This month's headlines shared one thread: most victims weren't "hacked" in the dramatic sense. Attackers logged in — with stolen passwords, hijacked sessions and trusted connected apps. The door was open; they walked through it.

The four things that mattered

  • MFA was bypassed — and around 86,000 Fortinet logins leaked. Attackers relay your codes in real time or steal your session entirely. MFA still matters enormously; the type is what counts. Do this: move sensitive accounts to phishing-resistant MFA (passkeys) and switch on number-matching.
  • A forgotten app became the way in (Salesforce/Klue). A connected app you authorised months ago can hand over the keys — and groups like ShinyHunters kept breaching big names such as Kodak via suppliers rather than head-on. Do this: review your connected apps and suppliers — what can each see, what access does it have, do you still need it? Revoke the rest.
  • The edge stayed under fire. Critical Fortinet flaws were actively exploited, and June's Windows updates were another patch reminder. Do this: treat critical patches as a 14-day clock, and make sure someone owns the status of every internet-facing device.
  • Microsoft 365 isn't backing up your data — not the way most people assume. Keeping the service running is Microsoft's job; protecting your content is yours. Do this: put an independent, tested backup in front of Microsoft 365 and your servers.

For schools, the prospect of pupil photos fuelling AI-driven blackmail makes staff awareness and a rehearsed incident plan non-negotiable too.

The common thread

Every one of these maps back to a basic done — or not done — consistently. The NCSC is handling around four major attacks a week; the organisations that come through well aren't the ones with the biggest budgets, but the ones with the fundamentals joined up — phishing-resistant MFA, managed patching, immutable backups, monitoring and a tested response plan. That's exactly what our Cyber Resilience Programme is built to deliver.

Your next step

Wondering "would we be okay?" The honest way to answer is to look. We offer a free, no-obligation cyber review — or self-check in two minutes with our free Cyber Risk Calculator. Get in touch on 0161 738 1399 or helpme@foresightuk.com.

General information, not specific advice — get in touch for a review tailored to your organisation.