Introduction from Kurtis Toy, Chief Executive of the CCoE - The CCoE Journey Continues.
International Cyber Risk Symposium - The CCoE to host cyber event.
Page 3
Download Your Authority’s Latest Cyber Report - Local authority leaders and their IT specialists can now download their third free annual report from the CCoE.
Page 4
The Cyber Threat Landscape has ChangedEveryone needs an EDR, but todays threats demand MORE!
Page 5
Phishing Attacks: - A threat evolving with Al, often misunderstood as a highly argeted operation.
Page 6-7
CCoE’s multi-sector work to understand cyber risks and needs - Created in 2023, the CCoE is already delivering on its mission to help make the UK the safest place in the world to work and play online.
Page 8-9
“We’re putting UK Retailers on the blacklist”Everything We Know About the Retail Cyber Attacks So Far.
Page 10
Awaab’s law - a new piece of legislation that mandates stricter requirements for social landlords to address damp and mould hazards in their properties.
EDITORIAL CONTACTS
TRANSFORM IS PRODUCED BY: iESE www.iese.org.uk
The CCoE Journey Continues
The Cyber Centre of Excellence (CCoE) is now approaching its third year and continues to make significant progress toward its vision of making the UK the safest place to live, work, and play online.
www.linkedin.com/ in/kurtistoy/
In this issue, we will talk you through the progress the CCoE has made following our last edition. This is the third consecutive year the CCoE has funded the passive scan exercise using the attack surface management tool Hexiosec, which is available for local authority leaders and their IT specialists to download now for free. The confidential report, specific to each council, reveals whether their cyber security vulnerability level has improved over the last two years, and provides additional insights from our deep and dark web scan results, provided by Onca Technologies (see page 3).
We’re excited to announce that we will be hosting Day 1 of the International Cyber Risk Symposium at the historic De Vere Wokefield Estate in Berkshire, the largest event we’ve hosted yet. Make sure to mark the 3rd of September in your calendar for a day of insight, networking, and forward-thinking on the future of cyber risk.
We also bring you up to date with the case studies we’ve been conducting that have helped us to refine the cyber support we offer in our Protect Suite across various sectors. Lastly, stay informed on the key developments in the recent retail cyber-attacks, where we offer essential guidance to organisations preparing to mitigate against the escalating cyber threat (see page 8)
Email: enquiries@iese.org.uk @iESELtd
CREDITS: Designed by SMK Design (Aldershot)
Editorial by Kyle Millier
Views expressed within are those of the iESE editorial team. iESE Transform is distributed to companies and individuals with an interest in reviewing, remodelling and reinventing public services.
THIS AUTUMN, THE CCOE ARE DELIGHTED TO BRING A CYBER EVENT OF THE HIGHEST CALIBRE TO THE SOUTH OF ENGLAND.
The International Cyber Risk Symposium, will be taking place at the historical Wokefield Estate in Berkshire on the 3rd September.
Delegates will be given the opportunity to participate in immersive activities, from Cyber Escape Rooms to Hands-on Leadership Challenges to address the ever evolving threat landscape being faced by senior business leaders and public
We hope you enjoy this issue and that it gives you some new ideas and thinking points as we pass the midway point of the year. With 2025 marking an era where cyber warfare has firmly moved beyond the shadows, with local authorities across the UK being deliberately targeted as entry points for attackers aiming to disrupt essential services, erode public trust, and exploit emerging technologies, we recognise that the need for cyber security in local government is more crucial than ever.
• Contact us to find out how the CCoE can help strengthen your defences: www.ccoe.org.uk or enquiries@ccoe.org.uk
authorities. With recent cyber attacks in the retail sector, the need to collaborate in the fight against more sophisticated breaches is essential.
Cyber challenges continue to evolve, however so are defensive technologies. Cybersecurity doesn’t have to be a burden and collaboration, addressing immediate threats and adopting innovative solutions can build cyber resilience and mitigate many of the risks on the horizon.
We will have a wealth of expertise from our internationally renowned speakers, with a dynamic
agenda. We are confident that this will be an event to remember!
• Click here to register for the event.
Scan the QR code to secure your place now!
Kurtis Toy, Chief Executive of the CCoE
Download Your Authority’s Latest Cyber Report
Local authority leaders and their IT specialists can now download their third free annual report from the Cyber Centre of Excellence (CCoE) which reveals whether their cyber security vulnerability level has improved compared to previous years. This year’s report also includes exclusive insights into vulnerabilities discovered on the deep and dark web for each authority.
This is the third year running that the CCoE –an organisation which aims to make the UK the safest place to work, play and do business online – has funded a research exercise using the attack surface management tool Hexiosec. The technology scans the Internet using a domain name or IP address to look for misconfigurations, security vulnerabilities and exposed data.
This year, the CCoE are proudly offering a more comprehensive report than ever before by including deep and dark web scan results for each local authority, courtesy of Onca Technologies. In each report, local authorities will find the number of email addresses with plain text passwords, hashed passwords, and without passwords found using their organisation’s domain, allowing them to remediate vulnerabilities before they can be exploited by cyber criminals.
The CCoE is an initiative designed to protect all organisations from cyber-attacks by keeping them abreast of adversary developments, giving them access to a suite of cyber protection – including the military-grade zero-trust software AppGuard – at high street prices. The organisation is backed by an Advisory Forum of some of the UK’s leading cyber security experts who can jointly assist with the full remit of everything an organisation of any size needs to do to stay as cyber secure as possible.
With the scope of cyber warfare no longer confined to state-on-state conflicts in 2025, marked by the alarming string of attacks on prominent organisations in both the retail and public sector, the need for fortified cyber security in local government is more crucial than ever. The vulnerabilities identified by the tool could be seen by anyone online, including hackers, revealing potential routes –or open back doors – into organisational systems. The aim of the CCoE Passive Scan exercise and personalised report is to allow the CCoE and the individual local authorities to identify areas of focus, in turn developing a united defence against adversaries.
“Increasingly, local authorities across the UK
are being deliberately targeted as entry points for attackers aiming to disrupt essential services, erode public trust, and exploit emerging technologies. These threats are no longer theoretical. Every day, the lines between global conflict and local vulnerability blur further.”
explained Kurtis Toy, Chief Executive of the CCoE.
“Building on the success of last year – when around half of all councils downloaded their reports and were well received – we have now carried out this exercise for the third time. This has enabled us to continue year-on-year comparisons and build a clearer picture of trends for each individual local authority. We’re also very pleased to offer additional insights this year through the deep and dark web scan, which we hope will empower councils to take further action against hidden vulnerabilities in their security” He added.
The CCoE is committed to conducting the exercise annually for the foreseeable future. “We are aiming to provide an objective annual spot check to help ensure that the systems and processes local authorities already have in place are working to their expectations. The feedback we got from local authorities last year was either that they were grateful or that they were reassured. This is entirely sponsored by the CCoE as a research exercise and as a helping hand. We have again included the recommendations in the report of where vulnerabilities are and how to fix them.”
Within each council report, scores are generated in four areas, with each area receiving a score between 1 and 5. On this scale, 5 is classed as excellent and a 1 would place an organisation as being very vulnerable to attack. As well as providing an individual comparison to allow each local authority to identify whether their vulnerability has increased or decreased since the scan was carried out in 2023 and 2024, the report also provides an overview of the council compared with their region, and they get a total number of vulnerabilities and a comparison to where that sits for the UK. The report also highlights
the top fifty risks for the local authority and top thirty actions to address them.
Toy stressed that the data in the report is only one small metric in the context of an overall cyber security strategy. “A lower score doesn’t mean that a local authority has terrible security, it just means that aspect of their security needs improving. There are other strands that need to be in place in addition for a strong cyber security stance, including staff training and endpoint security, for example. And, likewise, a perfect score does not mean they are invulnerable. All we are giving is effectively a map of where a hacker is most likely to look if they were targeting their domain, which is very different to if the council receive a phishing email and someone clicks on it.”
Vulnerabilities frequently found included configuration settings, out of date software, forgotten servers and neglected websites affected by mergers or organisational changes. Often configuration changes are made which accidently make information available online without an organisation’s knowledge.
As with the reports in previous years, information on individual councils will not be made publicly available. Copies of the individual 2025 reports will only be available to download by a CEO, vCISO or IT manager within each local authority or by their authorised IT representatives.
• Contact the CCoE to request a copy of your organisation’s report or email enquiries@ccoe.org.uk
Download your cyber report by clicking the QR code here
The Cyber Threat Landscape
has Changed Everyone needs an EDR, but todays threats demand MORE! AppGuard is the perfect complement to your EDR.
It is now widely recognised that EDR solutions alone are not enough to combat today’s sophisticated threats, you only have to look at the industry headlines to see that even the largest, supposedly best protected organisations are being successfully breached almost daily.
Government bodies are telling us: And independent tests prove the benefits of detection-based tools PLUS zero trust technology like AppGuard:
“To prevent unknown threats such as targeted attacks, zero-day, fileless, etc… it is necessary to seek an alternative technology, which does not depend on detection methods and scanning; instead monitors malicious access to the OS process, memory and registry and isolates malicious program execution.”
NISC
“What has struck me more forcefully than anything else is the clearly widening gap between the threat and our exposure to it and the defences that are in place to protect us. …we all need to increase the pace we are working at to keep ahead of our adversaries.”
Richard Horne CEO NCSC Dec 2024
AppGuard’s patented technology is the perfect complement to your EDR
• Patented Zero Trust technology (Auto-adaptive)
• Hassle free - Fully managed solution
• Lightweight - No impact on system performance
• Flexible and versatile - OT and IT
• Windows endpoints and services - Including legacy systems
Phishing Attacks: a threat evolving with Al
Phishing attacks are often misunderstood as a highly targeted operation, but with Al automation, most operate like trawlers casting wide nets, opposed to a lone criminal with a single rod - reaching millions of potential victims daily. Consequently, all organisations, regardless of size, should know how to protect themselves from a phishing attempt.
Always remember the following ...
Message Inspection
• Check the sender’s email: Watch for misspellings or suspicious domains.
• Beware of urgency: Phishing often uses threats or time pressure.
• Spot grammatical errors: Though, this is much harder to detect now with the use of Al.
Website Verification
• Avoid clicking unknown links: Hover over links to preview the URL; ensure it matches the legitimate site.
• Verify the URL: Ensure it begins with “https://” and belongs to the correct domain.
Attachment Safety
• Don’t open unexpected attachments: Especially from unknown senders or if the file types seem unusual (.exe, .scr, .js).
• Attachments are now being added to communication channels you may not expect, including Teams meeting requests.
Personal Information Requests
• Never provide personal data via email: Legitimate companies will not request this information via unsecured channels.
• Confirm requests independently: Contact the organisation directly using verified contact information.
Last of all, you need zero-trust cyber security
We strongly advise deploying AppGuard, a zero-trust security software designed to complement Microsoft Defender or other Endpoint Detection and Response systems (EDRs).
While traditional antivirus and EDR solutions focus on detecting known threats, AppGuard proactively contains unknown (zero-day) malware by default-denying trust. Even if a phishing link is accidentally clicked, AppGuard prevents malware from escalating privileges or moving laterally within your network - effectively neutralising the threat.
The Cyber Centre of Excellence is here to help organisations stay secure against growing cyber threats. For more information on AppGuard, get in touch.
CCoE’s multi-sector work to understand cyber risks and needs
Created in 2023, the CCoE is already delivering on its mission to help make the UK the safest place in the world to work and play online. Working with multiple sectors to understand their cyber security requirements and budgets has led to the launch of several support packages designed to increase cyber security. Below we outline the ways the CCoE has been working with small businesses, town and parish councils and local authorities in pilot projects over the last twelve months.
1) Small Business Protection
The CCoE has recently launched Small Business Protect, a tailored bespoke package of cyber security solutions designed to meet the needs and budgets of the UK’s small businesses.
To understand the cyber support needs of small businesses and to ensure it can offer the range of solutions needed at an appropriate price point, the CCoE spent some time with small business owners in Eastbourne, delivering talks and receiving feedback on what small business owners felt they needed.
Speaking at one of the talks, Kurtis Toy, Chief Executive of the CCoE, stressed that small businesses should not assume they will not be attacked. “The CCoE is trying to make the UK the safest place to live, work and play digitally in the world by making sure that everyone is protected, from large organisations right down small businesses.
“The cyber problem is growing and is only going to increase with advances in AI. It is very much an evolutionary arms race – we build a bigger defensive wall, and the attackers build a bigger ladder. Do not be fooled into thinking that because you are small organisation or a charity or not-for-profit that you won’t be attacked or targeted. It may not just be financial gain an attacker is after, it could be personal
information or information that you hold,” Toy added.
Christina Ewbank, Chief Executive of Eastbourne Chambers of Commerce, said she is particularly concerned about the number of cyber-attacks on UK businesses at the moment believed to be likely from China and Russia, due to the unpopularity of Britain currently within those areas. While recent attacks have been focused on well-known large retailers, small businesses are far from immune, especially given the stark warning from the criminal gang behind the recent attacks known as DragonForce, which has been reported as saying that they have put 'UK retailers on a blacklist'.
through everything themselves.”
One thing that has become clear through its pilot process with small businesses is that timepressured and budget-conscious small business owners can be easily confused by the amount of information in the public domain about cyber. This can lead to decision fatigue and overwhelm or the temptation to buy expensive tech that offers to solve all the issues. In his talks at FOUNDRY, Toy strongly recommended not falling prey to either approach.
“Taking cyber threat seriously is important whether your business is large or small because being unprepared can have a big impact,” Ewbank added.
Hanna Searle is the Membership Manager of FOUNDRY Eastbourne, a co-working and networking hub for small businesses and individuals where the CCoE’s Kurtis Toy visited and delivered talks to local businesses and the general public. Searle, who attended one of the talks, said she found it quite alarming to hear about the cyber risks face by small businesses. “Even a small business can be at risk without even realising –it was quite alarming. The CCoE is helping make things more simple, such as through its products that give a small business access to everything they need without having to go
“We aren’t an organisation recommending you to spend. In fact, there are ten defences small businesses need and seven of those are free –things like strong passwords and having an incident response plan. The CCoE is here to help cut down that noise and give small businesses access to military-grade protection at high-street prices. We encourage small businesses to get in touch with us for a chat and to find out more.”
2) Local Authority Protection
The CCoE has worked with Merthyr Tydfil County Borough Council and Blaby District Council to expand its knowledge of what cyber support and protection is needed in a local authority.
Blaby District Council has been unique as it decided to greenfield its IT provision by bringing previously outsourced services back in house. As part of this process, the council asked the CCoE for some guidance. It was able to access advice from Kurtis Toy, who is also a vCISO (Virtual Chief Information Security Officer), to help ensure it was on the right track and covering all aspects of cyber security as the project progressed.
Mike Connell, IT Business Partner at Blaby District Council, said: “Kurtis, the CCoE’s Chief Executive, was an excellent sounding board. He is aware of the challenges we face as a small team and as a smaller district council but understands that our cyber security needs to be as strong as central government. One of the biggest benefits of engaging with the CCoE was to have that trusted partner to bounce off and to benefit from Kurtis’s knowledge as a vCISO.”
It also helped relieve some of the pressure Connell was under from the extensive task ahead: “Local authorities look at their top IT person for advice but there is quite a lot of pressure in that. The CCoE gives me access to a group of impressive experts with outstanding credentials which I can rely on to help support us.”
At the start of the process, which is due to complete in the summer of 2025, Toy spoke to Connell about the idea of building a wall of defences brick by brick. This idea replaces the old school method of relying on one or two security products to keep your organisation safe and instead suggests an initial twelve bricks that organisations should consider, in addition to backups, to help make cyber defences as strong as possible.
These are:
1. Endpoint Protection
2. Network Security
3. Vulnerability Scanning
4. Training & Awareness
5. Phishing & Ransomware
6. 24/7 Monitoring
7. Compliance & Accreditation
8. Supply Chain
9. Data Protection
10. People & Culture
11. Response & Recovery
12. Secure Communications
Part of the process of continual reassessment of Blaby’s cyber defences will be making use of the annual passive scans provided to all councils free of charge by the CCoE. The passive scan is a noninvasive search of the Internet which looks for misconfigurations, security vulnerabilities and exposed data which could be found by anyone who knows where to look. The CCoE carried out a free report for all 382 UK councils in 2023 and repeated the exercise again in 2024. Connell said the annual checks were very useful and that the council would probably ask the CCoE to undertake additional regular passive scans as a spot check.
“I am a massive advocate of the passive scan,” says Connell, adding that the best thing about the passive scan was that it was passive and did not add to workload. “Because it is passive it involves no work for us. It gives us a workable action plan
which will increase our security stance, but which doesn’t involve work for us to get the list. It is incredibly useful, and I would recommend to everyone to go through that process and make sure they look at the scans.”
3) Business Continuity Protection
Around 25 senior staff from South Staffordshire Council had the opportunity to take part in a full day workshop hosted by the Cyber Centre of Excellence (CCoE) which was designed to check their business continuity plans through a staged ransomware attack simulation.
Andy Hoare, Assistant Director Business Transformation & Digital Technology at South Staffordshire Council, said that as an organisation it was very aware of the risks involved with incidents that could affect delivery of services, including fire, flood and cyber-attacks. It also knew that one of the best ways to plan and prepare for such events was though having business continuity plans for each service, a strategy which served them well during the pandemic.
As an organisation it wanted to test these plans again using cyber as a real-life example. It first brought in a guest speaker in from Gloucester City Council which had experienced a cyber-attack to speak to staff about the impact of an attack on staff and residents. After this, South Staffordshire’s service managers were encouraged to review their business continuity plans. “The leadership team always knew that we were going to do an exercise like the staged ransomware attack, but we wanted to make sure our staff were as prepared as possible,” Hoare explained, “The piece of work that we engaged Kurtis and the team to do was about testing those business continuity plans. It needed to be a real-life scenario, and a ransomware attack was the simplest one which people unfortunately hear about regularly. It was badged as a business continuity workshop because it was, but using cyber to enact those plans.”
The workshop was designed to simulate a ransomware attack with six stages. Each stage was designed to focus on specific challenges, for example, operational, technical, legal and strategic. Key factors that needed to be considered during each stage included: budget limitations and priorities, time and resources, internal and public communication, governance, policies and practices.
“Everyone engaged with the workshop day really well. It was designed to bring potential issues to the forefront so that if a real attack did happen, they would be more prepared. The good news was that South Staffordshire is prepared with business continuity plans and that was positive to see,” said Kurtis Toy, Chief Executive of the CCoE.
Hoare said the day had brought about a lot of learning for everyone who had taken part and the organisation’s business continuity plans would be refined as a result.
“The biggest learning was that as soon as a cyber-attack hits and you potentially lose access to systems you lose all access to your data. For example, planning applications follow a process
and for a few days you can get by, but it is a statutory process with deadlines attached to it, and what the planning team realised was that they would need a list of live applications to work from. We have moved away from printing as an organisation, but we realised that having some things printed is crucial from a business continuity perspective,” he added.
Hoare said he would recommend any organisation wanting to test their business continuity plans to carry out a simulated incident. “Is it scary – yes. Even if you think you are prepared you can realise that you are not as well prepared as you thought, which can make you feel uneasy. At the same time, if you have done no planning then think what that would feel like.”
4) Town and Parish Council Protection
Alongside the CCoE, Councillor Victor Kelly, Chairman of Penkridge Parish Council in South Staffordshire and Paul Bettison OBE, a Councillor for Sandhurst Town Council in Berkshire, are aiming to help educate fellow parish and town councillors about the risks of not being cyber secure.
There are currently in the region of 10,000 parish and town councils in England with a total spending power of more than £2bn. Individually there are around 100,000 councillors serving in the town and parishes, often working on computers they have provided themselves or which double-up as devices used in their other day jobs. While town and parish budgets are small, they are not insignificant, and these organisations have supply chain links downwards throughout their communities and upwards to county and central government.
While town and parish councils seem to have been so far largely protected from cyber attacks to their knowledge, central government devolution plans are likely to put greater responsibilities and budgets into town and parish councils which will make them more attractive cyber-attack targets in the future.
“We want to highlight through the CCoE that if town and parish councillors don’t have adequate cyber security protections and training then they will open themselves up to GDPR issues and also to being hacked,” explained Cllr Kelly, “A town or parish council being hacked could then open a back door for a more significant attack on a county council or central government.”
Cllr Kelly believes the majority of town and parish councillors are currently relying on standard antivirus solutions, and that many are unaware of the dangers of clicking on a phishing link or opening a nefarious attachment. “The majority of parish councillors tend to be older people and might not have as much knowledge so they might click on something they shouldn’t or open or forward something that they don’t realise is suspicious,” added Cllr Kelly, “They know a bit about cyber security, but I think the general feeling is that they don’t think it will happen to them. Councillors and their clerks need to be made aware that they need to be careful and if their systems aren’t secure enough, they are opening themselves up to reputational damage and potentially high recovery costs.”
“We’re
putting UK Retailers on the blacklist” - Everything We Know About the Retail Cyber Attacks So Far
The recent wave of cyber-attacks on UK retailers is a needed wake-up call for all business owners that robust cyber security is a necessity, not an accessory.
the end of the Easter weekend in April, three UK retailers – Marks & Spencers, the Co-op, and Harrods – had been targeted by cyberattacks in succession. As companies still recover, a further string of cyber-attacks has targeted luxury fashion giants Dior, North Face, and Cartier in recent weeks. As the threat continues to escalate within such a short window of time, many news outlets are nervously speculating, who’s next?
Here is everything you must know about the recent retail cyber-attacks, and how you can defend your organisation from being successfully targeted.
What has happened?
The first cyber-attack – enacted on the Easter weekend – targeted one of the UK’s leading retail stores, Marks & Spencers. Initially, there appeared to be a technical issue with click & collect services and contactless payments in stores nationwide, before the disruption was confirmed to be caused by a major cyber incident. Although in-store services had resumed by Friday, 25th April, online orders placed through their website or apps continued to face issues and are expected to return to normal gradually by July. M&S have stated that there is no
evidence that useable cards, payment details, or passwords have been breached, however, all customers have been urged to reset their account passwords. The damage from the attack has been estimated to impact this year’s profits by around £300m thus far, equivalent to one third of the company’s profits, with only partial coverage provided by insurance.
In mere days after the attack, another retailer, the Co-op, was targeted – causing disruption to deliveries, reports of empty shelves, and “significant” amounts of customer data being stolen. The cyber criminals behind the operation, Scattered Spider, report possessing 20 million customer’s data from the Co-op’s membership scheme. According to the Co-op’s FAQ page, the breached personal data includes names, contact details and dates of birth –not bank details, transaction information, or passwords. The incident response effort appears to have restored operations faster than Marks & Spencers, since the hackers behind the operation allegedly failed to impose ransomware before the Co-op ‘pulled the plug’ on their network while the attack was in action.
Then, on the 1st of May, the luxury department store Harrods was targeted, reporting that they ‘recently experienced attempts to gain unauthorised access
to some of [their] systems’, and that their ‘seasoned IT security team immediately took proactive steps to keep systems safe’. The extent that the cyber criminals were able to infiltrate their systems and cause damage has not yet been disclosed.
Since, internationally renowned fashion brands Adidas, Cartier, Dior, North Face, and Victoria’s Secret have all been targeted in a second wave, reporting theft of customer data through third-party organisations or credential stuffing – the act of using emails and passwords from a data breach to access accounts across different websites.
Who is behind the attacks?
Anonymous individuals from the DragonForce cybercriminal syndicate have claimed responsibility for the first three attacks – reporting their involvement to the BBC and Bloomsberg with supporting evidence. Additionally, their encryptors have been used on M&S’s VMware ESXi hosts to encrypt virtual machines, further supporting their involvement. DragonForce allege that the data held by them is much greater than reported by the
retailers, particularly The Co-op. DragonForce is a ransomware group that surfaced in August 2023, originally purporting to be a hacktivist group before shifting to a profit-based operation. DragonForce’s new Ransomware as a Service (RaaS) business model allows threat actors to orchestrate attacks using their malware in exchange for 20% of the ransom.
As such, it’s widely speculated that the organisation behind this attack is Scattered Spider –a decentralised conglomerate network of cyber criminals – rather than DragonForce alone, due to DragonForce’s recent takeover of RansomHub, a ransomware-as-a-service (RaaS) syndicate’s set of tools that Scattered Spider members have used in the past. The attacks are also consistent with Scattered Spider’s past targeting behaviour.
Although the cyber criminals behind the second wave of attacks are unknown, Adidas, like M&S, are believed to have been infiltrated via an attack on a third-party organisation that had access to their networks, potentially suggesting a similar origin.
The National Cyber Security Centre (NCSC) has warned that criminals launching cyber-attacks at British retailers are impersonating IT help desks to break into organisations, The attack on M&S allegedly occurred after attackers tricked IT help desk workers into granting access to company systems using social engineering techniques.
As a result, retailers are urged to stay on high alert, as the attackers, in communication with the BBC, were quoted as saying, ‘We’re putting UK retailers on the blacklist.’
Why are the attacks happening?
Cyber-attacks are designed to inflict damage and enable extortion, fuelling a thriving underground economy driven by profitability. For instance, the
hacking group Scattered Spider has successfully targeted retailers in the past – most notably Caesars Entertainment in Las Vegas, which reportedly paid a $15 million ransom.
Although paying a ransom is strongly discouraged in the UK, attackers still target UK-based organisations by upping the pressure through threats of data leaks or deletion. If one organisation does not concede, then they may use stolen sensitive data to target other customers or supply chains. As long as cybercrime remains profitable and relatively low risk for the perpetrators, the attacks will continue to grow in scale and frequency.
Not only this, when attackers see their operations making headlines, it validates their impact. This notoriety becomes part of the motive – it boosts their credibility within the cybercriminal community, can act as a recruitment or funding tool, and as a platform for advancing wider political or ideological agendas.
With insufficient budgets allotted for cyber security, criminals are increasingly aware that organisations are becoming easier targets as their defences weaken. As an example of this, it has been alleged by an insider that M&S had no business continuity plans in place for a potential cyber-attack, potentially raising concerns about the security posture of other UK retailers.
How Do I Protect My Organisation from Cyber Attacks?
Protecting your organisation against modern cyber threats requires multi-layered solutions – the more robust defences you have in your arsenal, the better prepared you are to defend against adversaries. Human error remains one of the most significant vulnerabilities in cyber security. That’s why educating
your workforce and fostering a proactive cyber security culture is critical for maintaining business continuity.
We recommend our quick, interactive e-learning courses to help your team effectively recognise and respond to common threats. Courses include:
• Phishing & Social Engineering
• Ransomware & Malware
• Cyber Resilience Awareness
In addition, we strongly advise deploying AppGuard, a zero-trust security software designed to complement Microsoft Defender or other Endpoint Detection and Response systems (EDRs). While traditional antivirus and EDR solutions focus on detecting known threats, AppGuard proactively contains unknown (zero-day) malware by defaultdenying trust. Even if a phishing link is accidentally clicked, AppGuard prevents malware from escalating privileges or moving laterally within your network— effectively neutralising the threat.
Last of all, we recommend our Digital Risk Protection (DRP) service, which includes dark web monitoring and vulnerability scanning. Since retail organisations have increasingly appeared on tracked data-leak sites used by extortion actors, our DRP service allows us to alert you of emails, passwords, and other sensitive data from your organisation that have been leaked onto the dark web.
• For more information or tailored guidance on securing your organisation, please contact us at enquiries@ccoe.org.uk
Written by Kurtis Toy, CISSP, CEO of the Cyber Centre of Excellence, and CEO and Lead vCISO of Onca Technologies. Edited by Kyle M.
ZapCarbon have released their white paper highlighting how underestimating staff resources can lead to compliance failures in accordance with Awaab’s Law.
Awaab’s Law: The Workforce Crisis No One is Talking About
Awaab’s law, a new piece of legislation that mandates stricter requirements for social landlords to address damp and mould hazards in their properties, will come into effect in the UK in October 2025. The new law, which is fast approaching, will require landlords to investigate and fix these hazards within set timescales.
Under the new law, emergency hazards such as severe damp and mould must be investigated within 24 hours, updates must be provided to tenants within 48 hours, and reparative work enacted within 7 calendar days of the complaint. Finally, a complete investigation and report of the hazard must be provided tenants within 14 calendar days of the complaint.
However, as housing providers prepare for meeting compliance standards, one critical operational risk remains underestimated: the workforce required to deliver this legally mandated performance. These timeframes are not optional. Missing them risks legal action, ombudsman complaints, and reputational damage.
The Workforce Crisis Could Not Be Clearer with the Following Hypothetical Scenario from ZapCarbon:
A housing association managing 10,000 properties might face up to 1,000 damp and mould complaints during the four coldest months (December – March) — about 12 new cases per working day. While a team of five investigators inspecting four homes daily could theoretically manage the load, real-world challenges such as staff absences, competing priorities, and administration quickly stretch capacity.
Complications escalate when considering recurrence — around 30% of treated homes may require re-inspection, raising daily demand to 16 inspections. This alone could necessitate two additional surveyors to maintain compliance with statutory timelines.
Emergency repairs, although less frequent (affecting 2% or 20 homes), demand rapid 24-hour response capability. For standard repairs (approximately 980 homes), four full-time operatives are needed to meet 7-day deadlines. Even slight increases in recurrence or incomplete work can tip the system into backlog.
As such, proactive planning, flexible resourcing, and prioritised scheduling to manage winter surges in damp and mould complaints effectively is paramount ahead of the new legislation.
The Solution: Smarter Winter Readiness
To manage winter surges in damp and mould cases, housing providers must combine people, processes, and predictive technology:
• Scale inspection teams during peak months
• Automate tenant updates to meet 48-hour response targets
• Use sensors to flag at-risk homes early
• Prioritise cases by risk and environmental data
• Streamline reporting for regulatory compliance
Conclusion: Winter Is the Real Compliance Test
With strict response times—24 hours for emergencies, 48 hours to reply, 14 days to assess, and 7 days to repair—delays carry serious health and legal risks.
The biggest threat isn’t mould - it’s being unprepared. Is your team ready for winter 2025?
• Click here to contact ZapCarbon for more information.
• Click here to read more on this recently published White Paper.
