The Small Business Cyber Security Guy | Cybersecurity for SMB & Startups – Details, episodes & analysis

Host Graham Faulkner dives into Windows 11 25H2 in this solo episode, explaining why this understated update matters for security, stability, and small-business productivity. He breaks down how 25H2 arrives as an Enablement Package (EKB), what that means if you’re already on 24H2, and why the streamlined rollout keeps disruptions to a minimum.

The episode covers key technical and practical changes: removal of legacy components like PowerShell 2.0 and WMIC, continued performance improvements (CPU scheduling, memory management, faster startups), and expanded Wi‑Fi 7 support. Graham highlights Microsoft’s shift toward continuous monthly innovation and why that helps maintain a more secure, reliable environment without waiting for big yearly releases.

Security is a major focus: Graham explains Microsoft’s Secure Future initiative, which brings AI-assisted secure coding and enhanced vulnerability detection into the development and post-release lifecycle. He frames these advances for small business owners, showing how better detection and automated security practices reduce risk and downtime.

Practical deployment and lifecycle details are explained clearly: support-cycle resets (24 months for Home/Pro, 36 months for Enterprise/Education), how to get 25H2 via the “Get the Latest Updates” toggle, controlled rollouts and device holds, and enterprise deployment options like Windows AutoPatch and the Microsoft 365 Admin Center. He also covers admin-friendly improvements such as removing preinstalled Microsoft Store apps with Intune or Group Policy.

The episode closes with hands-on advice: check the Windows Release Health Hub for known issues, back up critical machines before upgrading, verify driver and app compatibility, and prepare rollback plans for important systems. Graham adds a personal anecdote about preparing his vinyl-catalog PC for the update and stresses that 25H2 is about steady, practical improvements—safer, faster, and less disruptive for both single machines and fleets.

In 40 years of Information Technology work, Noel Bradford has never been this angry. On September 25th, 2025, the Radiant ransomware gang stole personal data from 8,000 children at Kido International nurseries, posted their photos and medical records online, and then started calling parents at home to demand ransom payments. This isn't just another data breach. This is the moment cybercrime lost whatever soul it had left.

In this raw, unfiltered episode, Noel breaks down exactly what happened, why the security failures that enabled this attack exist in thousands of UK small businesses right now, and what you need to do immediately to protect your organisation from becoming the NEXT headline.

WARNING: This episode contains strong language and discusses disturbing tactics used by cybercriminals. Parental guidance advised.

What You'll Learn

• The complete timeline of the Kido ransomware attack and how it unfolded
• Why hackers spent weeks inside the network before striking
• The new escalation tactic of directly contacting victims' families
• Five critical security failures that allowed 8,000 children's records to be stolen
• Why "we're too small to be targeted" is the most dangerous lie in business
• The regulatory consequences Kido faces under UK GDPR
• Immediate action steps every small business must take NOW
• Why does this attack signal a fundamental shift in cybercrime tactics

  Key Takeaways The Five Critical Failures

1. Initial Access Was Preventable - Likely phishing, weak passwords, or unpatched vulnerabilities
2. No Monitoring - Weeks of dwell time with zero detection
3. No Network Segmentation - Hackers accessed everything once inside
4. No Data Loss Prevention - 8,000 records exfiltrated without triggering alarms
5. Inadequate Backups - No mention of restoration from clean backups

New Threat Landscape Reality

• Ransomware gangs now directly contact victims' families
• Children's data is being weaponised for psychological pressure
• Moral boundaries in cybercrime have completely dissolved
• Attack tactics proven successful will be replicated by other groups

Business Impact Statistics

• 43% of UK businesses suffered a breach in the past year
• Nearly 50% of primary schools reported cyber incidents
• 60% of secondary schools experienced attacks
• The education sector is particularly vulnerable

Featured Experts & Sources

Government & Law Enforcement:

• Metropolitan Police Cyber Crime Unit
• Information Commissioner's Office (ICO)
• Jonathon Ellison, Director for National Resilience, National Cyber Security Centre

Cybersecurity Experts:

• Rebecca Moody, Head of Data Research, Comparitech
• Anne Cutler, Cybersecurity Expert, Keeper Security
• Mantas Sabeckis, Infosecurity Researcher, Cybernews

Direct Victims:

• Stephen Gilbert, Parent with two children at Kido nursery

Threat Actors:

• Radiant Ransomware Gang (claims to be Russia-based)

Immediate Action Checklist Do These TODAY:

• Enable multi-factor authentication on ALL business accounts
• Check that all software is updated to the latest versions
• Review who has access to sensitive data
• Verify backups exist and are stored offline
• Schedule staff phishing awareness training

Do These This Week:

• Audit your network segmentation
• Implement monitoring and alerting systems
• Review password policies across the organisation
• Create an incident response plan
• Assess cyber insurance coverage

Do These This Month:

• Conduct a full security audit
• Test backup restoration procedures
• Implement data loss prevention tools
• Review vendor and third-party security
• Schedule penetration testing

Resources Mentioned Government Resources

• National Cyber Security Centre: https://www.ncsc.gov.uk/
• Information Commissioner's Office: https://ico.org.uk/
• Met Police Cyber Crime Unit: https://www.met.police.uk/advice/advice-and-information/fa/fraud/online-fraud/cyber-crime/
• UK Cyber Security Breaches Survey: https://www.gov.uk/government/collections/cyber-security-breaches-survey

Cybersecurity Companies

• Comparitech: https://www.comparitech.com/
• Keeper Security: https://www.keepersecurity.com/
• Cybernews: https://cybernews.com/

Legal & Compliance

• UK GDPR Guidance: https://ico.org.uk/for-organisations/guide-to-data-protection/
• Children's Data Protection: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/children-and-the-uk-gdpr/

Episode Quotes

"What happened to Kido International this week represents the absolute lowest point I've witnessed in 40 years of cybersecurity."

"These hackers didn't just encrypt some files and demand payment. They actively posted samples of children's profiles online. Then they started ringing parents directly."

"You're not special. You're not too small. You're not immune. You're just next on the list unless you take action."

"The hackers claim they 'deserve some compensation for our pentest.' Let that sink in. They're calling this a penetration test."

"A child's photo, name, and home address in criminal hands. This data doesn't expire. It doesn't get less valuable. It just sits there, a permanent risk to these families."

"None of these failures are unique to nurseries or large organizations. I see the same problems in small businesses every single week."

"You're making the same mistakes that led to 8,000 children's data being posted on the dark web. The only difference is scale."

Discussion Questions

1. How would you respond if your business were to experience a similar attack?
2. What security measures do you currently have in place?
3. Do you know where your most sensitive data is stored and who can access it?
4. When was the last time you tested your backup restoration?
5. How would you handle direct contact from threat actors?

Connect With Noel Bradford

• Website: The Small Business Cyber Security Guy
• Email: hello@thesmallbusinesscybersecurityguy.co.uk
• LinkedIn: Noel Bradford

Need Help With Your Cybersecurity? Equate Group

Support The Podcast

If this episode made you think differently about cybersecurity, please:

• ⭐ Leave a 5-star review on Apple Podcasts
• 📢 Share this episode with other business owners
• 📧 Subscribe to get every new episode
• 💬 Join the conversation on social media using #KidoHack

 

Legal Disclaimer

The information provided in this podcast is for educational and informational purposes only. It does not constitute legal, financial, or professional cybersecurity advice. Always consult with qualified professionals regarding your specific situation. Opinions expressed are those of the host and do not necessarily reflect the views of any organisations mentioned.

Transcript

Full episode transcript available at: TBC

Episode Tags

#Cybersecurity #Ransomware #DataBreach #SmallBusiness #KidoHack #UKBusiness #CyberCrime #DataProtection #GDPR #InformationSecurity #CyberAwareness #ThreatIntelligence #BusinessSecurity #RansomwareAttack #ChildSafety

© 2025 The Small Business Cyber Security Guy Podcast. All rights reserved.

💀 Welcome to the UK's Cyber Graveyard 💀

Over 2,000 jobs GONE. Centuries of business history DELETED. All because of weak passwords and basic security failures that could have been prevented for FREE.

🚨 THE VICTIMS:

• KNP Logistics: 158 years old, £94.5M revenue → 730 redundancies
• Travelex: Global currency giant → 1,309 UK job losses
• NRS Healthcare: NHS supplier → Currently liquidating after 16 months

💣 THE KILLER: Simple password attacks that Multi-Factor Authentication would have STOPPED

🛡️ WHAT YOU'LL LEARN:✅ The 5 fatal security failures that killed these companies✅ Why MFA blocks 99.9% of credential attacks (and costs nothing)✅ 30-60-90 day action plan to bulletproof your business✅ How to get leadership buy-in without breaking the bank✅ Real case studies from BBC Panorama investigations

⚡ TAKE ACTION NOW:Stop listening and enable MFA on your email systems RIGHT NOW. Your future self will thank you when you're not explaining redundancies to your staff.

Don't become the next cautionary tale in the UK's growing cyber graveyard.

#CyberSecurity #SmallBusiness #Ransomware #DataBreach #MFA #CyberAttack #BusinessSecurity #PasswordSecurity #UKBusiness #BusinessFailure

After 17 episodes covering everything from basic password security to nation-state threats targeting corner shops, Noel and Mauven reveal what actually works, what consistently fails, and why most businesses are fighting 2019 threats with 2015 thinking while facing 2025 attack methods.

🎯 Shocking Revelations:

• 42% of business applications are unauthorised Shadow IT - Your parallel digital infrastructure you never knew existed
• Multi-factor authentication stops 90% of credential attacks - Yet businesses still resist this free silver bullet
• AI systems now write custom malware faster than humans can patch - Deepfakes fool CEOs, psychological manipulation targets individuals
• Supply chain attacks make YOU liable for everyone - Protecting clients, suppliers, and partners becomes your responsibility
• Most successful attacks still exploit basic failures - Unpatched systems, weak passwords, untested backups

🔥 Real Listener Questions Answered:

"My IT budget is three pounds fifty and digestives - how do I justify £8/month for security?"

"Staff revolt against MFA - how do I implement without workplace mutiny?"

"Found 17 project management tools in use - how do I consolidate without chaos?"

"Completely overwhelmed by 17 episodes - where do I actually start?"

"Client angry about payment verification - how do I explain without damaging relationships?"

⚡ What Actually Works :

Systematic thinking over panic-buying security products, modern endpoint protection with AI detection, verification procedures that defeat deepfakes, documentation that survives when Dave from IT leaves, regular testing cycles, and risk-based prioritisation focusing on high-impact areas first.

💥 What Consistently Fails:

"Set it and forget it" security measures, relying on users to spot sophisticated AI-crafted threats, compliance theatre without genuine implementation, single-solution approaches, the "we're too small to be targeted" delusion, and treating cybersecurity as IT-only responsibility.

🎯 Three Things to Implement Immediately:

1. Enable MFA everywhere - Free protection against 90% of credential attacks
2. Implement payment verification procedures - Call back on known numbers before acting
3. Test your backups regularly - Having backups ≠ having working backups

🎧 Perfect For:

Business owners feeling overwhelmed by cybersecurity complexity, IT managers defending security budgets to sceptical accountants, professionals tired of vendor marketing promising magic solutions, and anyone who thinks antivirus software equals comprehensive security.

From basic concepts to AI threats - the complete cybersecurity education in one retrospective episode.

Subscribe for weekly episodes making enterprise-level security thinking accessible for small business budgets. Real solutions, no vendor fluff, practical advice that actually works in the real world.

#SmallBusinessSecurity #CyberSecurity #MFA #ShadowIT #AIThreats #CyberEssentials #DataProtection #BusinessSecurity #TechSecurity #CyberDefense

🎧 Latest Episode Alert | Fresh intelligence from DefCon 33 reveals how AI-enhanced cyber threats to small business are accelerating rapidly. Techniques demonstrated in Las Vegas are targeting UK businesses within weeks.

🚨 Critical Cyber Threats to Small Business

AI-Powered Social Engineering

• 85% success rates against security professionals
• AI psychological profiling from social media
• Voice synthesis for CEO impersonation attacks
• Multi-month fake identity campaigns

Supply Chain Cyber Threats

• Coordinated ecosystem attacks across suppliers
• AI mapping of business relationships
• MSP compromises affecting 200+ networks
• Hardware backdoors surviving firmware updates

Automated Attack Evolution

• 6-hour vulnerability-to-exploit timeline
• 88% evasion of traditional antivirus
• Custom malware for each target
• Cybercrime-as-a-Service platforms

🛡️ Defending Against Modern Cyber Threats

Immediate Actions (Free)

1. Multi-channel verification for financial requests
2. Independent contact verification procedures
3. Staff training on systematic verification

Essential Tech Upgrades (£3-8/user/month)

• AI-powered endpoint protection (Microsoft Defender for Business, CrowdStrike)
• Network segmentation via modern firewalls
• Air-gapped backup systems
• ThreatLocker "Deny All by Default" protection

Cyber Essentials Framework

Version 3.2 updates include 14-day critical vulnerability patching, passwordless authentication recognition, and enhanced remote working requirements.

💼 Business Benefits Beyond Security

• Better insurance rates
• Government contract access
• Supply chain partnership opportunities
• Competitive advantage demonstration

🔥 TRENDING & HASHTAGS

Topics: DefCon 33 findings | AI cyber attacks | Small business vulnerabilities | Supply chain security

Hashtags: #CyberSecurity #SmallBusiness #DefCon33 #AISecurity #CyberThreats #BusinessProtection #UKBusiness #CyberEssentials #InfoSec #ThreatIntelligence #CyberDefense #BusinessSecurity #SecurityFirst

🚀 ENGAGEMENT HOOKS

🔥 URGENT: AI attacks now target small businesses within 6 weeks of DefCon demos 💡 FREE defence strategies that stop 85% of social engineering ⚡ Why your antivirus is useless against 2025 threats 🎯 Turn cybersecurity into competitive advantage

👍 LIKE if this helped you understand modern cyber threats 🔔 SUBSCRIBE for weekly threat intelligence 💬 COMMENT your biggest security concern 📤 SHARE with business owners using outdated protection

🎧 Listen now before these threats target YOUR business!

Subscribe for weekly cyber threat intelligence. Share with business owners still using basic antivirus protection against advanced threats.

🚨 Episode 11: When Your Safety Net Becomes the Target

Backup Security Under Fire + Business Email Compromise Reality Check

Your backups aren't protecting you anymore—they're the primary target. In this explosive double-header episode, we expose why 94% of ransomware attacks now target backup systems first, and how Business Email Compromise enables these devastating attacks.

🎯 What You'll Learn:

• Backup Reality Check: Why "immutable" storage isn't, and cloud sync ≠ backup protection
• Cloud Provider Truth Bomb: Neither Microsoft nor Google guarantee your data integrity
• BEC Epidemic: How £35+ billion in global losses connect to backup destruction
• Modern Attack Chains: Email compromise → reconnaissance → backup annihilation
• What Actually Works: Third-party solutions, testing reality, budget truths

💡 Key Takeaways:

• Only 27% of businesses successfully recover all data after incidents
• 30-40% of cyber insurance claims denied due to backup inadequacies
• Proper backup solutions cost £20-100/month, not £500+
• Process controls beat technical controls for BEC prevention
• Multi-channel verification saves businesses millions

🎙️ Hosts & Guests:

• Noel Bradford - The Small Business Cyber Security Guy
• Mauven MacLeod - Ex-NCSC Cyber Expert
• Oliver Sterling - Veteran IT & Cyber Specialist
• Lucy Harper & Graham Falkner - Announcing The 10-Minute Cyber Fix daily show!

📺 NEW: The 10-Minute Cyber Fix

Starting Monday! Daily cybersecurity news analysis with Lucy Harper. Perfect for commute listening—cutting through vendor panic and media hyperbole to deliver what actually matters for YOUR business.

🔗 Essential Resources:

• Veeam Ransomware Trends Report 2024 - 94% backup targeting statistics
• FBI IC3 BEC Report 2023 - £35+ billion global losses
• Microsoft Online Services Terms - "Commercially reasonable efforts" reality
• NCSC BEC Guidance - UK government protection advice
• Action Fraud BEC Statistics - UK-specific loss data
• Cyber Essentials Scheme - UK government backup guidance
• Google Cloud Terms of Service - Data responsibility clauses

💰 Vendor Solutions Mentioned:

Third-Party Backup: Veeam Backup for Microsoft 365, Druva, Barracuda, Dropsuite, SkyKick

Key Point: Your cloud provider's backup ISN'T enough—you need independent protection.

⚠️ Critical Actions:

1. Implement multi-channel verification for all financial requests
2. Test backup restoration regularly, not just backup completion
3. Deploy third-party backup for cloud services
4. Document procedures that work under pressure
5. Train staff on BEC recognition and response

🎯 Next Week Preview:

Advanced Persistent Threats targeting SMBs - How nation-state techniques filter down to everyday criminals. Special guest from UK's Cyber Security Agency.

📱 Connect With Us:

💼 LinkedIn: Mauven's getting job offers—someone's listening! 📧 Consulting: Real-world security help for small businesses 🎧 Daily Fix: Subscribe for Monday's launch of The 10-Minute Cyber Fix

⚖️ Disclaimer: Educational content only. Consult qualified professionals for business-specific advice. Not affiliated with any government agency or vendor.

🔥 If this episode saved you from a backup disaster or BEC scam, hit subscribe and share with fellow business owners who still think "it's in the cloud" means "it's safe"!

In the final part of our White House CIO Insights series, we explore the cutting-edge AI-powered threats that are transforming cybersecurity. Our special guest Sarah Chen, who heads up AI threat research at a leading UK cybersecurity firm, reveals how artificial intelligence is being weaponized by criminals - and what small businesses can do to defend themselves.

From deepfakes that fool CEOs to AI that writes custom malware in real-time, discover why traditional security approaches are failing and what you need to implement today to protect your business against tomorrow's threats.

What You'll Learn

• How sophisticated deepfakes are targeting UK businesses right now
• Why AI-powered social engineering succeeds 30% of the time vs 3% for traditional phishing
• How criminals are using AI to generate custom malware faster than humans can patch it
• Practical defenses that work against AI threats without enterprise budgets
• What the future threat landscape means for small business cybersecurity

Key Takeaways

🔐 Implement multi-channel verification for all financial transactions and sensitive requests 🔐 Upgrade to AI-powered endpoint protection - traditional antivirus is obsolete 🔐 Train staff on procedures, not threat recognition - create decision trees that work under pressure 🔐 Understand this is ongoing - build adaptive capabilities, not static defences

Source Attribution

This episode features insights from Theresa Payton's interview with the Scammer Payback podcast. Theresa served as the first female White House CIO under President George W. Bush and is a leading expert on cybersecurity threats and manipulation campaigns.

Full Interview: We strongly encourage listening to the complete Theresa Payton interview on Scammer Payback for comprehensive coverage of nation-state threats, deepfakes, and digital privacy strategies.

About Scammer Payback: Excellent podcast and YouTube channel dedicated to exposing cybercriminal tactics and protecting people from fraud. Essential viewing/listening for anyone interested in cybersecurity.

Connect With Us

🎧 Subscribe for weekly cybersecurity insights for small business ⭐ Rate & Review - help other business owners find practical security advice 📱 Share with fellow business owners who need to understand AI threats 💬 Comment with your questions about AI security challenges

What's Next

Episode 11: Backup Security in the AI Age - When even your recovery procedures need defending against adaptive adversaries

Coming Soon: Deep dives into email security, mobile security, and building comprehensive security cultures for small business

Series Information

This episode completes our White House CIO Insights trilogy:

• Episode 8: The Threat Landscape Small Business Faces
• Episode 9: Cyber Essentials - Enterprise Security for Small Business
• Episode 10: Advanced Threats & AI (this episode)

Disclaimer: This podcast provides educational information about cybersecurity threats and defenses. Always consult with qualified cybersecurity professionals for specific advice about your business security needs.

Copyright: © 2025 The Small Business Cyber Security Guy Podcast. All rights reserved.

UK Ransomware Ban: Why Your SMB Just Became a Bigger Target

Show: The Small Business Cyber Security Guy Hot Take

Hosts: Graham Falkner & Noel Bradford

Episode Length: 7:30

Category: Business, Technology

Episode Description

The UK Government just dropped the most aggressive ransomware policy in the world - and it's about to make your small business a much more attractive target for criminals.

Join Graham and Noel as they break down the three shocking proposals that will reshape cyber threats for every British business by 2026.

What You'll Learn:

• Why 72% of consultation respondents backed payment bans despite industry panic
• How the "essential supplier" loophole could snare thousands of unsuspecting SMBs
• The brutal mathematics: £3K prevention vs £300K+ ransomware losses
• Why Cyber Essentials is about to become a business survival tool, not just compliance

Key Takeaway:

With criminals pivoting from locked-down public sector to easier SMB prey, you have 18 months to get your cyber house in order. Don't wait - the attack frequency is about to explode.

Key Statistics

• 72% Consultation support for payment ban

• £1B Global ransomware payments in 2023
• 80% Attack reduction with Cyber Essentials
• 18 Months to prepare before 2026

Key Topics

Government Ransomware Proposals

• Payment bans for public sector and CNI (no exceptions)
• Mandatory 72-hour incident reporting for all sectors
• Government pre-approval required for private sector payments
• Implementation timeline: Late 2026 (if passed)

The SMB Target Shift

• Global ransomware payments: $1 billion in 2023
• UK victims doubled on leak sites since 2022
• Attack displacement from public sector to private SMBs
• Volume strategy: 40 SMBs at £50K vs 1 NHS trust at £2M

Cyber Essentials Reality Check

• 68% reduction in successful ransomware attacks
• Five controls that actually work (when implemented properly)
• Insurance discounts becoming business necessity
• "Badges don't stop hackers, controls do"

Insurance Market Transformation

• Premium increases of 25-50% over next two years
• Claims denials for businesses without proper controls
• CE certification shifting from discount to baseline requirement

Real-World Case Studies:

• Post-ransom betrayal: Attackers left backdoors, insurance refused payout
• Lost government contract: SMB couldn't prove basic cyber hygiene after small breach
• Regulatory tag scenario: Sourdough bakery subject to cyber law for prison deliveries

Action Items

Immediate (Next 30 Days)

• Map CNI/public sector client relationships
• Assess potential supply chain compliance exposure
• Calculate business-specific ransomware impact costs
• Review current cyber insurance coverage terms

Short-term (90 Days)

• Begin Cyber Essentials certification process
• Implement five core security controls properly
• Establish professional security response relationships
• Test backup and recovery procedures monthly

Strategic (18 Months)

• Prepare for potential "essential supplier" designation
• Budget for insurance premium increases
• Develop incident response and crisis communication plans
• Create alternative business operation procedures

Blog Post: The UK Government's Ransomware Gambit: Why Your SMB Just Became a Bigger TargetRelated Episodes

• Episode 2: "Compliance Theatre vs Real Security"
• Episode 6: "Supply Chain Security: Your Weakest Link"

Rate and Review: Help other SMB owners discover critical cyber security insights by rating this episode on Spotify, Apple Podcasts, or your preferred platform.

Questions? Email: hello@thesmallbusinesscybersecurityguy.co.uk

Website: www.thesmallbusinesscybersecurityguy.co.uk

Episode Credits

Hosts: Graham Falkner, Noel Bradford Production: The Small Business Cyber Security Guy Copyright: © 2025 The Small Business Cyber Security Guy. All rights reserved.

Content for educational purposes. Consult cybersecurity professionals for specific business advice.

Episode Description

Join Noel Bradford and Graham Falkner for another cybersecurity hot take as they dive into the alarming world of help desk social engineering attacks. This episode exposes how the notorious Scattered Spider group has weaponized basic human helpfulness to devastating effect, turning your friendly IT support into the front door for ransomware attacks.

From MGM's $100 million disaster to the recent wave of UK retail breaches (M&S, Co-op, Harrods), discover how teenagers armed with nothing more than convincing accents and sob stories are outsmarting million-pound security systems. Spoiler alert: it's not the tech that's failing us.

Key topics

• The Scattered Spider Phenomenon: Meet the English-speaking teenagers who graduated from Roblox to ransomware
• Help Desk Horror Stories: Why your MFA reset process is probably easier than ordering a dodgy kebab
• The MGM Masterclass: How one phone call led to 10 days of casino chaos
• UK Retail Ransomware Wave: The domino effect that took down half the high street
• Sandra's 3AM Security Failures: Why verification questions like "favourite biscuit" aren't cutting it
• Real Solutions That Actually Work: Beyond useless training modules to proper phishing-resistant MFA

Notable Quotes

"You can get your entire digital life reset with less hassle than ordering a dodgy kebab after the pub."

"The help desk culture these days - it's like the Wild West, but with more hold music and less gunfire."

"If your help desk can be outwitted by someone who sounds like they're late for a Fortnite tournament, you've got bigger problems than patching Windows."

"It's not hacking, it's just really, really good acting."

What You'll Learn

• How Scattered Spider targets help desk processes with surgical precision
• Why traditional security questions are laughably inadequate
• The real-world impact of social engineering attacks on major retailers
• Practical defenses that actually work (hint: it's not more training)
• Why your business might be the stepping stone, not the target

Solutions Discussed

• Video verification for all MFA resets
• Phishing-resistant MFA (FIDO2 keys, smart cards, PKI certificates)
• Proper RMM tool controls with device whitelisting and geographic restrictions
• Zero unauthenticated resets policy
• Monitoring for unusual authentication patterns

Episode Hightlights

• The career trajectory from Minecraft to MGM hacking
• Why "favourite colour" security questions are a disaster waiting to happen
• The proposed "angry Scottish nans verification panel" security policy
• The legendary cat impression MFA reset incident
• How one help desk call can ransomware half the high street

Perfect For

• Small business owners worried about cybersecurity
• IT professionals dealing with help desk security
• Anyone who's ever reset a password over the phone
• Security-conscious listeners who enjoy a good dose of British humor with their cyber threats

#Cybersecurity #ScatteredSpider #Ransomware #SocialEngineering #HelpDesk #MFA #UKRetail #MGM #SmallBusiness #InfoSec #PhishingResistant #SecurityAwareness

Remember: Security isn't about being perfect, it's about being better than the bloke next door. Don't let Sandra near the reset button after midnight!

See - https://www.noelbradford.com/blog/scattered-spider-helpdesk-mfa-reset-attack-warning-uk-2025

1984 is here! Just 41 years late - Big Brother is watching and censorship is increasing.

The UK's Online Safety Act went live July 25th, 2025. VPN usage exploded 1,400% overnight. Teenagers are using PlayStation screenshots to bypass age verification.

Join Noel Bradford and Mauven MacLeod for an emergency breakdown of Britain's most expensive digital policy failure and why every tech-savvy teen is already laughing at it.

Warning: Contains passionate commentary about government digital policy

The Spectacular Failure (0:00-4:00)

• ​ProtonVPN's 1,400% UK signup surge in 48 hours
• ​Death Stranding character defeats government AI systems
• ​Why teenagers always win the circumvention game
• ​Digital cavity searches for legal content access

The Authoritarian Agenda (4:00-7:00)

• ​Pattern of moral panics from rock music to the internet
• ​Surveillance infrastructure outlasts the panic that created it
• ​Ministers' unprecedented power to designate "harmful" content
• ​International platforms blocking UK users entirely

The VPN Danger Zone (7:00-10:00)

• ​Millions of non-tech users suddenly need VPN services
• ​How to avoid data harvesting and malware traps
• ​Red flags in free VPN services
• ​Recommended providers with proven track records

The Bottom Line (10:00-12:00)

• ​Why this was never about protecting children
• ​Essential digital literacy in the circumvention era
• ​The only rational response to broken digital policy
• ​1,400% increase in VPN signups within hours of enforcement
• ​Over 280,000 signatures on petition to repeal the Act
• ​6+ years from conception to failure by video game screenshots
• ​Zero responses from some platforms to compliance requirements