Indelible Data’s Cyber Security Update: What’s Happening and What Your Organisation Should Do Next
The last month has been one of the busiest on record for UK cyber security, with major incidents, regulatory changes and new technical vulnerabilities shaping the threat landscape. Businesses of all sizes – from enterprise manufacturers to schools and SMEs – are being urged to strengthen their defences before attacks become critical events.
A Surge in Attacks Across the UK
The UK’s National Cyber Security Centre (NCSC) has reported a 130% increase in “nationally significant” cyber incidents over the past year – averaging four major attacks every week. This aligns with a broader global trend: ransomware incidents surged to 623 in October, a month-on-month rise of over 30%.
Several high-profile cases underline the impact. The cyber attack on Jaguar Land Rover is now estimated to have cost the UK economy £1.9 billion, disrupting production lines and hitting hundreds of smaller suppliers. Meanwhile, Marks & Spencer has terminated its service desk contract with an overseas provider after a security breach, highlighting the growing risks associated with third-party IT relationships.
Government and Regulatory Action
The UK Government is preparing stricter laws designed to protect public services. This includes placing legal security obligations on IT and helpdesk providers working with public sector organisations, granting regulators powers to designate “critical suppliers”, and a proposed ban on public bodies paying ransoms.
Internationally, the UK has partnered with Singapore and others to publish new ransomware supply chain guidance, reflecting the reality that attacks often spread through interconnected networks of vendors and partners.
The Information Commissioner has also released updated encryption guidance, using a new “must / should / could” model to clarify what organisations are legally required to encrypt – signaling a stronger expectation that encryption becomes a default control.
Critical Technical Alerts
A serious Linux kernel vulnerability is currently being exploited in the wild, affecting many business-critical systems and cloud environments. Additionally, Windows 11 23H2 Home and Pro reached end-of-life on 11 November, meaning no further security patches – leaving devices running this version exposed.
Key Takeaways
- Review and secure your supply chain, especially third-party IT service providers.
- Ensure MFA, encryption and patching are implemented consistently across the business.
- Update or replace end-of-life Windows versions immediately.
- Conduct regular vulnerability assessments to identify weaknesses before attackers do.
- Prepare staff: human error remains one of the biggest breach factors.
How We Can Help
We provide end-to-end cyber resilience services to help our clients stay secure and compliant:
- Cyber Essentials & Cyber Essentials Plus certification
- Cyber security training to strengthen staff awareness
- Vulnerability scanning & penetration testing to uncover technical risks
- Guidance on MFA, encryption, patching and supply-chain security
If you’d like support strengthening your organisation’s defences – or preparing for Cyber Essentials, get in touch here – cyber@indelibledata.co.uk
/-3.5042587517567103,%2054.70635734010168,15.5/300X450@2X?access_token=pk.eyJ1Ijoid29tYmF0Y2hyaXMiLCJhIjoiY2pqaGEyd2lzMDQ3ZDN2bWQ4OTBsa2pmayJ9.ksVq6arM13qYhr76pco33w)