So, how was it for you?
We’re hoping 2025 was a year in which you maintained strong defences and minimised disruption from cyber crime. For many, however – M&S and Jaguar Land Rover come to mind – all hell broke loose as criminals breached vulnerable systems and brought operations to a halt.
Sometimes, there’s no single theme that defines a year in cyber crime. ‘Everything, everywhere’ seems like the go-to method for criminals. However, there is a common thread this year, as Intersys’ Head of Security Jake Ives reveals. In our interview, he gives his assessment of the year in cyber sec, some tips on helping to avoid common attack methods and predictions for 2026.
Jake, what’s the headline about 2025? If you could sum up the year in a few words, what would you say?
Supply chain attacks. This year, hackers weren’t going directly for their target – they were going for third-party vendors and SaaS providers. This is because, if a threat actor wants to get control over an international firm, they might go for the weakest link. For example, it could be a catering company that has built trust with a corporate. From a social engineering perspective, a lot of the hard work will already be done; the corporate trusts the third party and gets duped by a phishing scam.
The Marks and Spencer (M&S) attack involved hackers using social engineering techniques to compromise a third-party vendor who had access to M&S Systems – a Tata Consultancy employee account was compromised. The Jaguar Land Rover (JLR) incident also involved third-party access points.
Apart from being an easy way in, is there anything else that’s making this type of attack attractive?
Threat actors are looking for widespread disruption, rather than simple data theft. So, in the cases mentioned, it’s not just M&S or JLR, but other businesses that depend on the company that suffer the damage. The attackers are realising that disrupting whole operations in highly-dependent ecosystems causes far greater economic damage and creates cascading effects.
Have you seen this type of attack personally?
I have helped mitigate several attacks of this type this year.
Just a few months ago, an organisation came to us for help. Within the space of 72 hours, employees had received impersonated WhatsApp messages from an executive employee. Then, they were targeted by criminals via not one but two of their supply chain members, who had their systems compromised. The attackers went after ill-equipped members of the supply chain and abused that trust to successfully compromise accounts.
On a broader note, the National Cyber Security Centre (NCSC) said there was a 50% increase in highly significant cyber-attacks. In my role, working with both small and large organisations, I would corroborate that.
On the supply chain issue, what do businesses need to do?
They need to know their contractors and non-full-time staff, and their setup and infrastructure, as well as any business that provides a service to them that stores sensitive information. We hosted a webinar earlier in the year covering some of the more cunning supply chain attacks, Cyber Security Webinar | In Partnership with ECRC | Intersys Blog.
Are there any other big themes this year?
In 2025, it became more apparent to us all that the internet has become centralised and that we’ve become reliant on key players like Cloudflare and AWS. Collectively, we’ve got all our eggs in one basket and sometimes it seems like one breach equals half the internet going down.
Other new attack strategies include ClickFix-style social engineering techniques that trick users into unwittingly running malicious commands on their systems by displaying a fake error message and so-called ‘fix’ instructions.
Is the profile of the cyber-criminal changing?
Yes, in that you don’t have to be equipped with all the knowledge of how to carry out a traditional cyber attack anymore. You can buy a ransomware-as-a-service kit on the dark web for next to nothing and someone will run it for you if you have the money. And these services are increasingly using generative AI, deepfakes and stolen identities.
Gen AI is very scary. You have to ask yourself: is what I am seeing online actually real? With the new ChatGPT iterations, Sora and Gemini, you can now create very realistic-looking videos using AI, and it is going to change the next two years in terms of the cyber security landscape.
How are cyber security companies responding to the cyber threat? How’s their year been?
Unfortunately, a lot of fear-heavy language has been used by vendors and researchers, employing outdated cyber advice.
They crank up the threat language so they can capitalise on selling things that businesses don’t need – and their advice frequently addresses outdated flaws.
I find it frustrating. Advice needs to be more proportionately delivered so businesses spend more time focusing on the threats that actually affect their business and less time on those that are unlikely to ever impact them.
I’m a big fan of the Stop Hacklore movement. It’s a site where people come together to debunk a lot of the myths and scaremongering around that outdated advice.
We’re going to leave mitigating strategies for another day (and readers can look at our blog for lots of cyber security advice). But what overarching principles should organisations employ to stay safe in the year ahead?
Organisations must roll out cyber security training. And they shouldn’t just educate employees on attacks in the work environment but also promote good cyber hygiene out of work – it all falls into the same net at the end of the day. If someone’s practices are poor at home or in their social life, it will impact work – because information about them can be used and weaponised in a corporate setting.
And what mindset is going to help people and organisations stay safe in 2026?
Don’t assume it won’t happen to you. We are all victims of cyber crime and it is a case of when, not if. It happened to me when I was younger and I consider myself to be technically minded. Threat actors will strike at the least ideal times, when you’re busy, stressed etc. Everyone needs to keep that in mind.
Also, everyone must understand that they have an impact. Even the intern who hasn’t been at work for long plays a massive part in cyber security. If they fall for a scam, it could have a knock-on effect across the organisation.
With all your years in the industry, you must have a ‘cyber security radar’. What small signs told you, ‘Something’s not right here’?
When I audit businesses, I often find breaches. Frequently, the thing that alerts me is looking at configurations and thinking, “I’m surprised they haven’t had an issue.” Then I check live logs and, lo and behold… they have. They might just not have realised it.
For instance, a lack of Zero Trust controls is a red flag. When you do have those controls, every sign-in event can be scrutinised and you’ll spot things that don’t add up compared to usual day-to-day sign-ins. When they’re not present, I usually go digging and find… let’s call it the opposite of gold.
Did the criminals win in 2025?
Yes, organisations across the UK lost this year, but they learned an awful lot of lessons that mean 2026 hopefully won’t be as bad as 2025. More organisations are focusing on supply chain diligence. Before, when they implemented new systems or sourced new suppliers, security teams were rarely looped in. Many incidents happened because of this. The industry is learning from its failings.
What are your big predictions in the world of cyber security for 2026?
Autonomous “agentic” IT attacks I believe are inevitable, along with Generative AI social engineering (Deep Fakes via voice and video, and more tailored phishing campaigns). I’d imagine that with AI, ransomware will be easier to pull off, requiring less effort from the attacker, because agentic AI could probably handle the reconnaissance and execution. Also, I believe we are already at war, albeit cyber warfare with hostile nations, they’ll target our Operational Technology to impact our day-to-day, and finally, supply chain attacks, I reckon, will continue!
Useful reading from the Intersys blog:
How To Achieve Operational Resilience Through Your IT Infrastructure
How to Correctly Undertake Backup and Recovery Testing
Cyber Essentials Requirements – Your Guide to Getting Certified
Deepfake Detection and Protection: A Guide for Organisations
What is Vishing? And Why are Vishing Scammers the ‘Hollywood Actors of the Cyber Crime World’?
What is Social Engineering in Cyber Security and How Do I Prevent a Devastating Attack?