Cyber Brief: Phishing access, supplier disruption and resilience gaps

Today’s cyber reporting highlights how attackers and operational failures continue to exploit trust and complexity rather than novel techniques. Phishing-led access remains a dominant entry point, third-party disruption is impacting availability and resilience testing gaps are prolonging recovery when incidents occur. These themes reinforce the need for strong fundamentals as organisations approach the end of the year.

Phishing remains the primary entry point for compromise

Threat reporting published today confirms that phishing continues to be the most common initial access method across a wide range of incidents. Rather than relying on malware-heavy campaigns, attackers are increasingly using targeted, low-volume phishing designed to capture credentials or session access.
Once credentials are obtained, attackers often delay further activity to reduce suspicion. When access is later used, it blends into normal authentication patterns, particularly in environments where behavioural monitoring is limited. In several incidents reviewed, compromised accounts were able to access sensitive systems for extended periods before detection.
The reporting highlights that attackers favour reliability over sophistication. Well-crafted phishing remains effective because it exploits human trust and gaps in identity governance rather than technical vulnerabilities.

Why it matters
Phishing remains effective because it bypasses perimeter controls. Strong identity governance, phishing-resistant authentication and monitoring for anomalous access are essential defences.

Source
The Register

Third-party disruption continues to impact availability and recovery

UK-focused reporting today highlights further disruption linked to third-party service providers. In multiple cases, organisations experienced service degradation or loss of visibility due to outages or failures at suppliers providing identity services, hosting platforms or managed infrastructure.
Post-incident analysis shows that while primary systems were often secure, dependencies on external services created single points of failure. Escalation routes were unclear, communication with suppliers was slow and recovery timelines exceeded expectations. These issues were compounded where supplier resilience had not been recently validated.
The reporting reinforces that third-party risk is not limited to security breaches. Availability, operational resilience and supplier coordination play a critical role in maintaining service continuity.

Why it matters
Supplier disruption can have the same impact as a cyber attack. Organisations should map critical dependencies, validate supplier resilience and ensure escalation processes are clear and tested.

Source
Computer Weekly

Lack of resilience testing prolongs incident recovery

New analysis published today highlights that many organisations continue to underinvest in resilience and recovery testing. While detection capabilities have improved, recovery plans are often untested or outdated.
In several incidents reviewed, organisations struggled to restore services quickly because dependencies were poorly understood and recovery procedures had not been rehearsed. Decision-making slowed as teams lacked confidence in their response plans, leading to extended disruption even after the root cause was identified.
The analysis emphasises that resilience testing is not solely a technical exercise. It requires cross-team coordination, clear ownership and realistic scenarios that reflect how incidents unfold in practice.

Why it matters
Recovery speed is as important as detection. Regular resilience testing, scenario exercising and clear escalation routes help organisations reduce downtime and operational impact.

Source
BBC News

Today’s Key Actions

1. Reinforce phishing defences through authentication hardening and user awareness.
2. Review third-party dependencies and validate supplier resilience commitments.
3. Test recovery and continuity plans using realistic scenarios.
4. Ensure escalation routes and decision authorities are clearly defined.
5. Update risk registers to reflect phishing, supplier and resilience testing risks.

Secarma Insight

Today’s stories highlight a recurring lesson. Attackers and outages alike exploit gaps in preparation rather than advanced techniques. Organisations that invest in identity governance, supplier resilience and regular testing are far better positioned to manage disruption and maintain confidence during high-risk periods.

Get in touch with us to prioritise your next steps and strengthen your security posture.