JAKARTA - Entering the new year, cyber observers predict that the cyber threat landscape in 2026 will be increasingly complex and aggressive, as the massive use of artificial intelligence (AI) by perpetrators of crimes.
Chairman of the CISSReC Pratama Persadha Cyber Security Research Institute revealed that AI will automate reconnaissance, develop an exploitation chain, create convincing phishing on a large scale, and impersonate executives with almost perfect voice and video.
"Social engineering will be almost indistinguishable from legitimate communications. The American Cybersecurity and Infrastructure Agency (CISA) has warned that AI-based social engineering will be one of their main risks in the future," said Pratama in a statement received some time ago.
Then, the speed of security breaches will increase dramatically, as ransomware actors use AI to scan the internet continuously, chaining vulnerabilities, and launching attacks with minimal human intervention.
Pratama also highlighted the major changes in the world of encryption. Organizations are currently preparing for post-quantum algorithms approved by the National Institute of Standards and Technology (NIST), while opponents are accelerating the theft of encryption keys with the help of AI.
"Encryption will extend deeper into the system, covering logs, machine identities, database fields, memory, and all backup repositories. The pressure will not come from the encryption itself, but from the governance behind it," he added.
Furthermore, compromised identities are expected to remain the leading cause of security breaches in 2026. Attackers will increasingly rely on replaying session tokens, impersonating executive identities, to abusing service accounts and machine identities.
Another threat that is no less serious is an attack on digital supply chains. According to Pratama, one weak supplier can endanger dozens of organizations at once, especially through managed service providers, cloud platforms, SaaS applications, and specialized subcontractors.
"Improving cybersecurity security and defense in the government environment must be placed as a top priority. This step includes the implementation of strict cybersecurity standards across agencies, strengthening the integration of interconnected security systems, and improving human resource competence," he said.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
