As part of an online miniseries, Ross Brewer, Vice President and Managing Director of Graylog discusses his industry predictions for 2026.
Can you tell me a bit about yourself, your job role and how long you have been at the company?
I’m Ross Brewer, Vice President and Managing Director for EMEA at Graylog.
I kicked off my IT career in New Zealand four decades ago and for the past 30 years I’ve specialised in cybersecurity.
I’ve been with Graylog for almost two years, supporting our EMEA commercial and customer-facing teams while advising governments, defence and intelligence agencies, critical national infrastructure and major public and private sector organisations.
My work centres on best practices in log and machine data collection, monitoring, analytics, forensics, retention and compliance.
All in all, if it produces a log, I’ve probably analysed it, secured it or argued with someone about why they should keep it.
What are some of the key trends and predictions you think we will see in the security industry in 2026?
AI may be the headline act right now – and I’ll come back to that, but it risks distracting the industry from a far more immediate problem.
The global mass migration to the cloud has fundamentally changed the cybersecurity landscape, creating enormous “target-rich environments.
Why would an attacker go after Company X when compromising Cloud Provider Y grants them access to hundreds of organisations just as valuable as Company X?
Combine that with the ease of integration between cloud platforms and you get a vast, interconnected attack surface, one where thousands, sometimes millions, of organisations are linked together without fully realising the increased risk.
Over the next one to three years, we’ll see a sharp rise in attacks targeting major cloud providers and their supply chains.
The speed at which organisations are adopting and embedding relatively new cloud suppliers into their operational fabric is unprecedented.
This will create fertile ground for the exploitation of authentication and authorisation systems, especially via APIs, machine-to-machine interfaces and emerging MCP layers.
In short: The cloud ecosystem’s convenience has become its greatest vulnerability.
What is one piece of advice you would give organisations and professionals as they head into 2026?
If you overlay these cloud-driven risks with the speed and volume that AI and machine learning will unleash, end-user organisations are in for a rough ride.
Many CISOs are still struggling to raise basic digital hygiene to a level where they can reliably fend off today’s ransomware attacks, which, in truth, are rarely sophisticated.
Too many security leaders are focused on today (or at best tomorrow), when what they really should be doing is building a security function capable of handling the frequency, velocity and ferocity of attacks we expect over the next two to five years.
Unfortunately, AI will empower our adversaries far more than it initially helps defenders. Attackers’ code can be rushed, buggy and poorly engineered; it only needs to work once.
Defensive code must be robust, secure and consistent, whilst being able to work every time.
So, my advice is simple: Build for the storm that’s coming, not the drizzle you’re dealing with today because in all honesty, it’s going to get worse before it gets better.