Cyber criminals are adapting fast — and businesses that don’t stay ahead are finding out the hard way. This month’s cyber security news roundup shows a clear shift: supply chain cyber security risks are growing, scams are costing millions, and high-profile events like the recent M&S cyber incident are creating fresh opportunities for fraud.
From the impact of cheap tech on cyber security to the worrying Santander scam losses from last quarter, the message is clear: no organisation can afford to let its guard down. Our April newsletter covers the most important developments, what they mean for you, and the actions businesses need to take now to stay secure.
Newsletter Menu:
- Confidence vs Complacency: A 10% Drop in Attacks in the UK
- Fighting Back: Researchers Hack Ransomware Group
- Identity Fraud on the Rise — Is MFA Enough?
- Supply Chains: The Back Door No One Checks
- State-Sponsored Attacks: No Business is Immune
- When Cheap Tech Comes at a Cost
- Santander Scam Losses Top £18 Million
- Law Firm Fined £60,000 for Breach Disclosure Failings
- M&S Cyber Incident Disrupts Payments
- Final Thoughts
Confidence vs Complacency: A 10% Drop in Attacks in the UK
A recent drop in reported cyber attacks in the UK— down 10% from last year — is encouraging. It reflects the growing number of small businesses that are getting serious about cyber security, embedding policies and aligning them with business continuity plans. That’s a win worth celebrating.
But experts warn that complacency could be the next threat.
“Most breaches don’t happen because organisations ignored security, but because they believed they were secure when, in reality, they weren’t.”
Visibility gaps, unpatched systems, and minor misconfigurations are often the culprits. It’s also worth noting that charities continue to struggle with maintaining strong security — often due to limited budgets and resources, leaving them particularly vulnerable to attack.
Phishing remains the most common threat, still catching users out despite years of awareness campaigns and training. The techniques are evolving, and attackers are using urgency and impersonation more effectively than ever.
What you can do: Review your systems for blind spots. Are there any devices or services flying under the radar?
Discover more: Tecnica Cyber Security
Fighting Back: Researchers Hack Ransomware Group
In a rare and refreshing shift, cyber security researchers struck a blow against the BlackLock ransomware group — a gang that formed in 2024, previously operating under the name El Dorado. They quickly earned a reputation as a disruptive force in the cyber security world.
Researchers found a vulnerability in the group’s website, giving them access to internal operations and allowing them to notify victims across the globe.
This kind of counterstrike not only limits damage but also chips away at the group’s credibility within criminal networks — something that could undermine future attacks.
Quick take: Offence isn’t always the goal in cyber defence, but this shows how skill and initiative can disrupt major threats.
Identity Fraud on the Rise — Is MFA Enough?
A new study by Entrust and DocuSign confirms what many already suspected: identity fraud is still costing businesses millions. Despite years of investment, many organisations remain stuck balancing strong authentication with a smooth user experience — and neither side is winning.
Multi-Factor Authentication (MFA) is now the baseline. But with phishing kits and AI-generated scams designed to bypass it, relying on outdated MFA alone is no longer enough.
The organisations seeing real improvements are the ones moving beyond the basics — using tools like mobile biometrics, secure authentication apps, and real-time user behaviour analytics to block fraud before it starts. Companies investing in modern identity verification are reporting sharp drops in fraud cases — saving millions in the process.
What you can do: Review your login journey. If your MFA hasn’t evolved in the last two years, neither has your defence.
Read more: Enhancing Security with Multifactor Authentication
Supply Chains: The Back Door No One Checks
Royal Mail recently found itself on the receiving end of a cyber attack — but not through its own systems. The breach came via a supplier, Spectos. Attackers used employee credentials compromised as far back as 2021 to access internal systems.
This incident highlights growing supply chain cyber security risks. Infiltrating trusted third parties to reach larger targets is an increasing tactic, especially as businesses rely more on external partners.
Read more: The Hidden Risks to Business Continuity: Why Quiet Failures Hit Hardest
What you can do: Audit your supplier relationships. How secure are the people and systems you trust to connect with yours?
State-Sponsored Attacks: No Business is Immune
Many businesses still assume they’re too small or too irrelevant to attract state-sponsored cyber threats. But as companies and industries become more interconnected globally, these assumptions no longer hold.
State-sponsored attacks are typically stealthy and strategic. Rather than causing immediate damage, attackers quietly infiltrate systems, establish a foothold, and wait for the right moment to strike — often targeting companies that could act as stepping stones to more high-profile targets.
The UK government is starting to recognise this growing risk. New proposals have been introduced to expand the Network and Information Systems Regulations 2018, with plans to include data centres and Managed Service Providers under its scope.
What you can do: Understand your organisation’s role in the wider ecosystem. Could you be a stepping stone to a bigger target?
When Cheap Tech Comes at a Cost
Investigations have revealed the hidden impact of cheap tech on cyber security, with counterfeit Android phones being sold pre-loaded with malware. These compromised phones were distributed through unofficial channels, often mimicking legitimate brands, making it difficult for users to detect the threat.
Security experts advise purchasing devices only from authorised retailers and regularly updating software to mitigate such risks.
What you can do: Only purchase devices from official retailers. And if you manage a BYOD policy, set clear rules for approved devices.
What you can do: Educate staff and customers on recognising purchase scams. Most rely on urgency and too-good-to-be-true offers.
Santander Scam Losses Top £18 Million
Santander UK reported scam and fraud losses topping £18 million in early 2025, highlighting the ongoing threat to consumers and banks alike. Over half of these losses stemmed from purchase scams — including a fake Sports Direct advert on Facebook that tricked hundreds.
While the figure remains significant, the bank is now working with other banks, telcos, and tech firms to improve scam reporting and prevention efforts. Separately, Santander will be issuing its own quarterly scam tracker to help raise public awareness about trending threats.
Law Firm Fined £60,000 for Breach Disclosure Failings
UK law firm DPP Law has been fined £60,000 by the Information Commissioner’s Office (ICO) after failing to report a major data breach promptly. Highly sensitive personal information was accessed via an admin account that lacked MFA and later appeared on the dark web.
It took the firm 43 days to report the incident, far beyond the required 72-hour window under UK data protection law — which led to the fine being issued.
The ICO commented:
“Data protection is not optional. It is a legal obligation, and this penalty should serve as a clear message: failure to protect the information people entrust to you carries serious monetary and reputational consequences.”
What you can do: Check your breach response plan. Are the right people in place — and do they know what to do when something goes wrong?
Read more: Future Threats to Business Continuity for Scottish Businesses | BCDR Insights
M&S Cyber Incident Disrupts Payments
The recent M&S cyber incident has temporarily knocked out contactless payments and disrupted online orders. While the full cause hasn’t been disclosed, the company has brought in the National Cyber Security Centre to assist with investigations and response.
A week on, M&S are still unable to take online orders or resume their click-and-collect service. The fallout continues to grow, with the company reportedly losing millions daily in shares and sales as efforts to resolve the issue drag on.
Security experts warn that opportunists could exploit this incident to launch spam emails, falsely claiming customers must update their personal or financial information. Businesses are urged to remain vigilant against such phishing attempts.
Final Thoughts
This month’s news highlights several key themes: the danger of overconfidence, the need for layered defences, and the growing sophistication of criminal tactics. Even as some threats decline in volume, their complexity is increasing.
