Cybersecurity Updates

The UK government is urging organisations to maintain paper copies of cyber attack contingency plans. Recent incidents at Marks and Spencer, The Co‑op and Jaguar Land Rover show how production and retail can stall when IT systems are taken offline.

• NCSC guidance: Build resilience to operate without IT and rebuild at pace.
• Keep plans offline: Store printed or offline copies including non‑email comms trees.
• Incident severity: Rise in nationally significant incidents across the UK.
• Threat landscape: Ransomware and data‑extortion remain the primary risks.

Practical takeaway: Make sure your incident response plan exists in print, with roles, call trees and critical procedures your team can follow if systems are down.

A journalist was propositioned by a ransomware gang to hand over login codes in exchange for a large cut of any ransom. When he stalled, the criminals attempted MFA bombingto force an approval. It’s a timely reminder that insider outreach is now a mainstream tactic.

• Insider approach: Direct pitches via encrypted apps offering a payout.
• Pressure techniques: MFA push spam to coerce accidental approval.
• RaaS ecosystem: Gangs operate as services with recruiters and negotiators.

Practical takeaway: Enforce MFA fatigue protections (number‑matching, limited prompts), monitor for unusual auth attempts, run insider threat awareness, and usejust‑in‑time access so regular accounts hold minimal standing privilege.

Attackers claimed theft of photos, names and addresses from a UK nursery chain and began contacting parents to pressure payment. Targeting of high‑sensitivity dataraises risk and regulatory exposure.

• Data at risk: Child records, parent details, safeguarding notes.
• Extortion tactics: Direct outreach to families to increase pressure.
• Response need: Rapid notification, law‑enforcement liaison, ICO reporting.

Practical takeaway: Map and minimise high‑risk data, enforce strong backup and encryption policies, prepare crisis comms templates, and verify vendor controls.