Cyber Brief: Embrace Passkeys, Address Supply Chain Threats

Today's cyber landscape highlights the growing importance of adopting secure authentication methods, addressing supply chain vulnerabilities, and understanding the implications of AI developments. These themes are critical for UK businesses as they navigate evolving security challenges and regulatory requirements.

NCSC Advocates for Passkeys Over Passwords

The UK's National Cyber Security Centre (NCSC) has officially endorsed passkeys as the preferred authentication method, urging consumers and businesses to move away from traditional passwords. As reported by The Register, passkeys offer a more secure and user-friendly login experience, leveraging cryptographic keys stored on devices to authenticate users without relying on passwords. This shift is supported by advancements in FIDO standards and widespread adoption across modern devices.

For UK businesses, this endorsement underscores the need to reassess authentication strategies. Passkeys reduce the risk of phishing attacks and credential theft, common vectors for cyber incidents. By transitioning to passkeys, organisations can enhance security while simplifying user experiences, aligning with the NCSC's recommendations for robust cybersecurity practices.

Why it matters

For UK businesses, this is a prompt to review current authentication methods and plan for the integration of passkeys. Evaluate your organisation's readiness to support passkey technology and consider pilot implementations to enhance security and user convenience.

Source: The Register

NHS Data Security and Protection Toolkit Updates

IT Governance UK reports on the latest updates to the NHS Data Security and Protection Toolkit (DSPT) for 2025/26. The DSPT is a critical framework for ensuring that NHS organisations and their partners comply with data protection standards. The updated toolkit includes new requirements for data governance, risk management, and incident response, reflecting the evolving threat landscape and regulatory expectations.

For UK businesses, particularly those in the healthcare sector or partnering with NHS entities, understanding these updates is crucial. Compliance with the DSPT not only protects sensitive patient data but also ensures continued collaboration with NHS organisations. The updates highlight the importance of robust data security measures and proactive risk management.

Why it matters

This is a prompt for organisations working with or within the NHS to review their compliance with the DSPT. Ensure that your data protection practices align with the latest requirements and that staff are trained on new protocols.

Source: IT Governance UK

New npm Supply Chain Attack Targets Developers

The Register reports on a new supply chain attack affecting npm, a widely used package manager for JavaScript. The attack involves compromised packages that steal sensitive data from developers' environments. This incident follows similar attacks attributed to the group TeamPCP, highlighting ongoing risks in the software supply chain.

For UK businesses, especially those in software development, this attack underscores the importance of securing the software supply chain. Compromised npm packages can lead to data breaches and operational disruptions. Organisations must implement rigorous vetting processes for third-party code and monitor for suspicious activity in their development environments.

Why it matters

This is a prompt to review your organisation's software supply chain security. Ensure that you have processes in place to vet third-party packages and monitor for anomalies in your development environments.

Source: The Register

Anthropic's AI Security Concerns Highlighted

The Guardian reports on security concerns surrounding Anthropic's AI model, Claude Mythos. The company has restricted access to the model due to its potential cybersecurity threats, yet an investigation is underway following claims of unauthorised access. This incident raises questions about the security implications of advanced AI technologies.

For UK businesses, particularly those integrating AI into their operations, this highlights the need for robust security measures when deploying AI technologies. The potential for AI models to be exploited for malicious purposes necessitates careful consideration of access controls and threat monitoring.

Why it matters

This is a prompt to review your organisation's AI deployment strategies. Ensure that AI models are secured against unauthorised access and that potential risks are assessed and mitigated.

Source: The Guardian

Today's Key Actions

• Evaluate your organisation's readiness to adopt passkeys and consider pilot implementations to enhance security.
• Review your compliance with the NHS DSPT and ensure alignment with the latest requirements.
• Implement rigorous vetting processes for third-party npm packages and monitor development environments for anomalies.
• Assess and secure AI models against unauthorised access and potential cybersecurity threats.
• Ensure clear ownership of cybersecurity responsibilities across your organisation to address these areas effectively.

Secarma Insight

Mature security practices are built on a foundation of proactive risk management, clear ownership, and continuous improvement. By staying informed about emerging threats and regulatory changes, organisations can strengthen their defences and foster a culture of security awareness. This approach not only mitigates risks but also supports business resilience and trust. Remember, effective security is about having the right measures in place before incidents occur, ensuring your organisation is prepared to respond confidently and effectively.