{"id":174099,"date":"2026-01-02T09:05:00","date_gmt":"2026-01-02T14:05:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/02\/the-future-of-digital-threats\/"},"modified":"2026-01-02T16:55:12","modified_gmt":"2026-01-02T21:55:12","slug":"the-future-of-digital-threats","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/02\/the-future-of-digital-threats\/","title":{"rendered":"The Future of Digital Threats"},"content":{"rendered":"

The Future of Digital Threats<\/a><\/p>\n

https:\/\/www.darkreading.com\/threat-intelligence\/cybersecurity-predictions-for-2026-navigating-the-future-of-digital-threats<\/a><\/p>\n

Publish Date: 2026-01-02 09:05:00<\/a><\/p>\n

Source Domain: www.darkreading.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. As the digital landscape continues to evolve, so too do the threats that organizations must contend with. In this year’s final Reporter’s Notebook conversation, cybersecurity experts Rob Wright from Dark Reading, David Jones from Cybersecurity Dive, and Alissa Irei from Tech Target Search Security share their insights on what the future holds for cybersecurity in 2026. Drawing from AI-summarized industry reports and expert opinions, the conversation highlights key trends, challenges, and opportunities that will shape the way businesses approach security in the coming years. From the rise of AI-driven threats to the growing importance of resilience, the panelists paint a vivid picture of the road ahead.One of the most pressing concerns is the increasing sophistication of cyber threats, particularly those involving artificial intelligence and autonomous systems. Threat actors are expected to target agentic AI, exploiting its capabilities for malicious purposes. While AI offers tremendous potential for productivity gains, the lack of robust security measures and awareness could lead to devastating consequences such as the rise of AI-driven social engineering and deepfakes, which are poised to erode trust and manipulate human vulnerabilities. As technology advances, organizations must strike a balance between innovation and protection.Related:Why a 17-Year-Old Built an AI Model to Expose Deepfake MapsAnother major shift in cybersecurity priorities is the growing emphasis on resilience and recovery over prevention. The reporters noted that businesses are moving away from the traditional focus on secure systems and instead prioritizing defensible, recoverable systems that can withstand catastrophic incidents. This shift reflects a broader understanding of cybersecurity as a form of risk management rather than an attempt to eliminate breaches entirely. With board-level awareness and executive accountability on the rise, organizations are recognizing the importance of preparing for the inevitable and ensuring they have the systems and processes in place to recover quickly.In a world where cyber threats are becoming more sophisticated and pervasive, the discussion underscored the need for vigilance, innovation, and collaboration. As organizations brace for the challenges of 2026 and beyond, the focus must remain on building resilient systems, fostering awareness, and staying ahead of emerging risks. The future of cybersecurity is uncertain, but with proactive measures and a commitment to adaptation, businesses can navigate the complexities of the digital age.Related:Data Dump From APT Actor Yields Clues to Attacker CapabilitiesAlso, check out our other installments in this series:\u00a0“Same Old Security Problems: Cyber Training Still Fails Miserably,” and “IoT Security Flounders Amid Churning Risk.”Reporter’s Notebook: Full TranscriptThis transcript has been edited for clarity.Dark\u00a0Reading’s Rob Wright:\u00a0Hi, I’m Rob Wright with Dark Reading.Cybersecurity\u00a0Dive’s David Jones:\u00a0Hi, I’m Dave Jones with Cybersecurity Dive.Tech\u00a0Target\u00a0Search Security’s Alissa Irei:\u00a0Hi, Alissa Irei, Search Security at Informa Tech Target.DR’s Rob Wright:\u00a0And the three of us are here today to discuss 2026 predictions. Every year, we get a lot of emails from different companies, sources, and PR folks about their predictions for what’s going to happen in 2026 \u2014 technology predictions, not just random predictions. So, what we did this year is we took all of these emails, their predictions from various companies, sources, and executives, and we fed them into an AI. We’re not going to say which AI, but we used it to summarize them, find the most common ones, the most frequently cited predictions, common trends, and threads, and it spit out a list. Here we have our AI-generated list, and we’re going to discuss it and figure out what we think is likely to happen and what we are a little more skeptical about. So, let’s jump right into it. The first one on our list:\u00a0Agentic AI and autonomous systems\u00a0become primary targets for threat actors. What do we think about that?Related:What Makes Great Threat Intelligence?TTSS’s Alissa Irei:\u00a0I think this could be a really short episode if we just said AI ten times. Those are our ten predictions. It seems plausible to me. Dave, what do you think?CD’s David Jones:\u00a0I think AI is ready for a reality check. We’ve already started to see the capabilities that threat actors have in terms of abusing AI, particularly if the proper guardrails are not set up. A lot of companies want to benefit from the potential productivity gains of AI. The question is, have they prepared themselves for the risks they may not anticipate? For some companies, if they haven’t thought this through properly or tested it, there\u2019s going to be a reckoning. Some companies will be able to utilize AI properly and see productivity gains, but we\u2019re going to find out who\u2019s taking these risks seriously and who\u2019s moving too fast.DR’s Rob Wright:\u00a0I think agentic AI in particular is going to be interesting. It\u2019s being used in some compelling case studies, but knowing that threat actors are also targeting it and trying to abuse it is concerning. So, it\u2019s not a surprise that this is one of the most common predictions we received.TTSS’s Alissa Irei:\u00a0And when you have AI agents that have the permissions of human users, that obviously raises some questions and concerns. The enthusiasm for the business use cases might not always be matched with the\u00a0security controls, which brings us to our next prediction, I believe.DR’s Rob Wright:\u00a0Yeah, so this is actually tied for number one. I should have said that. It\u2019s number two in sequential order: Identity,\u00a0zero trust, and non-human identities (NHIs) are the new security foundation. Basically, identity will replace the network as the primary security boundary and control point. Feels like this has already happened, but what do you think?CD’s David Jones:\u00a0If machines are constantly communicating with each other and there isn\u2019t a proper level of permissions being offered to all the automated links in your network, one obscure link can wreak havoc throughout an entire network. Unless companies are acutely aware of who they are interacting with, what kind of permissions they have, and how dependent they are on those connections, we\u2019re going to see more of these issues, particularly as companies become more dependent on automation.TTSS’s Alissa Irei:\u00a0I think this is already happening, but the rise of agentic AI with non-human identities outnumbering human identities by so many factors will put organizations\u2019 zero trust architectures to the test. The question is, how rock solid is your zero trust\u00a0framework? Is there implicit trust in places or given to entities that you\u2019re not aware of? That could lead to some really big problems in 2026.DR’s Rob Wright:\u00a0Makes sense. All right, next up: AI-driven social engineering and deep fakes will erode trust. AI will accelerate the scale and sophistication of social engineering, making deep fakes and synthetic media like video and voice cloning the preeminent social engineering vector for high-value access. Do we think it\u2019s going to happen?CD’s David Jones:\u00a0That\u2019s been one of the big stories of 2025 already. A sophisticated actor can easily fool senior executives, help desks, and IT networks into granting permissions to get into a network and do a lot of damage. Companies haven\u2019t figured out how to train key employees to recognize this. With all the security software in a network, a lot of this is just taking advantage of human behavior. Senior executives, politicians, and high-level officials can be taken advantage of. Someone can maliciously send out a request in their name, pretend to speak on their behalf, or go after family members. It\u2019s probably going to get more interesting next year as the technology becomes more sophisticated and accessible.TTSS’s Alissa Irei:\u00a0It feels like we may be at a moment in 2026 that will be very scary. The sophistication and accessibility of the tech will be at an all-time high, but the typical user might not be aware that it\u2019s possible yet. To date, most widely viewed deepfake content is a little clunky or has telltale signs, but it seems like there\u2019s an inflection point coming where even sophisticated users can\u2019t tell they\u2019re looking at a deepfake video, and public awareness might not be there yet.CD’s David Jones:\u00a0You don\u2019t necessarily need a good deepfake. Very good voice cloning alone can capture someone\u2019s voice for authentication and gain a lot of access.DR’s Rob Wright:\u00a0My kids tried that with me. They kept telling me to say \u201cpassword\u201d into a recording device. I\u2019m joking. Anyway, that\u2019s a reference to an old movie.DR’s Rob Wright:\u00a0Next prediction: Supply chain and third-party risk intensifies,\u00a0demanding visibility\u00a0and proof. Supply chains will become the number one access point for adversaries as attackers target small embedded vendors to access thousands of downstream environments. What do you think?CD’s David Jones:\u00a0We\u2019ve seen in manufacturing, processing, and logistics that if you\u2019re highly dependent on a constantly moving supply chain, an attacker can force you to disrupt your production or distribution process. That can create anxiety for days, weeks, or months. If you don\u2019t understand how secure your dependencies are, you might be in for a long haul. We\u2019ve already seen this in 2025 with software and major companies like JLR. Companies will need to think about this very closely next year because we\u2019re going to see these types of attacks again.TTSS’s Alissa Irei:\u00a0This strikes me as true and also more of the same. I don\u2019t think this is a huge shift from what we\u2019ve seen in 2025, but supply chain and third-party risk are still big problems. You\u2019ve got to have your SBOMs.DR’s Rob Wright:\u00a0SBOMs have been a big focus. Strengthening the software supply chain and ensuring you\u2019re not relying on compromised open-source libraries or tampered software is critical. It\u2019s a scary world out there.TTSS’s Alissa Irei:\u00a0I think it would be surprising if we didn\u2019t see major\u00a0supply chain attacks\u00a0in 2026.DR’s Rob Wright:\u00a0I agree. OK, next prediction:\u00a0Executive accountability, AI governance, and board focus on risk. Boards will recognize cyber risk as a tier-one operational priority and demand measurable security outcomes. Rising legal and regulatory pressure, especially concerning AI, will increase executive and CISO personal liability. I have my doubts, but I\u2019ll let you go first.CD’s David Jones:\u00a0There\u2019s been concern about personally holding a board member or senior executive accountable for failure to disclose or raise proper red flags. Companies will need to set up proper guardrails, particularly if they\u2019re expanding their use of AI. The consequences will play out over time. Case law will need to develop as states, federal governments, and international regulators address this. Once we see larger-scale deployment, we\u2019ll start to see these cases play out in court and from regulators.TTSS’s Alissa Irei:\u00a0In our reporting on security, we\u2019re seeing growing awareness at the board level of the importance of cybersecurity. Organizations understand that cyber risk is business risk, which is a good thing. In terms of\u00a0CISO personal liability, I don\u2019t necessarily see that happening. I hope it doesn\u2019t. CISOs worry about this, and it seems unfair. I don\u2019t know what the future of the role is if CISOs are held personally liable for the cybersecurity of massive enterprises.That seems like a return to the battle days when CSOs were little more than scapegoats. Rob, what do you think?DR\u2019s\u00a0Rob Wright: I\u2019m skeptical about that part. I do think there\u2019s going to be more consideration and more responsibility on CISOs and board members, but we just saw a pretty big case recently where the charges were dropped against the CISO who was under fire and, according to many, wrongly charged or implicated in that incident. In terms of being accused of not disclosing, covering it up, or benefiting from it, I don\u2019t know that it\u2019s going to move in that direction. If anything, it seems like\u00a0under the current administration, it\u2019s going to relax a lot, but who knows? We live in interesting times, I guess.TTSS\u2019s Alissa Irei: OK.CD\u2019s David Jones: To address that, I believe CISOs have some legitimate concerns. One of the issues that comes up is if a top executive in a company, a CEO, president, or board member, says, “Nobody told me. I\u2019m not an expert on security. I\u2019m not an engineer. I\u2019m not responsible for managing security in our company.” That\u2019s why they have someone in charge of that. But if you\u2019re a\u00a0CISO or an executive with another title in charge of security, you have to make your C-suite and board aware of the risks. When you\u2019re a CEO or board member, you\u2019ve got to understand the risks and outline them to investors. Whether you\u2019re an expert on a particular issue or not, that\u2019s part of your job. The CISO doesn\u2019t make presentations in quarterly conference calls or necessarily present to investors unless it\u2019s a very specialized type of presentation.DR\u2019s Rob Wright: Yeah.TTSS\u2019s Alissa Irei: Yeah.DR\u2019s Rob Wright: Yeah.CD\u2019s David Jones: An investor isn\u2019t going to drill down to the CISO and expect to hear directly from them about the risks. That\u2019s why you have quarterly updates, regular meetings, audit committees, and governance structures within your company so that a top executive can\u2019t say, “Nobody ever said anything to me.”DR\u2019s Rob Wright: Yeah, good point.TTSS\u2019s Alissa Irei: OK.DR\u2019s Rob Wright: All right, let\u2019s get to a few more of these. Tied for number six, OT, IoT, and\u00a0critical infrastructure\u00a0become a top cyber risk surface. That seems very likely to me. I don\u2019t know if I have too much to add. Alissa, what do you think?TTSS\u2019s Alissa Irei: I think it\u2019s scary. It scares me. It seems likely. I hope it\u2019s wrong.DR\u2019s Rob Wright: Well, I think for non-security experts inside companies that produce things or have long production lines, they may have people who know how to develop the products they sell but don\u2019t necessarily know what OT is. They understand how to run a factory and produce their core products. The goal is to translate a risk that impacts IT to understand what it looks like if it jumps to the production line.CD\u2019s David Jones: If I\u2019m a maker of electronics or food products and I have a risk where I have to shut down the production line for hours, days, or weeks, what do I do? Can you flip the switch back on in a week and expect everything to go back to normal?DR\u2019s Rob Wright: Probably not.TTSS\u2019s Alissa Irei: It\u2019s surprising we haven\u2019t had more\u00a0attacks on OT\u00a0and critical infrastructure with far-reaching impacts. There have been incidents like Colonial Pipeline and the water plant in Florida, but it seems like we\u2019ve gotten off relatively easy given the security gaps in some organizations.DR\u2019s Rob Wright: Maybe we won\u2019t be so lucky in 2026. Scary thought. All right, also tied for number six: visibility,\u00a0attack surface management\u00a0(ASM), and data sprawl are critical gaps. Traditional perimeter thinking is obsolete. Data sprawl \u2014 let\u2019s focus on that for a second. We\u2019ve seen a lot of\u00a0data sprawl\u00a0recently, like with the\u00a0Salesforce attacks\u00a0where data, including IT support tickets, credentials, and secrets, ended up in Salesforce instances. Sensitive data is spreading beyond code repositories into other areas. This seems accurate. We\u2019ll probably see more of this data sprawl.CD\u2019s David Jones: If your most sensitive information is located somewhere you have no control over, what do you do? Who do you blame? If my data is in a third-party site or storage repository, I still care if it\u2019s accessed by the wrong people. Nobody wants to hear, “It wasn\u2019t us. We gave it to another organization, and they had control of it.” That\u2019s not going to fly.DR\u2019s Rob Wright: Good point. Alissa, any thoughts?TTSS\u2019s Alissa Irei: I cosign. Nothing substantive to add. If it\u2019s a problem, it\u2019ll continue to be a problem in 2026.CD\u2019s David Jones: It\u2019s like leaving your wallet at your friend\u2019s house and complaining when someone breaks in through their back room.DR\u2019s Rob Wright: Yeah. All right, #8:\u00a0cyber resilience\u00a0and recovery replace prevention as the core metric. The focus is shifting from achieving secure systems to prioritizing defensible, resilient, and recoverable systems. I feel like we\u2019ve been in the “assume breach” mode for a while, focusing on incident response plans. Maybe we\u2019re moving more in that direction,\u00a0prioritizing recovery over prevention.TTSS\u2019s Alissa Irei: This seems related to the earlier prediction about board-level awareness. Board members and C-level executives with no cybersecurity experience are understanding that breaches will happen. Cybersecurity is really about cyber risk management, not total prevention of incidents. That knowledge seems to be trickling up.CD\u2019s David Jones: Companies have to assume they\u2019ll face a\u00a0potentially catastrophic attack. How do you build a system that can withstand such an incident, maintain operations, and ensure everyone knows their responsibilities? Is there a backup plan? How much redundancy is built into the system? Companies prepared for catastrophic impacts will be the ones able to plow through such events. At some point, whether you caused it or not, you\u2019ll have to address that scenario.TTSS\u2019s Alissa Irei: That ties back to supply chain risk, which is often out of your control.DR\u2019s Rob Wright: Yeah, it\u2019s out of your hands. All right, #9:\u00a0quantum computing threats accelerate. The long-anticipated threat of quantum computing is moving from theoretical to tangible, accelerating demand for quantum-safe encryption. I\u2019m a quantum threat skeptic. I think we\u2019re a lot further away from this than people think. There\u2019s a risk of “harvest now, decrypt later,” but I don\u2019t think we\u2019re near the tangible threat level.CD\u2019s David Jones: We might get tomorrow sooner than we think. There\u2019s been a lot of hype about quantum computing and theoretical discussions about protecting critical national security secrets, financial services, and\u00a0military-level technology. Someone will eventually figure out how to break into systems at that level. It doesn\u2019t take widespread use \u2014 just one really bad event.TTSS\u2019s Alissa Irei: I\u2019ll defer to the experts I\u2019ve spoken to. Everyone seems to think we\u2019re not there or even close to there. I hope that\u2019s true.DR\u2019s Rob Wright: That\u2019s reassuring. I\u2019d like to live in a world where this stuff isn\u2019t easily cracked. No asteroids, no spaceships in 2026.TTSS\u2019s Alissa Irei: No asteroids, no spaceships.DR\u2019s Rob Wright: All right, last but not least,\u00a0password elimination\u00a0and\u00a0passkey adoption accelerate. Password-based authentication will finally become obsolete in forward-thinking organizations. What do we think?TTSS\u2019s Alissa Irei: To quote Yogi Berra, “It\u2019s d\u00e9j\u00e0 vu all over again.” I feel like we\u2019ve heard this before.CD\u2019s David Jones: Are we being aspirational? How long has this been going on?TTSS\u2019s Alissa Irei: Seems optimistic.DR’s Rob Wright: Yeah. A few years.CD\u2019s David Jones: Yeah, ideally, we would like to have a situation where, when we’re logging on to our most important applications, we don’t have a list of about 200 passwords. These passwords are often reiterations of things like our old street name, our best friend’s last name, or some other combination of things we can remember.DR’s Rob Wright: Yeah.CD\u2019s David Jones: But as we know, many people use poorly constructed passwords and keep reusing them. It’s hard to remember all of that. People keep saying they\u2019re going to change, evolve, and use new methods.DR’s Rob Wright: Yeah.CD\u2019s David Jones: We keep going back to the same bad habits.DR’s Rob Wright: I think the question here is, what do you consider a forward-thinking organization? There are a lot of financial services firms and technology firms that have moved away from passwords and embraced passkeys or\u00a0physical keys. Google, for example, has had phishing-resistant keys for many years. The question is, how many organizations are going to be forward-thinking and adopt these methods? Is it just going to be the top 1%, or will we start to see that level of adoption move down to other organizations? I\u2019m not optimistic. I\u2019m pessimistic by nature, so I don\u2019t think that\u2019s going to happen this year.CD\u2019s David Jones: I think you need to get some employee to buy-in. It\u2019s important to\u00a0convince workers at your organization\u00a0that it\u2019s worth going in that direction.DR’s Rob Wright: 100%. I don\u2019t know. That seems like an uphill battle. Anyway, that\u2019s it for our predictions. Thank you, everyone. I appreciate the input.\u00a0TTSS\u2019s Alissa Irei: Thank you. This was fun.CD\u2019s David Jones: Are we going to save this in a bottle and revisit it?DR’s Rob Wright: I guess we\u2019ll see at the end of 2026, and we\u2019ll do it all again. Thanks, everyone.
<\/p>\n","protected":false},"excerpt":{"rendered":"

The Future of Digital Threats https:\/\/www.darkreading.com\/threat-intelligence\/cybersecurity-predictions-for-2026-navigating-the-future-of-digital-threats Publish Date: 2026-01-02 09:05:00 Source Domain: www.darkreading.com Author: Using…<\/p>\n","protected":false},"author":1,"featured_media":174100,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blt1b218e107bc27d9c\/6944ce944152047a75f028fd\/back2thefuture1800_Pictorial_Press_Ltd_alamy_2.jpg?disable=upscale&width=1200&height=630&fit=crop","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,30,24,25],"class_list":["post-174099","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-breach","tag-cybersecurity","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/174099"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=174099"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/174099\/revisions"}],"predecessor-version":[{"id":174101,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/174099\/revisions\/174101"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/174100"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=174099"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=174099"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=174099"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}