Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyber teams are busy. Tools are deployed. Alerts are flowing. Dashboards light up with scores, heatmaps, and recommendations. But when I ask one simple question — “What does this mean for the business?” – I often get technical jargon or vague reassurances. That’s a problem. When cyber risk isn’t expressed in terms the business understands — continuity, customer trust, regulatory exposure, and revenue impact — it becomes abstract.

IT leaders tell me the same story repeatedly. They’ve built large, sometimes expensive, security stacks, but they don’t trust them. Dozens of tools are running across the estate: separate agents, standalone scanners, multiple SIEMs, and identity providers layered on top of Microsoft’s native stack. Despite this, gaps remain. When you peel back these stacks, we often find redundant technology performing overlapping functions but not integrating well.

Microsoft E5 can be an excellent security investment, but without targeted configuration, integration, and continual threat alignment, its value remains untapped. Over the years, building out custom SOC, MDR, and MXDR services has shown us how to move from licenced capability to reduced response times, cleaner telemetry, and security teams who trust the picture in front of them.

That was the message from major UK retailers like Marks & Spencer and the Co-op during recent Parliamentary hearings on cyber resilience. Their stories weren’t hypothetical, they were recovering from real-world incidents involving identity compromise, supply chain breaches, and operational disruption that cost hundreds of millions of pounds. The lesson is clear. Prevention is necessary, but it is no longer enough.

From the passing Telegraph and Guardian coverage to orchestrated BBC and NCSC collaboration, the British media is repeatedly spotlighting Scattered Spider as 2025’s stimulant to jolt organisations into action. While this coverage has dislodged two blatant misconceptions, it has propagated several more subtle ones.

Executive leadership teams aren’t the only ones keenly aware that a merger or acquisition marks a vulnerable period. Attackers understand that times of change open fresh opportunities—not just to exploit transitional challenges in ERP systems or payroll but to actively capitalise on new financial realities – from manipulating stock prices via reputation damage to zeroing in on a target’s hypothetically more lucrative ransomware payout.

JUMPSEC have detected and tracked a new phishing attack campaign targeting numerous industrial sector organisations, predominately in engineering, construction, and energy sectors in the UK and US, where threat actors have consistently used a common and identifiable AITM (Adversary in the Middle) phishing kit throughout March 2025. At-risk organisations should take steps to reduce the risk of compromise as the infrastructure detailed below continues to be leveraged by threat actors.

A recent joint threat advisory from the FBI, CNMF, NSA (18 September 2024), highlights the extent of Chinese-affiliated threat actors’ ongoing botnet campaigns which seek to compromise thousands of internet-connected edge devices over a sustained period. This campaign, known as Oriole, is just one of several such active campaigns observed since 2020. JUMPSEC observations indicate that law enforcement has not yet disrupted the botnet, and indicators of compromise (IOCs) are likely ongoing.

Supply chain attacks are a growing concern, particularly within the financial sector, with attackers increasingly using key technology suppliers as a ‘jumpbox’ to pivot into their intended target organisation. Last year’s MOVEit breach for instance saw a single ICT supplier ultimately cause ~2,356 organisations to be compromised, with primary victims predominantly in the financial sector.

As cyber threats evolve, the importance of attack surface monitoring has never been clearer. In today’s interconnected world, businesses face an unprecedented level of exposure. From web applications and cloud infrastructure to employee credentials and third-party SaaS integrations, your digital footprint offers numerous entry points for potential attackers.