AI-driven social engineering, deepfake scams and identity-based attacks are emerging as leading cyber threats in 2026, increasingly targeting people rather than technology. According to Rowan Swanepoel, organisations must strengthen employee awareness and identity security to build a human firewall against evolving cyber risks.
As organisations continue investing heavily in cybersecurity technologies, attackers are shifting their focus away from networks and systems and towards the people who use them. According to Cyberlogic, AI-driven social engineering and identity-based attacks have emerged as two of the most significant cyber threats facing businesses in 2026.
While organisations have traditionally focused on securing hardware, software, and infrastructure, the human factor has become a preferred target for cybercriminals looking for easier ways to gain access to sensitive information and systems.
“Cybercriminals have realised that breaking through a company’s technology stack is often far more difficult than manipulating a person,” says Rowan Swanepoel, Principal Cyber Security Specialist at Cyberlogic. “As a result, we’re seeing a significant increase in attacks that exploit human behaviour rather than technical vulnerabilities.”
Artificial intelligence is accelerating this trend. While AI has become a valuable tool for improving productivity and business efficiency, it is also being used by malicious actors to automate and scale cyberattacks.
Attackers are increasingly using AI to create highly personalised phishing emails and voice phishing, or vishing campaigns. By leveraging information gathered from social media platforms and other publicly available sources, criminals can craft convincing messages that appear legitimate and relevant to their targets.
At the same time, deepfake technology has evolved rapidly, making it increasingly difficult for individuals to distinguish between a real person and an AI-generated voice.
“Deepfake audio has become remarkably convincing,” says Swanepoel. “We are reaching a point where many people don’t realise they are speaking to a machine. That creates significant risks for organisations, particularly where financial approvals, sensitive information, or executive communications are involved.”
Alongside AI-driven social engineering, identity-based attacks are becoming a growing concern. Rather than attempting to breach corporate networks directly, cybercriminals are targeting user identities through stolen credentials, session token theft, and multi-factor authentication (MFA) fatigue attacks.
In many cases, attackers gain access using credentials exposed in previous data breaches or by tricking users into clicking malicious links that capture authentication tokens. Stolen credentials are useful because password reuse is very common. For session token theft, users are often not even aware of anything – and this would even bypass any MFA requirement.
A growing concern within identity-based attacks is the rise of stolen credentials and session token theft. Cybercriminals regularly harvest usernames and passwords from previous data breaches and then use automated tools to test them across multiple platforms, relying on the fact that many users still reuse passwords. Even more concerning is session token theft, where attackers steal the authentication token that proves a user has already logged in. This can occur when a user clicks on a malicious link, downloads malware, or interacts with a fraudulent website. Once in possession of a valid session token, attackers can often bypass passwords and even multi-factor authentication controls, effectively impersonating the user and gaining direct access to corporate systems, cloud applications, and sensitive business data.
“The modern attacker doesn’t necessarily need to break into your network anymore,” explains Swanepoel. “If they can steal or hijack your identity, they can often gain the same level of access with far less effort and far less chance of being detected.”
According to Swanepoel, technology alone is no longer enough to defend against modern cyber threats. “We need to empower employees to become part of the organisation’s cyber defence strategy. The goal is to transform staff from potential vulnerabilities into a human firewall. Every employee should understand how to recognise phishing attempts, avoid risky online behaviour, and know exactly what to do if they suspect a security incident.”
Security awareness training remains one of the most effective defences against social engineering and identity-based attacks. Training programmes should address common risks such as password reuse, recognising suspicious communications, incident reporting procedures, and adopting a zero-trust mindset where every request is treated with caution until verified.
Businesses are also encouraged to implement password managers that generate and store unique passwords for every account. Many modern password management solutions support multi-factor authentication and passkeys, which offer a more secure, passwordless approach to authentication.
“Password managers remove the temptation to reuse passwords across multiple platforms,” says Swanepoel. “Employees only need to remember a single master password, while the software handles the creation and storage of strong, unique credentials.” Keeping software up to date is equally important. Regular updates for operating systems, browsers, mobile devices, and business applications often contain critical security patches that protect users against newly discovered vulnerabilities.
“Many people see updates as an inconvenience, but they’re one of the simplest and most effective security controls available,” adds Swanepoel. “Whether it’s your web browser, laptop operating system, or smartphone, keeping software updated closes vulnerabilities that attackers actively look to exploit.”
Swanepoel concludes that cybersecurity can no longer be viewed as the sole responsibility of the IT department. “Security is everyone’s responsibility. All it takes is a single click on a malicious link, a compromised credential, or an employee trusting the wrong voice on the phone to create a serious security incident. End users need to be recognised as a critical component of every organisation’s cyber defence strategy.”
About Cyberlogic
Cyberlogic is a leading provider of secure, scalable cloud and IT services, helping businesses transform through world-class managed services, cyber security, and automation. For more information, please visit: www.cyberlogic.co.za
For more information:
Samantha Hogg-Brandjes | GinjaNinja | samantha@ginjaninja.co.za | +27-84-458-4857
