Cyberscope: Weekly Security Insights
16th May 2025
Today’s Threat Pulse
M&S still mending after Easter-weekend breach - storefronts are open, but online clothing sales remain switched off three weeks later, showing how long the brand-damage window can outlast the ransom cycle.
How the Attack Surface Is Widening
Google warns that the “Scattered Spider” crew behind the M&S hack has already pivoted to US retail targets. Their playbook: fast reconnaissance, social-engineering of staff, then living-off-the-land tools to bypass zero-trust perimeters. AI-accelerated threats mean that disclosure-to-exploit time is collapsing from weeks to days.
Regulatory Radar
|
Deadline |
What flips live |
Why it matters |
|
Feb 2025 |
AI Act prohibitions & literacy duties |
Firms must prove “secure-by-design” AI or face fines. |
|
Aug 2025 |
EU governance rules for general-purpose AI |
Boards need AI risk registers now. |
|
Oct 2024 → Oct 2025 |
NIS2 transposed into UK law |
Boosts breach-reporting speed; personal liability for execs. |
Building Digital Resilience – The Four Step Sprint
- Assess – run an attack-surface scan focused on legacy VPNs and SaaS misconfigurations.
- Prioritise – score systems against business impact, not just CVSS.
- Transform – deploy least-privilege, MFA and network segmentation; build an OT/IT convergence security playbook.
- Manage – adopt a continuous-monitoring stance with a vCISO to shepherd zero-trust architecture and quantum-safe crypto pilots.
Summary
Staying ahead of AI-enabled exploits demands more than point-solutions; it calls for an integrated programme of assess → prioritise → transform → manage. If you’d like an outside perspective - or a full vCISO overlay – lets talk.
Useful Links