and more scalable for a wider set of attackers.
The result: more volume, less friction, and greater risk for organizations that haven’t tightened up identity, access, and exposure.
What needs to change
From Raj’s perspective, one of the biggest shifts that still needs to happen is collaborative intelligence. Threat actors share, coordinate, and scale as a community, but defenders often operate in silos. Fixing that is key.
They also touch on where AI is helping (and where it’s overhyped), how to think about resilience versus risk, and why good security often starts with better communication.
Watch the full episode here.
Missed our earlier episodes?
Catch up on Episode 1 with Laura Ellis on agentic AI and system governance here, and Episode 2 with Jon Hencinski on MDR strategy and SOC readiness here.
