“In 2025, if your organisation is online, it’s on the radar.”
We are witnessing an unprecedented wave of cyberattacks across the UK. In just the first quarter of 2025, ransomware incidents rose by 30%, knocking hospitals offline and compromising millions of customer records. From the NHS to major high street banks, nobody is immune and most businesses simply aren’t prepared. We sat down with Mr. Farooq Zafar, veteran IT Cybersecurity Consultant working alongside Fortray, to cut through the jargon and get straight to what’s happening, why it matters, and exactly what organisations can do next.
Q1: Farooq, it feels like every week brings a fresh breach headline. What’s driving this surge?
Farooq Zafar: It really is relentless. On top of that 30% spike in ransomware in Q1, we have seen attackers yoke AI-powered phishing kits and exploit unpatched legacy systems. They are well funded, organised, and treating cybercrime as a 24/7 business. If you have not modernised your defences in the last 12 months, you are almost certainly behind.
Q2: Many SMEs assume they’re too small to be targeted. Is that a fair assumption?
Farooq Zafar: Not at all, actually. That is a big myth. Small businesses get targeted all the time. I mean, last year, the NCSC said something like 63% of UK SMEs reported a cyber incident. That is more than half. The thing is, hackers know smaller companies usually do not have strong defences. Fewer tools, fewer people. But the data is still valuable. So yeah, they go after them. That is why at Fortray, we have kept our detection and response services affordable, so even if you are not a big enterprise, you can still get proper, solid protection.
Q3: That British Airways loyalty breach affected over 1.2 million customers. What went wrong there?
Farooq Zafar: Yeah, that one was big. From what is publicly known, it came down to exposed APIs, weak access controls… and I believe some of the data was not even encrypted at rest, which is a basic. But you know, this kind of thing highlights a bigger issue. Everyone is rushing into digital transformation, new platforms, new tools, but nobody is pausing to secure the basics. At Fortray, we always say: secure faster than you deploy. Because once you are live, you’re also visible to the attackers.
Q4: Phishing is still the top attack vector. Why haven’t we beaten it yet?
Farooq Zafar: Honestly? Because people are still the weakest link. Over 90% of breaches still start with a phishing email and now with AI, the emails look scary real. Even trained IT guys sometimes get caught off guard. That’s why we do not merely throw tools at the problem. At Fortray, we do phishing simulations, hands-on training, to get people thinking before they click. It is about building that everyday awareness across the board.
Q5: What about cloud security? Are companies getting it right?
Farooq Zafar: Look, cloud is brilliant for flexibility and scale, no doubt. But the minute you go live without proper configuration? You are vulnerable. And I’m not saying that lightly, Gartner has already said 99% of cloud breaches will be the customer’s fault, not the cloud providers. Things like open S3 buckets, no MFA, overly generous access all add up. That is why, before anyone migrates, we do a full cloud audit at Fortray. Or if they have already moved, we go in and fix what’s misconfigured. Because cloud missteps? They are silent until they explode.
Q6: How do recent attacks on healthcare underline the stakes here?
Farooq Zafar: I mean… it is scary. There was that NHS-affiliated hospital last month where over 400 surgeries got delayed because of a cyber incident. That is real lives affected. It is no longer just about stolen data; it is about patient care, and urgent treatment being paused. Healthcare simply cannot afford downtime. That is why we have designed highly focused solutions for this sector, including incident response plans, 24/7 monitoring, and everything tailored for hospitals and trusts.
Q7: AI is a double-edged sword in cybersecurity. How is Fortray using it?
Farooq Zafar: Yeah, AI is a tricky one. On one hand, it is a lifesaver. We are using it to detect weird behaviour patterns, flag threats early, speed up response times, so we can jump in before real damage is done. But on the other hand? Hackers are using AI too, for deepfake audio, fake identities, malware that keeps rewriting itself. It is like an arms race. That is why we have built AI into our SOC-as-a-Service. So we are not playing catch-up, we’re keeping pace.
Q8: Budgets are tight across the board. How can organisations protect themselves without breaking the bank?
Farooq Zafar: Yeah, completely get that. Everyone is watching costs right now. The trick is, do not try to buy everything. Focus on the biggest risks first. We offer a complimentary Cybersecurity Consultation at Fortray, it tells you where the holes are. Then you just fix what matters most. Things like MFA, email filtering, good endpoint protection, they are not expensive, and they take your security posture up a few notches straight away.
Q9: Are UK boardrooms finally taking cybersecurity seriously?
Farooq Zafar: It is getting there but slowly. Awareness has improved, no doubt. But action? Still a bit patchy. That Cabinet Office survey last year showed only 26% of UK businesses actually had a proper incident response plan. That is low. Until cyber risk becomes part of the board’s KPIs, like finances or operations, we will keep seeing the same gaps. Cybersecurity needs to move from the IT desk to the boardroom table.
Q10: If you could give one takeaway to decision-makers today, what would it be?
Farooq Zafar: It is simple! Do not treat security like a one-time fix. It is not a “buy this tool and you are sorted” situation. It is a process, check where you stand, improve where you can, keep training your people. And if you do not have the in-house expertise, bring in someone who does. At Fortray, that is exactly what we do, jump in, strengthen your posture, and make sure you are not tomorrow’s headline.
Cyber threats will not wait for budgets to be approved or for training to roll out next quarter. They are here, now knocking at your digital door. The good news? You do not have to face them alone. Fortray offers Cyber Readiness Audits, tailored training, and round-the-clock monitoring to keep your organisation one step ahead. Book a complimentary consultation and turn your cyber vulnerabilities into verifiable strengths.
FAQs
- What is ransomware—and how does it work?
Ransomware encrypts your data, then demands payment for the decryption key. Attacks often begin with phishing or exploiting unpatched systems.
- Why are SMEs attractive to attackers?
SMEs typically lack in-house security teams and robust defences, making them easier targets despite holding valuable customer and financial data.
- What is “Zero Trust” architecture?
A security model that never assumes trust every user, device, and application must be verified continuously, regardless of location.
- How often should organisations conduct penetration tests?
At minimum annually, but ideally after any major infrastructure change or deployment. Regular testing uncovers blind spots before attackers do.
- Why is Multi-Factor Authentication (MFA) so crucial?
MFA adds a second verification layer such as a text code or authenticator app making it much harder for attackers to use stolen credentials alone.
