Kristina Beek , Alexander Culafi January 29, 2026 Source: Dark Reading As 2026 begins, the cybersecurity industry faces a pivotal moment, grappling with persistent threats and emerging challenges. The year brings renewed focus on critical goals as discussed in the latest edition of "Reporter's Notebook," with Alex Culafi , senior news writer at Dark Reading, joined by Phil Sweeney of TechTarget Search Security and Eric Geller of Cybersecurity Dive. As seasoned reporters immersed in the field, the trio offers unique insights into what cybersecurity professionals should start doing, stop doing, and focus in the months ahead. Their conversation highlights pressing issues, emerging trends, and actionable advice for those in the industry. Their conversation also highlights key areas that will shape the future of the industry. Social engineering attacks , such as phishing , remain a significant concern, with hackers continually refining their tactics to exploit human vulnerabilities. This underscores the need for smarter, more automated defenses that reduce reliance on individual employees as the last line of defense. At the same time, the transition to quantum-resistant encryption looms as a critical priority, with researchers warning of the potential for quantum computers to break traditional encryption methods. Organizations must begin inventorying their systems and preparing for this seismic shift to safeguard sensitive data against future threats. Artificial intelligence (AI) also plays a dual role in the future of cybersecurity. While AI has the potential to enhance security operations, such as streamlining alert management in security operations centers (SOCs), its overuse and unrealistic promises risk undermining trust and creating new vulnerabilities. A measured approach to AI integration, coupled with a focus on mitigating its risks, will be essential as the technology becomes more pervasive. Looking ahead, cybersecurity will require a balance between innovation and vigilance. As organizations prepare for the challenges posed by quantum computing, AI, and, increasingly, sophisticated social engineering tactics, the industry must adopt a forward-thinking mindset that prioritizes resilience and adaptability. By addressing these critical areas, cybersecurity professionals can help build a safer digital future that is equipped to withstand current and emerging threats. Check out our other installments in this series: " Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats ," " Same Old Security Problems: Cyber Training Still Fails Miserably, " and " IoT Security Flounders Amid Churning Risk ." Reporter's Notebook: Full Transcript This transcript has been edited for clarity. Dark Reading's Alex Culafi : Hi, everybody. Thank you for joining us for this edition of Reporter's Notebook. I am Alex Culafi, senior news writer at Dark Reading, and I'm here with representatives from our sister publications. We are all part of the cybersecurity media group at Informa TechTarget. Phil and Eric, please introduce yourselves. Tech Target Search Security's Phil Sweeney : Hello. I'm Phil Sweeney. I'm an editor with the Search Security team, and I also work on Cybersecurity Dive a little bit with the news coverage. Cybersecurity Dive's Eric Geller : And I'm Eric Geller. I'm a senior reporter at Cybersecurity Dive, and I'm happy to be here. DR's Alex Culafi : Great. Thanks for joining me, guys. Happy to have you today. We are offering New Year's resolutions for the cybersecurity industry as reporters that work as a small part of the industry every day. As 2026 begins, we wanted to offer our resolutions for the community at large, including what cybersecurity pros should start doing—doing or start doing more of, as well as what they should stop doing. The three of us each brought one resolution for each category and we're going to go around and talk about each one. I want to start with what the cybersecurity community should start doing more of or start doing in general. It'll go me, Eric, then Phil. To start, I wanted to say that I think that the cybersecurity community should resolve to change how IT support engages with employees. I feel like too often we hear stories of not just social engineering lures where an IT support person supposedly reaches out and says, "Hey, I need your VPN password." But even in legitimate circumstances we have real IT support staff reaching out saying that they need remote access without asking to get on camera, without doing that alternate verification that is generally recommended to avoid social engineering attacks. And the concern there is, even if it is the legitimate IT staff person, I worry that it teaches the wrong lessons to employees that if someone sends you a message through text asking for remote access, that that's safe. I don't know if you guys have seen that kind of stuff too. CD's Eric Geller: All the time. And it's amazing because you would think that the folks who are responsible for protecting the systems would have a better awareness of how not to look like one of the threats themselves, how not to create that kind of false positive. If I were them, I would think you would want to avoid that at all costs so that your users don't get desensitized to those kinds of messages or those kinds of approaches. So it really does surprise me and hopefully we see less of that. DR's Alex Culafi : Eric, how about you? CD's Eric Geller : So the thing I want to see less of is a focus on cramming AI into every part of the conversation, into every product, into every product pitch. I think we're seeing a lot of companies these days take their existing offering and add a dose of AI and say that this is new and improved because we have the robot doing part of it for you now. And there are definitely ways where AI can help make the product better or help make your use of the product better. But there's a lot of things that just don't need to happen that people aren't asking for. I mean, I think that the classic way you could tell that people don't really want these AI features is that companies are turning them on by default and tying them to features that people do want. So Google just recently started adding in AI summaries to emails and documents, and if you want to turn that off, you also have to turn off some of the features that people actually like about the Gmail -Google Calendar integration, that whole ecosystem. And that's to me just kind of a signal flare that the AI push is not coming from user demand, but it's coming from what the companies think is in their best interest in terms of their quarterly profits and in terms of riding the AI hype train. So I'd like to see cybersecurity practitioners scale back their own kind of eagerness to incorporate AI into everything and maybe take a little bit more of a measured approach. Where are the areas where AI actually can help, like improving the SOC where you don't necessarily have to have a human looking at all the alerts day in and day out but being cautious really about integration of AI into other systems. And also, as the security people in the organization, they should be thinking about the harms and the risks of AI and how to mitigate them. Let other people cheerlead for AI in terms of integration and improving ease of use, the security folks have to be sitting there saying we got to game out the worst-case scenarios and make sure that these things don't happen. So I want to see a little bit more of a balanced conversation this year when it comes to AI. DR's Alex Culafi: I'll tell you when I'm at events talking to just whoever — not necessarily part of an interview — or if I meet someone out in the world who's in security, I'm always asking them about the AI stuff like, "What do they have you using? Do you like it?" And even in the less negative interactions I would say I have with people, a lot of the AI tooling that folks are expected to use as part of some larger organizational push: If it works, it doesn't work as well as people want it to, and the general tone has been that it's been more something to deal with than necessarily something that is a revolutionary life-changing thing. So maybe even as an extension of that, I've been hoping for a while that companies would also start selling and pitching AI more realistically in these areas that it can be much more helpful for, but I haven't been very optimistic about what I've seen, I guess. Phil? TTSS's Phil Sweeney : Yeah, yeah. I was thinking maybe sort of in the same neighborhood as what you're talking about, Alex. But let's see if we can find a better way to counter email phishing , which is a thing and still a thing. Hackers keep going back to the phishing. Well, I guess because it never, never runs dry, right? It's inexhaustible. There's something in your email box that looks legit. You're in a hurry. You click. Not that I have, but I'm told people do click. Even in 2026, you know, it's kind of amazing. It's a well-known problem. Even people outside of cybersecurity are aware of the threat, but it continues to work well enough. Enough of the time that for hackers and ransomware gangs, the odds are, you know, pretty good. You're going to get a pretty good yield in each attempt. So if it wasn't working. Right, it would stop being a thing. But here we are. There was a recent incident where a phishing campaign lured customers of a password manager to a page where they'd be asked to plug in their information on that page. And it looked pretty good. The page had the look and feel of a real legit page. Unless you looked really closely and then you would see that there was an 800 number to call for assistance, but it was a 555 phone number like a 1980s TV show or something, so it sort of puts the burden on the user, the individual to be that last line of defense for things that don't get filtered out automatically by the defense systems. So it leads back to tha