May has been a pivotal month in cyber security, marked by significant developments and stark reminders of the evolving threat landscape. Here’s an overview of the key events and insights from Marketing Coordinator Abbey Wright:
CyberUK 2025:
At the CyberUK 2025 conference, Richard Horne, CEO of the National Cyber Security Centre (NCSC), emphasised that cyber security is no longer optional but essential for all organisations, regardless of size. He highlighted the increasing sophistication of cyber threats and the importance of proactive measures like Cyber Essentials to build a strong security foundation.
Key Takeaways:
- Cyber security is a continuous contest requiring vigilance and preparedness.
- Implementing Cyber Essentials is crucial for supply chain security.
- Organisations must control what they can and prepare for unforeseen threats.
Supply Chain Vulnerabilities: The M&S Incident
Marks & Spencer (M&S) experienced a significant ransomware attack, leading to operational disruptions and an estimated £300 million in losses. The breach, attributed to the Scattered Spider group, exploited social engineering tactics to compromise systems, underscoring the vulnerabilities within supply chains.
Key Takeaways:
- Regularly vet and monitor third-party suppliers.
- Educate staff to recognise and respond to social engineering attempts.
- Implement robust incident response plans to mitigate potential damages.
Transition to Passkey Technology
The UK government announced plans to adopt passkey technology for GOV.UK services, moving away from traditional passwords and SMS-based verification. This initiative aims to enhance security and user experience by reducing reliance on vulnerable authentication methods.
Key Takeaways:
- Passkeys offer a more secure and user-friendly authentication method.
- Organisations should consider integrating passkey technology to stay ahead of evolving threats.
Phishing Scams: The Spotify TikTok Malware
Cyber criminals are leveraging TikTok to spread malware by promoting fake Spotify Premium offers. These scams trick users into downloading malicious software, highlighting the need for increased awareness of social media-based threats.
Key Takeaways:
- Be cautious of unsolicited offers on social media platforms.
- Educate users about the risks of downloading software from unverified sources.
- Implement security measures to detect and prevent malware infections.
Enhance your cyber security awareness:
In light of these developments, it’s imperative to strengthen your organisation’s cyber security posture. We offer comprehensive Cyber Security Awareness Training designed to equip your team with the knowledge and skills to identify and mitigate cyber threats effectively. Our interactive sessions cover topics such as phishing, password security, and incident response strategies.
Upcoming Training Sessions:
- Dates: Summer 2025 – https://www.indelibledata.co.uk/product-category/courses/
- Format: Online, interactive, 3-hour sessions
- Trainer: Tony Wilson, CISSP, Certified Ethical Hacker
- Cost: £120 + VAT per delegate
Empower your team to be the first line of defense against cyber threats. For more information and to register, visit: https://www.indelibledata.co.uk/cyber-awareness-training/
Stay vigilant and proactive in safeguarding your digital assets.
/-3.5042587517567103,%2054.70635734010168,15.5/300X450@2X?access_token=pk.eyJ1Ijoid29tYmF0Y2hyaXMiLCJhIjoiY2pqaGEyd2lzMDQ3ZDN2bWQ4OTBsa2pmayJ9.ksVq6arM13qYhr76pco33w)