TESTIMONIALS

โ€œReceived the latest edition of Professional Security Magazine, once again a very enjoyable magazine to read, interesting content keeps me reading from front to back. Keep up the good work on such an informative magazine.โ€

Graham Penn
ALL TESTIMONIALS
FIND A BUSINESS

Would you like your business to be added to this list?

ADD LISTING
FEATURED COMPANY
Cyber

Threat Intelligence Report

by Mark Rowe
Growing strategic competition between China and the United States, alongside increasing geopolitical tensions across the Indo-Pacific region, may drive further cyber espionage activity from state-aligned threat actors. That’s according to the cyber firm NCC Groupโ€™s latest Threat Intelligence Report.
Matt Hull, VP of Cyber Intelligence and Response at NCC Group, said: โ€œHistorically, organisations could draw a relatively clear distinction between ransomware attacks driven by financial gain and nation-state operations designed to support strategic objectives. That distinction is becoming increasingly difficult to make.
โ€œWhat we’re seeing is a convergence of criminal and state-backed activity. Threat actors are sharing infrastructure, adopting common tooling and, in some cases, deliberately operating behind established ransomware brands to obscure attribution and delay response efforts. This creates a more complex threat environment. Organisations can no longer assume a ransomware incident is purely financially motivated. Understanding an adversaryโ€™s behaviour, objectives and operational context is becoming just as important as identifying the malware or ransomware group involved.โ€
Ransomware activity remained high throughout May 2026, with 749 incidents recorded. While overall ransomware activity plateaued month-on-month, the data reinforces the raised baseline observed so far throughout 2026. Industrials remained the most targeted sector, accounting for 29 per cent of recorded attacks. North America continued to be the most affected region. AI-assisted cybercrime is evolving, according to the report. This monthโ€™s analysis examined Kitana, an adversary-in-the-middle fraud platform identified by NCC Group, which demonstrates how AI-assisted development is accelerating cybercriminal tooling while lowering barriers to entry for less sophisticated.
Retained view
Meanwhile, the UK official National Cyber Security Centre (NCSC) Chief Executive, Richard Horne in a lecture to the think-tank RUSI, warned that UK critical infrastructure was hit by more than 200 cyber incidents over the past year, with state-linked attackers behind most. Christopher Clark, Cyber Security Incident Response Team Director at Thrive says that for business leaders, that is impossible to ignore: hostile state activity is now a day-to-day operational risk, not just a national security concern. He says: “Most organisations do not see themselves as targets of geopolitical conflict. However, state-linked groups do not need a defence contract to find a way in; they exploit the everyday technology businesses already rely on.”An incident that starts far beyond a companyโ€™s own operations can quickly escalate. Recent analysis shows cyber retaliation following Iranian military escalation within hours, not weeks, turning geopolitical risk into supply chain, technology and recovery risk for UK businesses. A ceasefire will not change this. Access and tooling built up during a conflict do not expire when the fighting stops and the groups that built them do not stand down.

“Prevention alone is not enough. Most intrusions do not involve malware at all, just legitimate tools repurposed for malicious activity, making early warning signs harder to spot. The real test is how quickly an organisation can assess the situation, make decisions and recover. That requires more than tools and backups. It requires decision-making authority, real threat intelligence and people who have previously handled serious intrusions. In practice, many organisations lack that combination of experience and readiness, which is why I favour a retained incident response capability over building one in-house.

“An internal team formed in response to a breach is already behind, with no shared history under pressure and no time to mature before facing its worst case. A retained team lives this daily and that experience separates a contained incident from a prolonged one. The questions worth asking are: who has the authority to act the moment something looks wrong? And have they ever actually done it before? When the call comes, the difference will not be who has the better tools. It will be who already knows what to do.”

Related News

  • Cyber

    Internal threats in the cloud

    by Mark Rowe

    The sophistication of IT security threats has increased tenfold in recent years; from deepfakes, nation state attacks and the rise in use…

  • Cyber

    Building a resilient nation

    by Mark Rowe

    Over the last year, a series of devastating cyber incidents have severely disrupted organisations across the UK, writesย Ed Felix, Principal Consultant, Beyond…