Get the latest cyber news and updates straight to your inbox.
Your organisation’s greatest security risk isn’t a shadowy hacker in a hoodie – it’s the well-meaning employee who shares passwords to meet a project deadline, uses Dropbox because the approved file-sharing system is too slow, or clicks on a phishing email from what appears to be a trusted colleague.
“Human risk is usually not from bad actors,” explained digital strategist Petra Vincent during the discussion. “It usually comes from when someone’s trying to find an easier route, when teams are incentivised to move really fast without any guardrails, and then they start to bypass controls.”
The scenarios are painfully familiar:
As I pointed out during our discussion, this creates a dangerous disconnect: “You can sometimes end up with this big disparity between what the leadership team think is happening and what’s actually happening on the ground.”
The webinar panel unanimously agreed that annual security training (the checkbox exercise most organisations rely on) simply doesn’t work. Instead, they advocated for frequent, bite-sized training that creates real accountability.
Vincent shared an effective approach from her previous firm: “We would do phishing tasks at least once a week, randomised across the firm. After something happened three times, then you would have to take some form of training. We had things where if you didn’t take this training, your email would get shut down by the end of the day.”
The key is making security part of the organisational culture rather than an annual obligation. When employees understand the real-world consequences of their actions and feel safe reporting mistakes, organisations can close security gaps before they become breaches.
Our free cyber risk tool shows you what attackers can see about your organisation
Phishing attacks have evolved far beyond the poorly-written email scams of the past. Modern attackers use AI to craft sophisticated, personalised attacks across multiple channels:
Matthew Wylie, who provides Virtual CISO services for FoxTech clients, shared a recent example of how these sophisticated attacks succeed: “The reason it was successful was because one of their contacts had been compromised. The email came from a trusted source, someone they dealt with day to day. They didn’t know that their account was compromised.”
Even with good training, click-through rates on phishing simulations typically run 4-5%. In an organisation of 500 people, that means 20-25 employees will likely click on any given phishing email that gets through filters.
Multi-factor authentication (MFA) is essential, but not all MFA methods provide equal protection against bypass techniques. Simple MFA methods like SMS codes or emailed passcodes can still be harvested by sophisticated phishing kits that immediately use captured credentials.
The webinar emphasised investing in phishing-resistant MFA – hardware tokens, passkeys, or Windows Hello for Business – particularly for privileged accounts. As I explained during the discussion: “These are tightly coupled to the URL on which you log in. Even if you went to a malicious site, your hardware encryption key would not release the required credential to the phishing site because it’s on a different URL.”
For organisations concerned about cost, hardware tokens can be as inexpensive as £5 per user – a minimal investment compared to the potential cost of a breach.
The rapid adoption of AI tools has created a new category of risk: shadow AI. Employees frustrated by organisational restrictions on AI tools often resort to copying sensitive information into personal ChatGPT accounts or other unauthorised platforms.
“We saw when AI first came out, some companies just immediately put the doors down and said no, you cannot use it,” noted Wylie. “There wasn’t really an acknowledgement that these tools are really useful, but you need to understand the risks they bring.”
The solution isn’t blanket prohibition but providing approved AI tools with proper data controls, such as Microsoft Copilot configured to use only organisational data, combined with technical controls like data loss prevention software to monitor for sensitive information leaving the organisation.
You can listen to the complete 60-minute discussion, including detailed technical recommendations and Q&A with the expert panel.
Understanding the attack progression helps organisations prepare better defences. After successful credential theft, attackers typically:
This process can take months, during which the attacker quietly explores the environment. Organisations relying on standard Microsoft 365 logs (which retain data for only 30 days) often cannot investigate the full scope of a breach once discovered.
The webinar panel offered three immediate actions every organisation should implement:
Additional recommendations include abandoning forced 90-day password changes in favour of unique passwords per site, implementing phishing-resistant MFA for critical accounts, and establishing security working groups where employees can safely report concerns.
One practical tool mentioned during the webinar is FoxTech’s free Cyber Risk service, which uses open-source intelligence to show organizations what attackers can see about their external digital footprint. Having analysed over 20,000 organisations, this service provides a benchmark for where your organisation stands relative to others in terms of external vulnerabilities.
Get in touch to find out more about our comprehensive security services
Cybersecurity is fundamentally a human problem that requires cultural solutions alongside technical controls. Even the most sophisticated firewall cannot protect against an employee who clicks a convincing phishing email or uploads sensitive data to an unauthorised AI tool.
Organisations that acknowledge this reality and work to align security policies with how people actually work – rather than how they wish people would work – create more resilient defences against the threats that matter most.
Expansive compliance frameworks listing hundreds of security measures can be found in may places, from the likes of NIST, ISO and CIS. While great for defining what “good” looks like – which controls give you
Running a Security Operations Center (SOC) can be a significant investment for any organisation. While the benefits of having a SOC are clear, it’s important to weigh the costs and benefits of running a SOC
We live in an increasingly connected world and with this in mind, cyber threats are growing every day. Today, ransomware attacks are on the rise while phishing scams are becoming even more convincing. We are
