With AI moving fast, chats, agents and bots popping up all over the place, the tactics and techniques cyber attackers are using to get at our data are also shifting yet again. Here is what you need to know about keeping your data, your team – and your job – safe in 2026!
October 2025 marked the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) Annual Cyber Security Awareness Month campaign. But this year the theme and the recommendations made to Australian businesses were a little different.
Whilst it would be easy to skim over this year’s recommendations and think – not my jam, that’s IT’s job, proactive, future-focused leaders and organisations know that each and every one of us has a role to play in building our own cyber safe culture.
After all cyber security is everyone’s responsibility, and with some all-new recommendations in the mix, the time to act review, refresh and act is now.
The Four Key Actions You Need to Know
In both its CSAM2025 materials and latest Annual Cyber Threat Report, the ASD’s ACSC focused on four critical areas that directly impact how end users work and interact with technology every day. Here’s a recap of the four key themes AND what they actually mean for people who DON’T work in IT!
1. Event Logging
“You can’t defend what you can’t see.”
This theme emphasised the importance of gaining greater visibility what’s happening inside your network. As an end user of your company’s IT services, your role to play here is to:
- Ensure your devices and apps are updated to be able to support logging.
- Report any unusual activity or system behaviour you experience or notice
- Understand that logging helps detect new threats like Living off the Land (LOTL) techniques, which evade traditional IT security tools.
2. Legacy Technology
“If it ain’t broke, don’t fix it” – said no cybersecurity lead ever!
Outdated software and hardware are prime targets for cyber attacks. To make sure you’re doing your part here, be sure to:
- Flag legacy systems or unsupported apps to IT.
- Avoid using outdated browsers or plugins.
- Recognise that replacing legacy tech is cheaper than recovering from a breach.
3. Supply Chain & Third-Party Risk
“You’re only as secure as the partners you trust.”
Your organisation’s security is only as strong as its weakest supplier. That goes for whoever or whatever you as an employee and end user choose to download or access using your work device. Make sure that you’re not the weakest link:
- Be cautious when interacting with third-party platforms.
- Avoid sharing sensitive data unless necessary.
- Choose tools and services that are approved and managed by your organisation and secure by design.
4. Quantum Readiness
“This feels like a future-me problem.”
Quantum computing is right on the horizon, and it will break traditional encryption. To get ready for what’s right around the corner, you have a chance now to:
- Find out about what the shift to post-quantum cryptography means
- Understand that secure communications today may not be secure tomorrow.
- Trust IT teams to lead the transition, but it’s your job to stay informed.
How This Affects You and Your Work
As your organisation grapples with the dual challenge of embracing AI and address new cyber threats, our advice to you heading into 2026 is to expect the unexpected. Here is what this will look like on the office floor next year.
- More secure collaboration tools: Expect updates or changes to the tools, services and platforms you use like email, Teams, and your CRM and job management systems to support better logging and encryption.
- Greater scrutiny of third-party vendors: Marketing platforms, analytics tools, and social media integrations may be reviewed for security compliance. Be prepared to make some transitions to your company’s approved toolsets.
- Training and awareness: You may be asked to complete new cyber awareness modules and take additional training in AI, or even IT fundamentals! But we can help you and your team with that – Just let us know.
- Faster incident response: Your company will likely add a Managed Security Service to their tech stack to automate incident detection and response; you might see different alerts or notifications giving you urgent or specific direction if a cyber event occurs.
Keep the Foundations Strong
Mostly importantly, the foundational must-dos have not changed. Be sure to make sure you’re working smart and secure and following the essentials below:
- Update your software and enable automatic updates.
- Use strong, unique passphrases and enable multi-factor authentication.
- Report suspicious emails or system behaviour immediately.
- Engage with your IT and security teams—ask questions, share concerns, and stay informed.
Cyber security is never just an IT issue. Let’s make 2026 the year we move from awareness to action.
Contact us if you’d like more advice on how to build a better cyber security culture in your workplace.
