As part of an online miniseries, Callum Mitchell, SOC Technical Lead of e2e-assure discusses his industry predictions for 2026.
My name is Callum Mitchell and I am an experienced security operations professional with a background in building and managing 24/7 security teams, leading global incident response engagements and providing technical consultancy to strengthen operational resilience.
I have been at e2e-assure for nearly a year, where I lead the delivery of intelligence-led detection and response in partnership with customers to protect their intellectual property and data.
Ransomware gangs will hone their insider recruitment drives: Attackers’ efforts to gain access are now routinely being thwarted due to more stringent controls, forcing them to explore other avenues, such as ransomware recruitment.
A recent target was the BBC’s Joe Tidy, who was rattled by tactics that ranged from the proverbial carrot (a percentage of the ransomware) to the stick (MFA bombing). He’s not alone with organisations now repeatedly telling us their staff have been openly approached by these gangs.
AI is also making it easier than ever to automate these attacks with phone conversations and the back-and-forth exchanges associated with an attack like Business Email Compromise (BEC) possible to conduct completely via AI before the final handover to the human attacker.
It’s for these reasons that organisations need to consider if they have sufficient checks and side channels in place that allow these employees to verify whether the instruction they’ve received is genuine.
Custom web apps will become the new zero day: The number of zero-day vulnerabilities has fallen with 75 exploited in the wild last year according to Google with the drop being attributed to improvements in software development.
However, because organisations are increasingly building their own custom web applications to meet their specific needs, these apps are often out of scope for security testing.
This is compounded by the fact that it’s never been easier to automatically scan vast areas of the internet, enabling threat actors to find and exploit some fairly unique vulnerabilities in these apps that would previously have remained undiscovered.
The scope of compliance needs to be widened to include these apps and proactively test their resilience, considering all possible attacker entry points.
Having seen the knock on impact and significant downtime following this year’s high profile attacks, if you’re only going to focus on one thing in 2026, it should be resilience and the ability to quickly get back to business as usual if a breach does occur.
For many organisations, it’s simply not cost effective to manage this in-house, leading them to outsource their security operations to an expert third party.
A third party SOC can monitor the customer environment 24/7/365, raise the alarm as soon as they see any suspicious activity and expedite threat containment.
This means that, if the worst happens, adversaries can be identified and kicked off the network before they’ve had a chance to do any real damage while critical business services are maintained, even during a serious attack.
