A few years ago, a mid-sized logistics company in the UK went from fully operational to completely paralysed in the space of forty-five minutes.

Not because of a sophisticated state-sponsored attack. Not because a team of elite hackers spent months probing their defences. Because one employee clicked a link in an email that looked like it came from their HR department about an updated holiday booking system. The malware that link installed encrypted every file on the company’s network, locked out every employee, and presented the IT team with a ransom demand before most of the staff had finished their morning coffee.

The company had antivirus software. They had a firewall. They had, on paper, a reasonable set of security protocols. What they did not have was a workforce that knew how to recognise a convincing phishing email, because nobody had ever shown them what one looked like.

They paid the ransom. It took them three weeks to fully recover. The total cost, including lost productivity, emergency IT support, and the ransom itself, ran to several hundred thousand pounds.

For a mid-sized company with tight margins, that was nearly terminal.

I tell that story not to frighten anyone but because I think it illustrates something about cybersecurity that the technical discourse tends to obscure. Most successful cyberattacks are not elegant feats of technical wizardry that breach impenetrable defences. They are opportunistic exploitations of ordinary human behaviour — the click that happens too quickly, the password that is too simple, the software update that has been sitting in the notification bar for three weeks without being installed.

The gap between being a relatively secure individual or organisation and being a vulnerable one is, in most cases, not a matter of expensive technology. It is a matter of consistent habits and genuine understanding of what the threats actually look like.

This article is about developing both.

How Cybersecurity Got Here — And Why the Old Approaches Are Not Enough

To understand the current cybersecurity landscape, it helps to understand how dramatically and how quickly it has changed.

The earliest computer security concerns were relatively contained — viruses spread through floppy disks, malware that was mostly the work of curious individuals testing capabilities rather than organised criminals seeking profit. The defences matched the threats: antivirus software that compared files against a database of known malicious code, firewalls that blocked unauthorised network access. The model was reactive. A threat appeared, it was identified, a signature was added to the database, and the antivirus software knew to block it.

That model began to break down as the internet expanded and as the financial incentives around cybercrime grew large enough to attract genuinely sophisticated, well-resourced actors. The reactive, signature-based approach to security is fundamentally vulnerable to new threats that have not been identified yet — and in an environment where new malware variants are created at the rate of hundreds of thousands per day, relying on a database of known threats to protect you is a bit like installing a lock that only keeps out criminals whose fingerprints are already on file.

The cloud made the perimeter problem worse. When data lived on servers in a physical location behind a physical firewall, the security challenge was primarily about protecting that location. When data lives across dozens of cloud services, accessed from personal devices on home networks and public WiFi by employees working from anywhere in the world, there is no meaningful perimeter to defend. The boundary between inside and outside has dissolved, and security strategies that were designed around that boundary have had to fundamentally reinvent themselves.

What has emerged from this reinvention is a philosophy sometimes called zero trust — the principle that no user, device, or system should be automatically trusted based on its location or identity, and that access to sensitive resources should be continuously verified rather than granted once and assumed forever. This represents a fundamental shift in how security is conceptualised, and it is driving changes in how both organisations and individuals should think about protecting their digital lives.

The Threat Landscape Right Now — Specific, Concrete, and Evolving

Let me be direct about what the actual threat landscape looks like in 2026, because abstract discussions of “cyber threats” are less useful than understanding specifically what methods attackers are using and why they are effective.

Ransomware — The Attack That Has Become an Industry

Ransomware — malicious software that encrypts a victim’s files and demands payment for the decryption key — has evolved from a relatively crude criminal tactic into a sophisticated, industrialised criminal ecosystem.

Modern ransomware operations run with the organisational complexity of legitimate businesses. There are developers who build and maintain the malware. There are affiliates who deploy it against targets. There are negotiators who handle communications with victims. There are customer service operations — and yes, this phrase is used without irony in the cybersecurity industry — that help victims purchase cryptocurrency to pay ransoms. There are even PR teams that manage the reputational dimensions of high-profile attacks.

The targets have shifted upward in scale and criticality. Hospitals, water treatment facilities, schools, government agencies, energy infrastructure — the attackers have learned that organisations providing critical services have powerful incentives to pay quickly to restore operations, and have targeted them accordingly. The ransomware attack on the Irish Health Service in 2021, which disrupted patient care across the country for months, was a demonstration of how catastrophic this category of attack can be when it hits the right target.

For individuals, the ransomware risk is real but the most effective defences are straightforward. Regular backups — stored somewhere physically or logically separate from the devices being backed up — make ransomware a significant inconvenience rather than a catastrophe. If your files are encrypted and you have a clean backup from yesterday, the attacker has inconvenienced you. If you have no backup, they have you.

Social Engineering — The Attack on Humans Rather Than Systems

The most consistent finding in cybersecurity research over the past decade is that people are more reliably exploitable than technology. Technical defences have become sophisticated enough that direct technical attacks on well-secured systems are difficult and time-consuming. It is often far easier to simply trick a person into handing over access.

Social engineering — the use of psychological manipulation to get people to take actions that compromise security — takes many forms. Phishing emails are the most familiar. But the category now includes vishing (voice phishing — phone calls from people claiming to be IT support, bank fraud teams, or government agencies), smishing (the same via text message), and increasingly sophisticated deepfake-based attacks where synthetic audio or video of trusted individuals is used to authorise fraudulent requests.

The spear-phishing variant — highly targeted attacks that reference specific, personal information about the recipient — has become dramatically easier to execute as social media has given attackers access to detailed information about individuals’ professional roles, relationships, and recent activities. An email that references your actual employer, your actual manager’s name, and a real project you are working on is considerably more convincing than a generic fraud attempt, and considerably harder to dismiss on sight.

The psychological mechanisms these attacks exploit are not signs of stupidity or carelessness. They are normal human cognitive patterns — the tendency to trust apparent authority, the inclination to respond to urgency, the social discomfort of challenging what appears to be a legitimate request. Understanding that these patterns are being deliberately targeted, and building the habit of deliberate verification before acting on any digital request involving credentials, money, or sensitive access, is the primary defence.

Supply Chain Attacks — The Threat That Hides Behind Trust

One of the more sophisticated and troubling developments in recent cybersecurity is the rise of supply chain attacks — attacks that compromise security not by targeting an organisation directly, but by targeting a software vendor or service provider that the organisation trusts, and using that trusted access as a vector into the real target.

The SolarWinds attack of 2020 was the event that brought this category of threat to mainstream awareness. Attackers compromised the build process of a widely used IT monitoring software product, inserting malicious code that was then distributed to thousands of customers through a routine software update. The victims included major US government agencies and technology companies, and the compromise was active for months before it was detected.

The supply chain attack is particularly insidious because it exploits the very behaviour that security guidance tells you to engage in — keeping your software updated, using reputable vendors. You did everything right, and the attack came through the trusted channel you used to do the right thing. For organisations, managing supply chain risk has become one of the most complex challenges in cybersecurity. For individuals, the practical implication is to maintain software from established vendors with strong security practices, and to apply the same scrutiny to browser extensions and third-party applications that you would to more obviously risky downloads.

AI-Augmented Attacks — The New Frontier

Artificial intelligence is transforming cybersecurity on both sides of the equation. Defenders are using AI to detect anomalous patterns in network traffic, identify novel malware variants, and respond to incidents at speeds humans cannot match. Attackers are using AI to generate more convincing phishing content, automate vulnerability discovery, and create deepfake audio and video for social engineering at scale.

The most immediate practical implication for most people is the dramatic improvement in the quality of phishing content. AI language models can now generate highly convincing, grammatically perfect, contextually appropriate phishing emails at scale — eliminating the misspellings and awkward phrasing that used to serve as reliable red flags. The heuristic of “if it looks professionally written it is probably legitimate” no longer holds in the way it once did.

This does not mean the situation is hopeless. It means that the defences need to be behavioural rather than purely perceptual — built around verification habits and security processes rather than the ability to spot obvious errors in fraudulent communications.

The Emerging Technologies Changing the Defence Landscape

Artificial Intelligence and Machine Learning in Cyber Defence

The application of AI and machine learning to cybersecurity defence is one of the more genuinely transformative developments in the field. The core advantage of these technologies is their capacity to identify patterns across enormous volumes of data at speeds that human analysts cannot approach.

Traditional security monitoring depends heavily on rules — defined signatures of known threats, alert thresholds for specific types of activity. The limitation is that novel attacks, by definition, do not match known signatures. AI-based systems can detect anomalies — deviations from established patterns of normal behaviour — even when those anomalies do not match any known threat. This makes them effective against novel attacks in a way that rule-based systems are not.

The practical applications range from fraud detection in financial services — where AI systems identify unusual transaction patterns with remarkable accuracy — to endpoint security tools that monitor device behaviour and flag anomalies, to network security systems that can identify and respond to intrusion attempts in real time without waiting for human review.

For individuals rather than organisations, AI-based security tools are increasingly embedded in the consumer security products many people already use — smart fraud detection in banking apps, AI-powered email filtering that catches phishing attempts before they reach the inbox, and automated threat response in endpoint security software. The technology is advancing faster than most users are aware.

Blockchain and Decentralised Security

Blockchain’s potential applications in cybersecurity are less immediately practical for most individuals than AI-based tools, but worth understanding for the direction they suggest.

The fundamental security property of blockchain is immutability — once data is recorded in a properly functioning blockchain, it cannot be altered without detection. This has obvious applications in contexts where data integrity is critical: audit trails, identity verification systems, certificate authorities for cryptographic trust. The decentralised nature of blockchain also eliminates single points of failure — there is no central database to compromise, no single server whose breach provides access to everything.

Practical blockchain-based security applications are still largely in development or early deployment, but include decentralised identity systems that give individuals control over their own credentials without relying on centralised providers, supply chain verification systems that create tamper-evident records of software provenance, and distributed storage systems that resist the kind of large-scale data breaches that centralised databases enable.

What Actually Works — A Practical Framework for 2026

Let me move from the landscape to the practical, because understanding threats without knowing how to respond to them is a frustrating place to stop.

The Non-Negotiable Foundations

Password management. I wrote about this in a previous article on online privacy and I will say it again here because it remains the single most impactful thing most individuals can do for their security. Unique, complex passwords for every account, managed through a reputable password manager. The reuse of passwords across accounts is the vulnerability that enables the largest proportion of account compromises, and it is completely preventable. Bitwarden is free, open-source, and independently audited. 1Password and Dashlane are excellent paid alternatives. There is no good reason not to use one.

Two-factor authentication, applied properly. 2FA reduces the risk of account compromise even when credentials are stolen. The distinction between SMS-based 2FA and authenticator app-based 2FA matters — SMS can be intercepted through SIM-swapping attacks, and authenticator apps are meaningfully more secure. Use an authenticator app wherever possible. Your email account and your banking apps should be your first priorities.

Software updates, treated as non-negotiable. The vulnerability that enabled the WannaCry ransomware attack in 2017 — which affected hundreds of thousands of computers in over 150 countries — had been patched by Microsoft two months before the attack. The organisations that were compromised were running unpatched systems. The patch existed. They had not installed it. Update everything. Enable automatic updates where possible. Treat the notification that an update is available as something that needs to happen today, not at some future convenient moment that never quite arrives.

Backups that are actually usable. A backup strategy has three components: regular (ideally daily for important data), isolated (stored somewhere that cannot be affected by a ransomware attack — a physical drive that is not permanently connected, or a cloud service with versioning), and tested (actually try to restore from the backup periodically, because a backup you have never tested is a backup you cannot count on).

The Behavioural Habits That Matter Most

Verification before action. Any request involving credentials, money, or access to sensitive systems — regardless of how legitimate it appears — deserves a moment of deliberate verification. Call the person who supposedly sent the email on a number you already know, not the number in the email. Log into the service through your bookmarked URL rather than the link in the message. The few seconds this takes is the most reliable defence available against social engineering attacks.

Treat urgency as a red flag. The creation of artificial urgency — your account will be suspended, you must act immediately, this is a time-sensitive security alert — is a hallmark of social engineering attacks specifically because urgency overrides careful thinking. When something is presented as requiring immediate action without time for verification, the correct response is to slow down rather than speed up.

Public WiFi hygiene. Public WiFi networks are fundamentally untrustworthy environments. Traffic on these networks can be intercepted by anyone on the same network with the right tools. For routine browsing this is a manageable risk. For anything involving credentials, banking, or sensitive personal information, either use your mobile data connection or use a VPN — a Virtual Private Network — that encrypts your traffic and prevents interception. This is not paranoia. It is basic awareness of how the technology works.

Regular account reviews. Spend thirty minutes every few months going through your online accounts and closing or deactivating ones you no longer use. Every dormant account with your information is a potential breach waiting to be discovered. The fewer accounts that exist, the smaller the surface area of your exposure.

For Organisations — The Layer That Individuals Cannot Provide for Themselves

For businesses and organisations, the baseline technical measures are necessary but not sufficient. The consistent finding in post-incident analysis of major breaches is that the human factor — employee behaviour — is the most exploited vulnerability in most attack chains.

Employee security training that is genuine rather than performative — that teaches people to recognise specific current attack techniques rather than reciting general principles — is one of the highest-return security investments available to organisations. Simulated phishing exercises, where employees receive realistic fake phishing emails and are shown the result, consistently produce measurable improvements in recognition and reporting rates.

The principle of least privilege — ensuring that employees have access only to the systems and data they actually need for their role, rather than broad access that makes a compromised account more valuable to an attacker — is fundamental to limiting the blast radius of any single successful attack. Many organisations grant broad access as a default and restrict it only when a specific reason arises. The more secure posture is the reverse.

An incident response plan — a documented, regularly tested procedure for what happens when a security incident occurs — is the difference between an organisation that can respond to an attack coherently and one that is improvising under pressure while the damage compounds. The time to develop this plan is before the incident, not during it.

The Uncomfortable Truth About Cybersecurity

Here is the thing that the cybersecurity industry does not always say loudly enough, because it is not reassuring and reassurance is easier to sell than honesty.

You cannot be perfectly secure. No individual, no organisation, no government agency operates in a state of perfect digital security. The combination of human fallibility, the pace of threat evolution, the complexity of modern technology environments, and the asymmetry between attackers — who need to find one way in — and defenders — who need to protect every possible way in — means that absolute security is not a realistic goal.

What is realistic is being a hard enough target that opportunistic attackers go elsewhere. Most cybercrime is not targeted. It is automated and indiscriminate — sending millions of phishing emails and waiting for the small percentage that work, scanning millions of IP addresses for known vulnerabilities and exploiting the ones that are unpatched. Against this kind of attack, consistent application of basic security hygiene is genuinely effective.

What is also realistic is resilience. Building the backup systems, the incident response plans, and the recovery procedures that mean when something does go wrong — and eventually, for most organisations, something will — the damage is contained, the recovery is possible, and the harm is measured in days rather than months.

Cybersecurity is not a problem you solve. It is a discipline you practise — updating, adapting, and improving as the threat landscape changes. The organisations and individuals who do this consistently are not immune. But they are dramatically better positioned than those who treat it as a box to be checked once and then forgotten.

The price of that better positioning is not primarily money. It is attention, consistency, and the willingness to treat digital security as a genuine ongoing responsibility rather than a technical concern that belongs to someone else.

If this piece gave you something concrete to act on, start with the password manager. Today. Everything else can follow. And find more technology and safety content right here on DennisMaria.