April 2026 Newsletter
Posted By: Mark Friday 29th May 2026 Tags: AI, Apple, Artificial Intelligence, cyber attacks, cyber crime, Cyber Security, Data Breach, Data Leak, Data Protection, NCSC, Newsletter, Online Safety, phishing, ransomware, Social Media, technology, vishingThis month: Phishing and Vishing threats, NCSC promotes Passkeys, Claude AI gets hyped, Apple turns Fifty – plus the latest LaneSystems news.
Phishing and Vishing: The Business Risk Hiding in Plain Sight
Cybersecurity threats are often assumed to be highly technical, complex malware, advanced exploits, or sophisticated system breaches. In reality, the most effective attacks today are far simpler. They target human flaws.
Phishing and vishing attacks have become the primary entry point for cyber incidents across organisations of all sizes. Rather than exploiting technical weaknesses, they exploit human behaviour. Using trust, urgency, and familiarity to bypass even well-established security controls.
Exploiting Individuals with Phishing and Vishing Attacks
Phishing typically arrives via email, disguised as a trusted source such as Microsoft, a supplier, or a colleague. The goal is to persuade the recipient to click a link, open an attachment, or enter credentials into a fake login page. Vishing follows the same principle but uses phone calls instead. Often impersonating IT support or senior management to create pressure and extract sensitive information.
What makes these attacks particularly dangerous is their direct impact on core business risks. A single successful attempt can lead to compromised credentials, unauthorised system access, and the exposure or manipulation of sensitive data. In some cases, attackers remain undetected while monitoring communications, enabling them to insert themselves into legitimate processes such as supplier payments or client interactions. In others, access is used to deploy ransomware or expand the attack internally.
These outcomes directly affect the confidentiality, integrity, and availability of information, the core principles of information security and a central focus of ISO/IEC 27001.
How Phishing and Vishing affects Businesses
The real-world impact is significant. Many organisations have experienced invoice fraud following email compromise, where attackers alter payment details within genuine conversations. Others have seen internal phishing campaigns launched from compromised accounts, spreading the attack further across the business. Vishing attacks add another layer of risk, with employees persuaded in real time to approve access or disclose information under the assumption they are assisting a legitimate request.
What these scenarios have in common is not a failure of technology, but a gap in awareness. Attackers are not trying to break systems. They are relying on individuals making quick decisions in busy working environments. A convincing message, combined with a sense of urgency, is often enough.
Understanding the Risks with Phishing and Vishing Training
This is why awareness is not just a supporting measure, but a fundamental control. Within an information security management system, organisations are expected to ensure that personnel understand the risks they face and their role in managing them. Without that understanding, even strong technical controls can be bypassed in seconds.
Organisations that manage this risk effectively take a more proactive approach. Rather than treating awareness as a one-off exercise, they build it into everyday operations. This often includes structured training, regular communication, and controlled phishing simulations designed to reflect real-world scenarios. These simulations are particularly valuable, as they provide measurable insight into how employees respond, highlight areas of vulnerability, and allow targeted improvement over time.
Importantly, this approach is not about catching people out, it is about strengthening the organisation as a whole. When employees are regularly exposed to realistic scenarios and understand what to look for, they become far more confident in identifying and reporting suspicious activity. Over time, this shifts the organisation from being reactive to genuinely resilient.
Phishing and Vishing Training boosts Cyber Security
From a business perspective, the benefits are clear. Improved awareness reduces the likelihood of successful attacks, limits financial and operational impact, and supports compliance with recognised standards. It also provides reassurance to customers and partners that information security is being actively managed, not just technically implemented.
Phishing and vishing are not going away. If anything, they are becoming more targeted and more convincing. The organisations that manage this risk successfully are those that recognise a simple but critical point: Security is not just about systems. It is about people. And when those people are properly equipped to recognise and respond to threats, they become the strongest control an organisation has.
If you are a business in the North-East of England who is looking to boost your cyber security and improve your organisation’s cyber awareness about phishing and vishing attacks, get in touch today to find out more about our phishing and vishing training services.
LaneSystems News
Charity News
In April we have been helping out St Teresa’s Hospice by donating £300 of Phishing campaign awareness training.
If you are a business in the North-East of England who is looking to improve your organisation’s cyber security awareness of phishing and vishing attacks, get touch today for a chat about our phishing and vishing training services.
Passkeys: Why the NCSC Says It’s Time to Move Beyond Passwords
The National Cyber Security Centre (NCSC) has announced a major shift in UK cyber-security guidance: passkeys should now be the default way people and businesses log in, wherever they are available. Passwords, even strong ones, are no longer considered resilient enough against modern cyber threats. This marks the biggest change in everyday security advice for more than a decade.
What are passkeys?
Passkeys are a new, more secure way to sign in to online accounts. Instead of typing a password, your device uses a pair of cryptographic keys – one stored securely on your phone or computer, and one held by the service you’re logging into. You simply approve the login using the method you already use to unlock your device, such as Face ID, fingerprint or a PIN.
Because the private key never leaves your device, it cannot be intercepted, guessed, reused or stolen in the way passwords often are.
Why the NCSC says passkeys are better
The NCSC highlights three major advantages:
Far stronger security
Passkeys are resistant to phishing – the most common way attackers steal login details. Even traditional multi-factor authentication (like SMS codes or authenticator apps) can still be phished, but passkeys remove this risk entirely.
Faster and easier to use
Logging in with a passkey can be up to eight times faster than entering a username, password and verification code. There’s nothing to remember and no need to create complex passwords.
More resilient for businesses and users
Because passkeys can’t be relayed or reused, large-scale attacks become far less effective. The NCSC notes that widespread adoption will significantly reduce the UK’s exposure to phishing attacks.
How passkeys work in practice
Your device’s built-in password manager – now more accurately called a credential manager – creates, stores and protects your passkeys for you. It can also sync them securely across your devices, so you don’t need to set them up repeatedly
Apple, Google, Microsoft, PayPal and many others already support passkeys, and adoption is growing rapidly across the UK. But, if a service doesn’t yet support passkeys then the NCSC you should continue to use strong, unique passwords generated by a password manager along with two-step verification (2SV) for added protection. This remains a robust defence until passkeys become universal.
Claude Mythos: Cutting Through the Hype Behind the “Super-Powerful” AI
Over the past month, Anthropic’s upcoming AI model, Claude Mythos, has been described in headlines as everything from “super-powerful” to “dangerous” and even capable of “breaking the internet.” Early press coverage focused heavily on dramatic claims that Mythos could autonomously hack into any system, find thousands of hidden vulnerabilities, and outpace human security experts. But as more people have tested it, a very different picture has emerged.
Much of the alarm began when Anthropic revealed that Mythos could identify and exploit software vulnerabilities at high speed, even in major operating systems and web browsers. This led to speculation that criminals could use it to launch large‑scale cyberattacks. The hype intensified after a widely reported incident at PocketOS, where an AI coding agent powered by Anthropic’s Claude Opus—not Mythos—deleted the company’s entire production database in just nine seconds. Although dramatic, this case was ultimately traced to a chain of human and infrastructure failures, not an uncontrollable AI “going rogue”.
Reality vs Hype
As researchers and engineers gained access to Mythos through Anthropic’s controlled preview programme, the tone shifted. Early testers at AWS, Mozilla and others reported that while Mythos is fast and useful, it is not the unstoppable hacking engine some feared. Mozilla’s CTO noted that Mythos found 271 bugs in Firefox—but none that a skilled human researcher couldn’t also find . Others pointed out that Anthropic’s claims of “thousands” of severe vulnerabilities were extrapolations rather than confirmed findings, and that many demonstrations relied on simplified test environments rather than real-world systems .
Security analysts have been even more blunt. One researcher described the Mythos story as “misinformation and hype,” while another called it “a nothingburger,” arguing that attackers don’t need Mythos when existing models and tools already accelerate vulnerability discovery .
Even the supposed “unauthorised access” incident, where a small group guessed the model’s URL, highlighted more about supply-chain weaknesses than about Mythos itself .
What this means for businesses
Mythos is not magic, nor is it a cyber-apocalypse machine. It’s an advanced tool that can help security teams find issues faster, but it doesn’t replace human expertise, and it isn’t capable of autonomously tearing through the internet.
The real lesson is about hype versus reality. As with the PocketOS incident, the biggest risks often come from rushed adoption, weak safeguards, and overconfidence in “agentic” AI tools—not from AI models suddenly developing superpowers.
Even if the early hype around Mythos proves exaggerated, it still signals an important shift in how cyber security is evolving. The next wave of threats and defences will be driven by speed and automation. Businesses will no longer rely solely on slow, manual checks or once-a-year security reviews. Increasingly, tools are needed that can scan systems continuously, flag unusual behaviour in real time, and adjust access controls automatically when something looks suspicious.
This isn’t about replacing people; it’s about giving security teams the kind of rapid, automated support that attackers are already beginning to use. Companies that adopt these approaches early will be far better prepared, while those that stick to older, reactive methods may find that automated attacks simply move too fast for human-only responses to keep up.
Apple at 50: From Garage Startup to Global Tech Powerhouse
Apple has marked its 50th anniversary, a milestone that highlights how far the company has come since its humble beginnings in a Californian garage. Founded on 1 April 1976 by Steve Jobs, Steve Wozniak and Ronald Wayne, the company’s first product was the Apple I, a simple circuit board sold to hobbyists. Its early breakthrough came with the Apple II, one of the first successful home computers, followed by the Macintosh, which helped popularise the graphical user interface and mouse for everyday users.
Apple’s influence expanded dramatically in the early 2000s with the launch of the iPod, which transformed portable music. Before the iPod, digital music players were clunky and difficult to manage; Apple’s design and the introduction of iTunes made digital music mainstream almost overnight. This success paved the way for the iPhone, unveiled in 2007 as “an iPod, a phone, and an internet communicator” in one device. It quickly reshaped the mobile phone industry and remains one of the world’s best-selling consumer products, with more than 200 million sold each year.
Today, Apple stands as one of the world’s most influential technology companies. It has over 2.5 billion active devices globally and a market value close to $4 trillion, driven by products such as the iPhone, iPad, Mac, Apple Watch and a rapidly growing services business. Its 50th anniversary celebrations — from global events to a reflective message from CEO Tim Cook — emphasise both its cultural impact and its ongoing commitment to “thinking different”.
Half a century on, Apple continues to shape how people work, communicate and create, remaining a defining force in modern technology.
Need Cyber Security?
If you’re a business in the North East of England and looking for professional and reliable cyber security services, IT consultation, and general IT services to keep your company cyber secure, get in touch. Cybersecurity is a continuous process, and staying proactive is key to safeguarding digital assets.
