A recent wave of cyber-attacks targeting major UK retailers has reignited concerns about the nation’s cybersecurity readiness. Against this backdrop, several uncomfortable truths are often overlooked: the shift to digital, cloud-first and always-on systems has accelerated productivity, but it has also dramatically expanded the attack surface.

Much of today’s software is no longer developed in-house. Instead, organisations rely on open-source libraries to move faster and innovate. As this code is externally developed, there’s often limited visibility into what’s running under the bonnet.

What makes matters worse is how cybersecurity is still typically approached. Most tools and strategies are reactive - designed to respond after an attack has already begun. Unless cybersecurity becomes smarter, both businesses and society will continue to fall further behind in an accelerating cyber arms race.

Thinking outside the cyber ‘box’

Earlier strategies failed because they were too rigid and simplistic in how they modelled the world - often missing critical signals during active attacks. What’s needed now is a smarter, more dynamic approach.

Increasingly, developers and cybersecurity vendors I’m working with believe the answer lies in graph databases. Unlike traditional models, graph technology captures the real-time complexity of systems and relationships, giving defenders a more adaptive, connected view of their environments.

Unlike traditional relational databases that store data in predefined tables with fixed schemas, graph databases store data as nodes (entities) and edges (relationships). This structure allows for highly flexible, dynamic modelling of connected data, which is ideal for mapping relationships across users, devices, applications, and events.

Built-in graph features also means that can happen fast. Queries can traverse these connections quickly, uncovering suspicious paths, access patterns, and anomalies that would be difficult or impossible to detect with conventional tools.

This is crucial because traditional cybersecurity defences have largely relied on a “phone book” model: static org charts and rigid hierarchies. Attackers don’t operate that way; they follow connections; they exploit permissions not in isolation but as gateways into complex webs of trust and access. If one user is compromised, who’s next? What systems are at risk? Which colleagues do they frequently interact with? Graph technology maps these dynamic relationships - providing defenders the crucial insight they need to stay one step ahead.

The key power in the security war is relationships

Understanding the complex relationships and interdependencies in cyberspace can dramatically strengthen defensive postures while enabling faster, more effective responses. That’s why more organisations - whether securing their own systems or developing cybersecurity products - are turning to graph-based approaches.

After all, users need permissions to do their jobs, namely, connections to systems, services, and data.

These permissions aren’t just settings. They form a web of interactions that can be precisely modelled as a graph, with nodes representing users, devices, and systems, and edges representing permissions and connections.

Graph thinking is also crucial in penetration testing. Attackers don’t see environments as flat, they perceive them as interconnected networks and are constantly hunting for exploitable paths, moving laterally from one foothold to sensitive assets. Graphs are ideal for modelling and visualising these attack paths.

As it’s designed to represent relationships - whether links between employees and devices, users and applications, or systems and services - a graph database captures the real-world complexity of how organisations operate.

Adopting this perspective helps organisations move beyond siloed system views and abstract org charts, enabling them to see infrastructure as attackers do - through the actual paths and privileges that define a digital environment.

Dominik Tomicevic CEO Memgraph