Cybersecurity Reset: What 2025 Taught Us and How Organizations Can Win in 2026
The recent InterSources webinar featuring Agathe Merle (Author of “Cyber like a girl” and Senior Manager of Cybersecurity at Abbott) and John Papazian (Chief Business Operations at InterSources) highlighted that 2025 served as a significant cybersecurity wake-up call.
AI threats started coming at us harder and faster, supply chain attacks got nastier, and even basic cloud setup mistakes started costing companies serious money. Security teams everywhere basically came to the same realization: what we've been doing just isn't cutting it anymore.
If you missed our webinar and want more insights about what to expect for next year…don’t panic! These key themes really capture what 2025 taught us and what we need to focus on in 2026:
1. Attackers Jumped on AI Way Faster Than Anyone Expected
The speed caught everyone completely by surprise. Sure, we knew cybercriminals would start using AI eventually, but we thought we had more time. While security teams were still having meetings about their AI roadmap, the bad guys had already jumped in with both feet…no red tape, no approval processes, just straight execution.
Now they're cranking out perfect deepfakes, sending laser-targeted phishing emails that actually fool people, running automated scouting missions, and building plug-and-play crime kits that even amateur hackers can use. It's like they got a massive head start while defenders were still in the planning phase.
The reality check? We can't fight AI-powered attacks with human-only responses anymore. If we want any shot at keeping up in 2026, our defense game needs to be just as automated and AI-driven as theirs.
2. Automation Isn't a Nice-to-Have Anymore; It's Survival
Agathe Merle absolutely nailed it when she described how enterprise security teams are completely overwhelmed right now. Picture this: your team is getting slammed with constant alerts, juggling hundreds of different applications, and expected to somehow catch every single security gap. Without automation backing you up, you might as well try to empty the ocean with a bucket.
To make it through 2026, you've got to commit to:
- Letting AI do the heavy lifting on alert triage so you know what's actually urgent
- Building systems that can automatically patch vulnerabilities without waiting for human approval
- Establishing standard operating procedures that everyone actually follows
- Cutting through the endless analysis and making faster decisions when it matters
Here's the key: automation it's getting them out of the weeds so they can focus on the strategic thinking that machines can't do.
3. Deepfakes Just Became Every Security Team's Nightmare
OK, this story from the webinar really drove home how scary things have gotten. Picture this: an employee gets invited to a video meeting with their CFO. Normal Tuesday, right? Except the "CFO" on the call was completely fake, a deepfake so good that everyone else on the call thought it was really him!
The problem is we've spent years training people to be suspicious of sketchy emails and weird text messages. But nobody questions a video call. When you can see someone's face talking to you in real time, your brain just accepts it as real.
Companies need to wake up fast and figure out new ways to verify who's actually who, especially on important calls. And employees need to know that yes, even video can be faked now. This isn't some sci-fi scenario we're worried about for the future. It's happening right now to real companies with real consequences.
4. Your Security is Only as Strong as Your Weakest Partner
One of the biggest "aha" moments from the discussion was realizing that your company's security doesn't stop at your front door anymore. Attackers figured out something clever in 2025: instead of trying to break down the fortress walls of big companies, why not just walk through the unlocked side door?
That side door? It's your vendors, partners, and all those third-party systems you're connected to. Hackers started going after smaller companies specifically to get access to their bigger clients. It's like robbing a bank by first breaking into the cleaning company that has the keys.
The whole idea of having a "security perimeter" is basically dead now. In 2026, you can't just focus on your own defenses; you need to really dig into who you're working with, keep tabs on their security 24/7, and start demanding that your partners meet much stricter standards. Because their security problems become your security problems, whether you like it or not.
5. Cloud Mistakes Keep Costing Companies Big Money
Agathe Merle shares a really good point here: most cloud security disasters aren't because the cloud itself is broken, it's because someone messed up the settings. Think about it like leaving your house with all the windows open and then blaming the neighborhood when you get robbed.
What's happening is pretty predictable: developers are moving fast, trying to ship features quickly, and maybe they didn't get proper training on cloud security services. So they rush through deployments, click "yes" on default settings they don't understand, and accidentally leave the digital equivalent of their front door wide open.
These are totally preventable mistakes that end up costing companies massive amounts of money. In 2026, you need solid cloud security monitoring tools, standard setup procedures that everyone follows, and actual training so people know what they're doing. Because these "oops" moments are getting way too expensive to ignore.
6. Security Teams Can't Be the Fun Police Anymore
Both speakers really drove home something that's been brewing for a while: security teams need to stop being the people who show up and say "no" to everything. You know the dynamic developers want to try something new, business teams have an urgent request, and then cybersecurity swoops in like the parent at a teenager's party.
That approach is dead in 2026. Security folks need to learn how to talk like actual business people, not just throw around technical jargon and expect everyone else to figure it out. Instead of "This creates vulnerabilities in our threat landscape," try "This could cost us $2 million if something goes wrong."
Merle shared some great examples of how targeted training sessions completely flipped the script. Instead of other teams seeing security as a roadblock, they started viewing them as the helpful experts who keep everyone out of trouble. Think of it like having a really good lawyer on your team, someone who helps you get what you want while keeping you safe.
Companies that nail this partnership approach are going to have a huge advantage next year, because everyone else will still be stuck in those old adversarial relationships.
7. People Skills Might Just Be Cybersecurity's Secret Weapon
This part of the conversation really hit different, especially when they brought up Merle's book "Cyber Like a Girl." She shared stories about women who are absolutely crushing it in cybersecurity, not because they had computer science degrees or went through some traditional tech pipeline, but because they were curious, stubborn about solving problems, and willing to learn stuff that wasn't technically "their job."
It's actually a perfect example of something bigger: the best security teams aren't filled with clones of the same person. When you've got people from different backgrounds, ages, genders, and experiences all looking at the same problem, they spot things that a homogeneous team would completely miss.
Think about it: someone who came from retail might understand social engineering attacks differently than someone who's only ever worked in tech. A parent might have insights about family safety that a young single person wouldn't consider. The diversity isn't just nice to have; it's literally making your defenses stronger.
2026 is going to separate the Winners from the Wishful Thinkers
After listening to everything John and Agathe shared, it's pretty clear that 2025 was the year cybersecurity changed forever. The companies that'll actually thrive in 2026 aren't going to be the ones with the biggest budgets or the fanciest tools…they're going to be the ones who get smart about:
- Getting automation working for them instead of drowning in alerts.
- Using AI to fight back against AI attacks.
- Training people to question even video calls, actually securing their cloud setups properly, and remembering that their vendors' problems become their problems.
- Turning security teams into helpful partners instead of roadblocks.
- Investing in people who can think creatively under pressure.
Cybersecurity for 2026 is more about people, culture, and how teams work together. The human side of security, curiosity, collaboration, and the ability to adapt when something totally unexpected happens is what's going to make or break organizations.
If 2025 taught us anything, it's that we can't keep playing defense forever. 2026 needs to be the year we stop scrambling to catch up and start building security that can actually handle whatever comes next.