What 2025’s Cyber Incidents Teach Us for Stronger Security in 2026

2025 delivered a steady stream of breaches, ransomware events, and disruptive intrusions—and the same patterns showed up again and again.
In this session, we’ll look back at the most important incident themes from 2025 and translate them into practical security program improvements you can implement in 2026.The examples and lessons learned come directly from Security Operations Centers (SOCs) and Incident Response (IR) teams Jeff led over the last year, bringing a real-world, operations-first perspective.
We’ll examine attacker techniques, exploited vulnerabilities, and emerging trends, then turn those findings into clear actions to strengthen prevention, improve detection, and accelerate response—especially where many programs still struggle: the human element.

Key topics include:
* 2025 breach and ransomware trends: what changed and what stayed the same
* Attacker techniques observed in 2025 and how they bypass “standard” controls
* Vulnerabilities and misconfigurations most frequently exploited last year
* Security program changes to reduce real-world risk in 2026 (not just checklist compliance)