It’s Time to Move Away from the “Phonebook” Approach to Cybersecurity

Database expert Dominik Tomicevic highlights the limitations of traditional cybersecurity defense methods and why knowledge graphs could be a better avenue for the CISO to pursue

Data shows that the global cost of cybercrime will soar by four trillion dollars over the next four years, rising from $9.2 trillion in 2024 to an estimated $13.9 trillion by 2028. Does this mean organizations must simply accept cyberattacks, malware, phishing, and other threats as endemic and ever-growing challenges?

Not necessarily. Greater vigilance and innovation in cybersecurity strategies can change the trajectory. While embracing digital technologies and the cloud has undeniably boosted convenience and productivity, it has also introduced significant vulnerabilities. Increasing reliance on open-source libraries to speed development—rather than building all code in-house—has, in turn, exposed organizations to new and serious risks.

Traditional cyber methods don’t work anymore

But the benefits are simply too great to ignore. The drive toward digital, online, and cloud-based operations is unstoppable, as is the growing reliance on externally sourced or AI-generated code. The problem is that most current cybersecurity methods fall short because they rely on models that are too rigid—both in how they represent the world and how they adapt to change. This is where developers we work with have identified a better way to help curb these dangers, at least to some extent.

The reason current systems of record for cyber vulnerabilities often falter is that they are built on the relational data model, which functions much like a “phonebook.” A phonebook offers a static, alphabetical list of individuals—but real life is far more complex, shaped by friendships, families, workgroups, rivalries, and constantly evolving relationships. Static models simply can’t capture the dynamic nature of modern digital environments.

Attackers understand this. They don’t exploit static lists—they target the living, breathing web of human connections. In other words, they aren’t studying organizational charts or formal hierarchies; they focus on the real-world links between people, creeping through systems to exploit user permissions not in isolation, but as gateways into broader networks.

This is why social engineering is so effective. If one person is compromised, who else might be vulnerable? What systems do they access? Who do they interact with daily? Attackers are disturbingly good at tracing these pathways—and exploiting them to devastating effect.

There’s another key limitation with the phonebook model—or more technically, with traditional relational approaches to cybersecurity: speed. Moving fast is essential, but modeling real-world complexity with relational databases requires many JOIN operations, which quickly become computationally expensive. In a multi-step attack, it might take 10 to 20 JOINs just to assemble a clear picture, and by then, the process could either time out or consume so many resources that it becomes impractical.

Trying to defend against adversaries who map and exploit dynamic relationship networks is incredibly challenging. A bad actor can quietly slip in a change request to open port 40 in a cloud security configuration, and in a highly connected system, that single move could silently unlock 1,000 other doors—with no clear way of knowing where they are.

The key element in the security war is relationships

That’s not just a vulnerability. That’s a nightmare. What’s becoming clear is this: a better way to understand the complex relationships and interdependencies within cyberspace could not only strengthen defensive postures, but also enable faster, more decisive action.

In response, more and more organizations—whether protecting their own systems or building cybersecurity solutions—are turning to graph-based approaches to model relationships and information. After all, every employee’s access to business services and systems creates a connection—a relationship—between individuals and the resources they use.

Player No 2 has entered the game

Which is why graph technology matters: it models systems clearly and powerfully by representing users, systems, and data as nodes, and the permissions and connections between them as edges. This “graph thinking” isn’t new—it’s exactly how attackers view your environment during penetration testing. They don’t see a flat network; they see a connected web of relationships and look for paths they can exploit to move laterally.

Graph technology allows defenders to adopt the same perspective before threats emerge. At its core, graph technology is about relationships—and whether it’s employees and devices, users and applications, or systems and services, a graph database can accurately capture the complex way your organization truly operates.

Crucially, graph technology doesn’t just deliver better visibility—it also dramatically improves speed of response. Because graphs eliminate the need for complex queries and costly JOIN operations, problems can be solved on a linear, not logarithmic, timescale. Connections can be mapped in seconds, not hours, giving security teams the clarity and agility they need to stay ahead of threats.

So where does AI fit into this picture? The next natural evolution is leveraging machine learning, AI, and advanced data techniques. A graph-based approach not only strengthens cybersecurity today, it also lays a powerful foundation for future AI initiatives, enabling faster, smarter, and more adaptive defenses.

The potential of a graph-based approach to navigating the intricate network of relationships that underpin cybersecurity challenges is immense. However, without adopting smarter, more adaptive cybersecurity strategies, both businesses and society will continue to fall behind in the relentless battle against cyber threats—threats that often understand our systems and vulnerabilities better than we do ourselves.

The author is the CEO of knowledge graph leader Memgraph