Skip to content

Cyber Security

Trends for cyber in 2026

This article originally appeared in the Computer Weekly: https://www.computerweekly.com/opinion/The-three-cyber-trends-that-will-define-2026

We are staring down the barrel of 2026. If you think the last twelve months were chaotic, strap in.

The "business as usual" model for security is dead. We are moving into an era where the CISO is either a financial risk broker or irrelevant, where AI doesn't just write emails but writes exploits, and where your right to privacy is being legislated out of existence.

Here is my take on the three trends that will define the next year.

"In Cyber security, basics matter!" even in 2025

cyber hygiene

This article originally appeared in the Computer Weekly https://www.computerweekly.com/opinion/In-cyber-security-basics-matter-even-in-2025

What a year 2025 has been: Rich in both cyber events and innovations alike. On the latter, not a week has passed without a mention of innovation in Artificial Intelligence (AI). I am excited about the innovative ways AI is going to be used to benefit our society; perhaps this is the 4th Industrial Revolution coming. The level of useful innovation in cyber security, despite some questionable claims by certain vendors, will increase in 2026 with new products and services.

To gain sufficient value from these innovations, however, we need to implement the basic controls well first. Whether we measure this against UK Cyber Essentials or CIS Critical Cyber Controls, the reality remains the same: cyber incidents are still mostly “enabled” by organisations neglecting these basics.

A Lesson in Cybersecurity: How a Simple Flaw in a Partner's Software Exposed Millions of McDonald's Job Applicants

A woman looking at a computer screen. McDonald's and Paradox.AI logos

A startling security vulnerability in a recruitment platform used by McDonald's has potentially exposed the personal data of up to 64 million job applicants. The incident serves as a powerful reminder of a risk that has plagued the technology sector for decades: the supply chain. I question whether McDonald's had even done a thorough cybersecurity due diligence when contracting with Paradox.

I also note, while the platform in question uses artificial intelligence, the critical error was deeply human and not a failure of AI at all.

Apple’s App Store Under Fire: Global Rulings Open the Door for Fintech Innovation and Raise New Cybersecurity Challenges

Apple app store, judge, fire

In a historic shift for the digital economy, Apple is being forced by courts and regulators in both the United States and Europe to allow app developers to use any payment method for their apps and in-app purchases-without Apple’s customary commission or fees. While these rulings are set to unleash a wave of fintech innovation and competition, they also introduce new cybersecurity risks that could impact millions of users worldwide. This article explores the legal battles, the global regulatory landscape, the opportunities for fintech, and the security challenges that lie ahead.

The End of Active Directory: Why Your Cybersecurity Strategy Demands Entra ID Now

Right, let's have a honest discussion about Microsoft Active Directory. For ages, it’s been the bedrock of how most businesses handle logins and access – the familiar, reliable workhorse humming away in the server room. It did its job, absolutely.

But here’s the rub: the world it was built for vanished years ago. Is it appropriate to keep clinging to legacy technology foundations as your main line of identity defence in today's world? Frankly, that’s looking increasingly like bringing a knife to a gunfight.

Burning Active Directory being thrown into a wastebin

One chapter has closed - Skybox Security is no more

skybox security no more Yesterday, 24th February 2025, I received the heartbreaking news that one of the cybersecurity vendors I had worked with since 2006, Skybox Security, has closed its doors.

The announcement came as a shock, first shared with employees on a call and later communicated to channel partners via email. Skybox Security was once a visionary company, yet it has now faced an unfortunate end.

My thoughts are with all the former employees whose lives have been suddenly disrupted. I sincerely wish them strength and resilience in navigating this transition and finding new opportunities that match their talents and expertise.

Let’s take a moment to reflect on Skybox Security’s journey and the lessons to be learned.

A humble proposal: The InfoSec CIA triad should be expanded

This article was first published by Help Net Security and can be accessed on their website in International English spelling.

What if I told you that what you may have learned about protecting information and information systems is incomplete? Curious? Then read on.

The inconsistent and incomplete definitions of essential properties in information security create confusion within the InfoSec community, gaps in security controls, and may elevate the costs of incidents.

In this article, I will analyse the CIA triad, point out its deficiencies, and propose to standardize the terminology involved and expand it by introducing two additional elements.