Cybersecurity tips to effectively kick-off the second half of 2026
06 Jul 2026
The FIFA World Cup is currently in the group stage, but many organizations are already knocked out (off their defenses). Cybercriminals are up with attacks that are unpredictable, and regulators have become stricter about their security expectations.
The first half of 2026 brought with it some of the key lessons and takeaways that organizations can realize into resilient and mature defenses.
What are those lessons? How can organizations use them to win in the second half of 2026? Let’s find out!
4 Lessons from the 1st half of 2026
Here are five lessons/takeaways from the first half of 2026:
Lesson 1 – Third-party risks have surged
Supply chain breaches like Klue showed how one third-party breach can affect multiple big companies.
Lesson 2 – AI has become a real risk
From the risks associated with the Claud Mythos model, AI-based phishing, to the rising risk of Shadow AI.
Lesson 3 – Living off the land attacks have surged
Attackers have started exploiting the vulnerabilities in the victim’s existing detection mechanisms to orchestrate attacks.
Lesson 4 – Regulators are ready to scrutinize organizations especially for how they use AI
With the rising risks, regulators are strictly scrutinizing organizations for the secure use of AI.
5 Security (and compliance) tips to effectively kick off 2nd half of 2026
Here are five cybersecurity tips to effectively kick off the second half of 2026:
1. Audit your AI usage before regulators do
Shadow AI has become one of the biggest means of unmonitored data leakage. With regulations like the EU AI Act coming into force in August 2026, AI governance has shifted from “nice to have” to a board-level compliance problem.
Tip
Take an inventory of all AI tools used across departments, including shadow AI, third-party AI plugins, Copilot, and agentic workflows.
Answer questions like:
- Who is approving the use cases of AI?
- What data is fed to AI models?
- Is any sensitive customer data/IP leaving the controlled environment?
2. Prepare for AI-driven Identity attacks
Attackers are using AI to bypass technical controls by targeting trust across organizations through phishing, vishing, deepfake, and synthetic identities.
Tip
Review the effectiveness of security controls around high-risk human workflows.
Answer questions like:
- Are finance approvals, password resets, and vendor payment changes securely made?
- Is there an additional step of verification for high-value requests?
3. Patch based on exploitability not CVSS scores
High CVSS scores don’t mean active exploitation, and endless patching queues can lead to patch fatigue. Teams in 2026 need clear focus and context on what is important. They need to remediate as per risk, not clear queues!
Tip
Prioritize vulnerabilities based on their:
- Known exploitation in the wild (like CISA KEV Catalog)
- Exposure to the internet
- Privilege impact
- Criticality to business
Answer questions like
- How actively is the flaw being exploited in the wild?
- What threat does the flaw pose to operations, data, etc.?
4. Reassess third party risk beyond the questionnaire
Vendor trust is now an attack path. Third-party compromises like Klue’s show that vendor risk is becoming challenging to manage, with compromises happening through SaaS, APIs, and MSPs. Don’t leave out software updates!
Tip
Assess vendors beyond third-party risk questionnaires. Look for things like how quickly they disclose incidents and whether they have AI governance controls in place.
Answer questions like:
- What SBOM practices do vendors follow?
- Is their status quo IR practice effective?
5. Align security measures with upcoming scrutiny
Compliance expectations have shifted from documentation to demonstrating operational resilience. Regulators are increasingly scrutinizing organizations for evidence of resilience.
Tip
Track metrics that regulators, auditors, and leaders expect to see, like Mean Time to Detect, Mean Time to Contain, and Critical Asset Coverage.
Answer questions like:
- What is the maturity of AI governance?
- How much time does it take to respond to a detected risk?