Lessons from our Cyber Byte: BEC, Phishing, Ransomware and DDoS

03.06.26

General

Cyber attacks continue to affect organisations of every size and sector. While the headlines often focus on major breaches, many attacks start with something far simpler – a convincing email, a compromised password or an employee clicking the wrong link.

In our Cyber Byte session, supported by Network ROI, cyber security specialists Neil Douglas from Network ROI and Willie Fairhurst from the Cyber and Fraud Centre – Scotland explored four of the most common threats facing organisations:

The good news? There are practical steps every organisation can take to reduce risk and improve resilience.

BEC is one of the most financially damaging cyber crimes affecting organisations. Rather than relying on malware, criminals impersonate trusted individuals such as senior team leaders, suppliers or colleagues. Their goal is to convince someone to transfer money, change bank details or disclose sensitive information.

Common warning signs:

How to protect your organisation:

Phishing remains one of the most common ways criminals gain access to organisations. Attackers send emails, text messages or messages through collaboration platforms that appear legitimate, but are designed to steal passwords, install malware or trick users into taking harmful actions.

Modern phishing attacks are increasingly sophisticated and often exploit trust, urgency and curiosity.

How to reduce the risk:

Willie and Neil discussed during the webinar, that user awareness remains one of the most important controls. Even the best technical solutions cannot stop every malicious email from reaching an inbox.

Ransomware attacks encrypt files and systems, preventing organisations from accessing critical information until a ransom is paid. These attacks can result in operational disruption, financial losses and reputational damage.

Key preventative measures:

A common misconception is that ransomware is solely a technical problem. In reality, many ransomware incidents begin with compromised credentials obtained through phishing or weak security controls.

A Distributed Denial of Service (DDoS) attack floods online services with traffic, overwhelming systems and preventing legitimate users from accessing websites or applications.

Unlike ransomware, the objective is not always to steal data. Often the goal is disruption.

Preventative measures:

One of the key messages from the webinar was that MFA remains critical but should not be viewed as a silver bullet. Organisations should also consider:

These controls can restrict access based on:

Organisations should ensure that only approved and compliant devices can access business systems and sensitive information.

Older authentication protocols may bypass modern security protections and should be disabled where possible.

The first few minutes matter.

If you suspect a compromise:

Panic leads to mistakes. Focus on gathering information and follow your incident response process.

Disconnect compromised devices from your network where appropriate.

Reset passwords for affected accounts and revoke active sessions where possible.

Avoid deleting emails, logs or files that may help investigators understand what happened.

Depending on the incident, this may include:

Determine:

Every incident provides an opportunity to strengthen controls and improve resilience.

There is no single solution that eliminates cyber risks. The most resilient organisations combine:

Cyber security is most effective when people, processes and technology work together.