Tech
From trust to turbulence: Cyber’s road ahead in 2026 | Computer Weekly
In 2025, trust became the most exploited surface in modern computing. For decades, cyber security has centered on vulnerabilities, software bugs, misconfigured systems and weak network protections. Recent incidents in cyber security marked a clear turning point, as attackers no longer needed to rely solely on traditional techniques.
This shift wasn’t subtle. Instead, it emerged across nearly every major incident: supply chain breaches leveraging trusted platforms, credential abuse across federated identity systems, misuse of legitimate remote access tools and cloud services, and AI-generated content slipping past traditional detection mechanisms. In other words, even well-configured systems could be abused if defenders assumed that trusted equals safe.
Highlighting the lessons learned in 2025 is essential for cyber security professionals to understand the evolving threat landscape and adapt strategies accordingly.
The perimeter is irrelevant – trust is the threat vector
Organisations discovered that attackers exploit assumptions just as effectively as vulnerabilities by simply borrowing trust signals that security teams overlooked. They blended into environments using standard developer tools, cloud-based services and signed binaries that were never designed with strong telemetry or behavioural controls.
The rapid growth of AI in enterprise workflows was also a contributing factor. From code generation and operations automation to business analytics and customer support, AI systems began making decisions previously made by people. This introduced a new category of risk: automation that inherits trust without validation. The result? A new class of incidents where attacks weren’t loud or obviously malicious, but were piggybacked on legitimate activity, forcing defenders to rethink what signals matter, what telemetry is missing and which behaviours should be considered sensitive even if they originate from trusted pathways.
Identity and autonomy took centre stage
Identity also defines the modern attack surface apart from security vulnerabilities. As more services, applications, AI agents and devices operate autonomously, attackers increasingly target identity systems and the trust relationships between components. Once an attacker had possession of a trusted identity, they could move with minimal friction, expanding the meaning of privilege escalation. Escalation wasn’t just about obtaining higher system permissions; it was also about leveraging an identity that others naturally trust. Considering the attacks targeting the identities, defenders realised that distrust by default must now apply not only to network traffic but also to workflows, automation and the decisions made by autonomous systems.
AI as both a power tool and a pressure point
AI acted as a defensive accelerator and a new frontier of risk. AI-powered code generation sped up development but also introduced logic flaws when models filled gaps based on incomplete instructions. AI-assisted attacks became more customised and scalable, making phishing and fraud campaigns harder to detect. Yet, the lesson wasn’t that AI is inherently unsafe; it was that AI amplifies whatever controls (or lack of controls) surround it. Without validation, AI-generated content can mislead. Without guardrails, AI agents can make risky decisions. Without observability, AI-driven automation can drift into unintended behavior. This highlights that AI security is more about the entire ecosystem, including LLMs, GenAI apps and services, AI agents and underlying infrastructure.
A shift towards governing autonomy
As organisations increase their reliance on AI agents, automation frameworks and cloud-native identity systems, security will transition from patching flaws to controlling decision-making pathways. We will see the following defensive strategies in action:
- AI control-plane security: Security teams will establish governance layers around AI agent workflows, ensuring every automated action is authenticated, authorised, observed and reversible. The focus will expand from guarding data to guarding behaviour.
- Data drift protection: AI agents and automated systems will increasingly move, transform and replicate sensitive data, creating a risk of silent data sprawl, shadow datasets and unintended access paths. Without strong data lineage tracking and strict access controls, sensitive information can drift beyond approved boundaries, leading to new privacy, compliance and exposure risks.
- Trust verification across all layers: Expect widespread adoption of “trust-minimised architectures,” where identities, AI outputs and automated decisions are continuously validated rather than implicitly accepted.
- Zero trust as a compliance mandate: ZTA will become a regulatory requirement for critical sectors, with executives facing increased personal accountability for significant breaches tied to poor security posture.
- Behavioural baselines for AI and automation: Just like user behaviour analytics matured for human accounts, analytics will evolve to establish expected patterns for bots, services and autonomous agents.
- Secure-by-design identity: Identity platforms will prioritise strong lifecycle management for non-human identities, limiting the damage when automation goes wrong or is hijacked.
- Intent-based detection: Since many attacks will continue to exploit legitimate tools, detection systems will increasingly analyse why an action occurred rather than just what happened.
If 2025 taught us that trust can be weaponised, then 2026 will teach us how to rebuild trust in a safer, more deliberate way. The future of cyber security isn’t just about securing systems but also securing the logic, identity and autonomy that drive them.
Aditya K Sood is vice president of security engineering and AI strategy at Aryaka.
Federal agents on Thursday announced the arrest of a suspect charged with planting the two pipe bombs discovered near the US Capitol complex on the eve of January 6, 2021. Authorities identified the man as Brian J. Cole Jr., a resident of Woodbridge, Virginia. The arrest marks a major break in a case that has vexed authorities for nearly five years.
Cole, 30, is charged with transporting an explosive device across state lines with the intent to kill, injure, intimidate, or destroy property and with attempting to damage and destroy the headquarters of the Republican and Democratic national committees by means of an explosive device. If convicted, he would face the prospect of decades in prison.
According to an affidavit, investigators linked Cole to the bombs through a combination of surveillance footage, historical cell-site data, and years of purchase records showing he bought each major component used to construct the devices. Agents allege Cole acquired the same model of galvanized pipe, matching end caps, and nine-volt connectors, among other items, across multiple hardware stores in northern Virginia in 2019 and 2020.
Cole continued buying components used in bomb-making after his bombs in the Capitol were discovered, agents allege, listing the purchase of a white kitchen timer and two nine-volt batteries from a Walmart on January 21, as well as galvanized pipes from Home Depot the following day.
Senior Trump administration officials quickly cast the arrest as a vindication of their own leadership, claiming the case had gone cold. Attorney General Pam Bondi said she hoped the arrest would restore public trust following what she characterized as a “total lack of movement” on a case that had “languished for four years.” In their telling, the breakthrough was proof that the case only advanced once they were empowered to “go get the bad guys” and stop “focusing on other extraneous things,” as FBI deputy director Dan Bongino put it.
“Though it had been nearly five years, our team continued to churn through massive amounts of data and tips that we used to identify this suspect,” said Darren Cox, deputy assistant director of the FBI’s criminal investigative division.
The bombs were planted near the headquarters of the Republican and Democratic national committees the night of January 5, 2021, as Congress prepared to certify Joe Biden’s electoral victory over Donald Trump. Both failed to detonate, but their discovery the following day added to the chaos and confusion unfolding as a pro-Trump mob stormed the US Capitol building, causing millions of dollars in damage and injuring approximately 140 Capitol and Metropolitan Police Department officers.
As for Wilcox, he’s long been one of that small group of privacy zealots who buys his SIM cards in cash with a fake name. But he hopes Phreeli will offer an easier path—not just for people like him, but for normies too.
“I don’t know of anybody who’s ever offered this credibly before,” says Wilcox. “Not the usual telecom-strip-mining-your-data phone, not a black-hoodie hacker phone, but a privacy-is-normal phone.”
Even so, enough tech companies have pitched privacy as a feature for their commercial product that jaded consumers may not buy into a for-profit telecom like Phreeli purporting to offer anonymity. But the EFF’s Cohn says that Merrill’s track record shows he’s not just using the fight against surveillance as a marketing gimmick to sell something. “Having watched Nick for a long time, it’s all a means to an end for him,” she says. “And the end is privacy for everyone.”
Merrill may not like the implications of describing Phreeli as a cellular carrier where every phone is a burner phone. But there’s little doubt that some of the company’s customers will use its privacy protections for crime—just as with every surveillance-resistant tool, from Signal to Tor to briefcases of cash.
Phreeli won’t, at least, offer a platform for spammers and robocallers, Merrill says. Even without knowing users’ identities, he says the company will block that kind of bad behavior by limiting how many calls and texts users are allowed, and banning users who appear to be gaming the system. “If people think this is going to be a safe haven for abusing the phone network, that’s not going to work,” Merrill says.
But some customers of his phone company will, to Merrill’s regret, do bad things, he says—just as they sometimes used to with pay phones, that anonymous, cash-based phone service that once existed on every block of American cities. “You put a quarter in, you didn’t need to identify yourself, and you could call whoever you wanted,” he reminisces. “And 99.9 percent of the time, people weren’t doing bad stuff.” The small minority who were, he argues, didn’t justify the involuntary societal slide into the cellular panopticon we all live in today, where a phone call not tied to freely traded data on the caller’s identity is a rare phenomenon.
Three Greater London councils struck by a cyber attack last week are receiving response support from cyber security experts at NCC Group as they continue to pursue multiple investigations into the incident.
The three neighbouring authorities, the London Borough of Hammersmith and Fulham, the Royal Borough of Kensington and Chelsea (RBKC), and Westminster City Council – which operate a number of shared systems between them, first identified the incident on 24 November.
Of the three, RBKC has already disclosed that some historical data has been copied and exfiltrated from its systems, although it has not been encrypted or destroyed.
NCC’s teams were deployed alongside the National Cyber Security Centre (NCSC), London’s Metropolitan Police, and the National Crime Agency (NCA), with its operatives focused primarily on containing the impact of the attack and managing the three councils through the disruption, with a focus on restarting affected systems and public-facing services as soon as possible.
“Attacks on our public services require a diverse team to respond. Our team is working around the clock and under immense pressure as part of a coordinated effort to limit the impact of this incident and to work towards the continued delivery of essential services,” said NCC CEO Mike Maddison.
“As we have seen time and again in similar scenarios, the road to achieving a safe recovery of digital services can be challenging and will take time. This will be a difficult period both for residents in the impacted boroughs and the team members across the tri-borough partnership who are working tirelessly to address this issue,” he added.
Elizabeth Campbell, leader of Kensington and Chelsea Council, added: “Being given the news that we are under attack is what no Council leader wants to hear, but like any public body, there was always that possibility.
“To counter this threat, we had invested significantly in our digital, data and technology services and had up to date cyber defence systems. That system worked well mitigating the damage. Our IT team has been fighting back, investigating the cause, and assessing the impact,” she said.
“We are certain that we are taking all the right steps and we are hugely grateful to have the expertise of NCC Group to advise and support us. Their wealth of experience helping the British Library, universities and other authorities recover from cyber attacks is reassuring as we begin to recover and rebuild,” said Campbell.
Ongoing disruption
A week and a half after the incident was first detected, extensive disruption continues across all three of the affected councils.
In Hammersmith and Fulham, multiple services have been affected, with most of its online offerings unavailable, including council tax accounts; business rates payments; benefits accounts; housing, including repairs; parking permits, fines, and on-street bay suspensions; freedom pass applications; and property licensing.
As of its most recent statement, issued on Friday 28 November, the council said there was currently “no evidence” of its own systems having been compromised, but that it was continuing to enact enhanced security measures as part of its investigation.
The council’s spokesperson said it had been informed by RBKC of the data theft and said it was investigating this issue alongside its neighbours.
Meanwhile, as of Monday 1 December, RBKC has put in place a number of mitigations as it works towards service restoration, although crucially, phone lines continue to be disrupted. It expects disruption to last at least another fortnight.
It said residents experiencing genuine emergencies relating to environmental health, housing and social services should reach out via the phone numbers available here. It will also be opening its customer service centre at Kensington Town Hall for emergency in-person appointments on the weekend of 6-7 December.
On council tax and business rate payments, RBKC’s systems continue to be disrupted for those paying by Direct Debit, so residents are advised to keep funds available in their accounts so that collections can take place once they are back online. Other methods of payment are available as normal.
RBKC’s IT and security budget runs to over £12m per annum and the council said that in this instance, its systems worked as intended, enabling it to detect the cyber attack quicker and take action. This may have limited the scope of the incident.
Westminster Council is also continuing to respond to the incident. In its most recent update issued on Thursday 4 December, a spokesperson said: “We want to reassure residents that council services are running, although some disruption remains. Our priority is to keep services operating and to support the most vulnerable in our community and we apologise for any inconvenience.”
The disruption in Westminster extends across multiple services, including rent and service charge payments; council tax and business rates; housing repairs; local support payment applications; community hall bookings; birth, deaths and marriage certificates; children’s services referrals; complaints; licensing; and online waste and recycling services, including bulky item collections and requests for more recycling bags. Libraries are open as usual but cannot accept new members.
Like its neighbours, it expects the disruption to continue for some time, and it is also working to confirm the precise nature of the data breach.
“We have a team of specialists working to understand the extent and potential implications of any breach of data from shared services. At this time our investigations continue, and we urge everyone to follow advice to keep cyber safe with service users asked to be extra vigilant when called, emailed or sent text messages,” the spokesperson said.
All three councils are encouraging residents, customers and other service users to be extra vigilant with regard to their own personal data, and wary of any unexpected contacts via email, phone or text. More consumer information on staying safe in the wake of a data breach is available from the NCSC.
Hackney Council not involved
Earlier reporting suggested that Hackney Council, which was the victim of a major incident at the hands of the Pysa ransomware gang in October 2020v, had also been impacted by the latest incident. This is now known to be inaccurate.
A Hackney council spokesperson said: “Hackney Council is unaffected by the cyber attack that is reported to be affecting some councils in London. Media reports suggesting otherwise are mistaken.
“We have strong measures in place to keep our services secure and have reminded all staff about their responsibilities to ensure that data is protected.”
Public services on the frontline
Although the big story of 2025 has been one of major cyber attacks on some of the UK’s best-known private sector companies, public services remain in the crosshairs of cyber criminal actors as well, and recent history is littered with examples of such incidents, from last year’s incident at NHS partner Synnovis to the British Library attack, and hits on multiple local authorities across the nation.
“Cyber attacks are a serious and persistent risk to digitised economies. Unfortunately, public services are a prime target for cyber threat actors, whether that be organised crime, nation states, or individuals,” said Maddison at NCC.
“The challenge of securing public institutions is real and growing. Public bodies have large and complex attack surfaces, with online accounts, employees, online resources, locations, and systems to protect.
“The bar to adequately protect such institutions from attack is getting ever higher, with sophisticated and coordinated attackers to counter. We must focus on ensuring the fundamentals are in place to build the future securely. It is critical that initiatives such as the UK’s Cyber Growth Action Plan are adequately funded and prioritised, recognising cyber as a strategic enabler of national resilience and economic growth,” he said.
BasicNet acquires American brand Sundek
MWC extends commish Nevarez through 2030
FBI Says DC Pipe Bomb Suspect Brian Cole Kept Buying Bomb Parts After January 6
-
Tech4 days agoGet Your Steps In From Your Home Office With This Walking Pad—On Sale This Week
-
Sports4 days agoIndia Triumphs Over South Africa in First ODI Thanks to Kohli’s Heroics – SUCH TV
-
Entertainment4 days agoSadie Sink talks about the future of Max in ‘Stranger Things’
-
Fashion4 days agoResults are in: US Black Friday store visits down, e-visits up, apparel shines
-
Uncategorized1 week ago
[CinePlex360] Please moderate: “Americans would
-
Politics4 days agoElon Musk reveals partner’s half-Indian roots, son’s middle name ‘Sekhar’
-
Tech4 days agoPrague’s City Center Sparkles, Buzzes, and Burns at the Signal Festival
-
Sports4 days agoBroncos secure thrilling OT victory over Commanders behind clutch performances