□ Identified five noteworthy cybersecurity threats that will affect enterprises this year
- AI-based security threats; ransomware; cloud security threats; phishing and account takeover; and data security threats
□ Need comprehensive and preemptive countermeasures suited for a full-fledged AI proliferation era
Samsung SDS has announced the top 5 notable cybersecurity threats companies need to pay attention to in 2026. This selection is based on the company’s analysis of domestic and international cybersecurity issues that occurred last year.
The ‘Top 5 Cybersecurity Threats for 2026’ are: AI-based security threats arising from the malicious use or misuse of AI; ransomware attacks that seize control of user information and systems and demand payment for their restoration; cloud security threats emerging from the migration of enterprise IT environments to the cloud; phishing and account takeover attacks that impersonate others to steal information, funds, or account privileges; and data security threats that result in unauthorized access to, corruption of, or exfiltration of critical data.
Samsung SDS gathered opinions from 667 IT and security practitioners, managers, and executives in Korea, and compiled a list of countermeasures for each of the above-listed threats.
■ AI-Based Security Threats
The adoption and proliferation of generative AI, particularly AI agents, are expected to escalate associated security threats. As AI agents evolve into autonomous task-performing entities, excessive delegation and the abuse of privileges during execution can lead to data exfiltration, unauthorized actions, and system damage. To avoid this, it is essential to grant AI the least privilege. Furthermore, for sensitive tasks, such as information modification or payment processing, real-time monitoring and anomaly detection should be implemented via AI Guardrails*. These controls identify and block anomalous activities while requiring user approval processes.
* AI Guardrails refer to control technologies and solutions designed to ensure that AI systems operate within safe and reliable boundaries. Similar to physical guardrails that prevent vehicles from veering off the road, AI Guardrails function as safety mechanisms that prevent AI from generating harmful or inappropriate content or engaging in unintended behaviors.
■ Ransomware
Recently, ransomware attacks have evolved into quadruple extortion: ① encrypting data from victim companies, ② threatening to disclose stolen data, ③ launching DDoS attacks, and ④ imposing pressure on victim companies’ customers, partners, and media outlets. To respond to these threats, it is essential to secure backup systems for early recovery and normalization. Additionally, a phased approach is needed, such as blocking prior to the execution of malicious code; detection of anomalous activities; containment and analysis of the incident; and recovery after the execution of malicious code. Furthermore, regular training and unannounced drills should be conducted to ensure all employees are equipped with practical incident response capabilities.
■ Cloud Security Threats
As enterprises migrate their IT environments to the cloud, security vulnerabilities continue to rise. Excessive storage sharing, mismanaged authentication and authorization, and unattended default configurations remain major causes of cloud security incidents. These cloud misconfigurations can be addressed by implementing continuous monitoring systems, such as Cloud-Native Application Protection Platforms (CNAPP). This enables enterprises to monitor vulnerabilities related to account privileges and resource configurations in real time, while automatically detecting and remediating insecure configurations -- including external exposure and missing encryption -- according to predefined security policies.
■ Phishing and Account Takeover
Phishing attacks targeting enterprise users are increasingly aimed at an entire organization via internal network intrusion, data exfiltration, further hacking through ransomware deployment, and the establishment of supply chain attack channels. The resulting damage can escalate from personal information leaks and service disruptions to financial losses and the erosion of corporate reputation. Meanwhile, access privileges granted to AI systems -- including chatbots and AI agents -- must be controlled by applying Multi-Factor Authentication (MFA)* for all accessing entities, coupled with integrated management of access accounts, roles, and policies.
* MFA is a multi-layered authentication mechanism that protects accounts from unauthorized access by demanding additional authentication via email, mobile, and fingerprint, beyond IDs and passwords.
■ Data Security Threats
Security threats resulting from data corruption and theft are mainly attributed to single-factor authentication mechanisms, excessive privilege grants, and insufficient access management. To address these threats, organizations must implement access controls based on user actions -- in addition to job functions and roles -- including large-scale file downloads, external data transmission, and access during anomalous hours. Meanwhile, the security levels of business partners (e.g., suppliers and partners across the supply chain) and related services should be managed from an enterprise-wide risk management perspective to ensure mutual trust.
Yong-min Chang, Vice President and Leader of the Security Business Team at Samsung SDS, stated, “The proliferation of AI and AI agents will amplify new security threats, including sophisticated phishing, data exfiltration, and attacks targeting AI usage environments. As these threats cannot be addressed by traditional security solutions alone, enterprises must shift from security that relies on specialized personnel to AI-powered security solutions that enable proactive responses through AI-based monitoring, detection, and automated blocking.”
Meanwhile, Samsung SDS has been demonstrating its capabilities as a security leader with recognition from global market research firm IDC as a leader in three IDC MarketScape reports for 2024: Managed Security Services (APAC, 2024), Professional Security Services (APAC, 2024), and Cybersecurity Consulting Services (Worldwide, 2024). Samsung SDS has also been acknowledged as a major player in Cloud Security (Worldwide, 2022-2024).
