How your business can stay safe in December
November continues to be a reminder of how relentless cyber threats have become. From global corporations to local councils, attackers exploited vulnerabilities and caused significant disruption. Here are the key lessons we’ve learned and practical steps that your business can take right now to reduce risk.
What happened in November?
London Councils cyber attack
What happened:
- On Nov 24–25, 2025, three London borough councils, Kensington & Chelsea, Westminster and Hammersmith & Fulham, were hit by a major cyber attack on their shared IT systems
- The attack disrupted phone lines, online forms and critical services like housing and social care. Emergency plans were activated and systems were taken offline to prevent further damage
- Investigations revealed data was accessed and copied, likely historical records. The councils notified the ICO and worked with the NCSC and law enforcement
Key lessons learned:
- Shared infrastructure = shared risk: interconnected IT systems across councils amplified the impact
- Legacy systems and underfunded IT teams remain a critical vulnerability in public sector organisations
- Business continuity planning is essential: manual workarounds and prioritisation of critical services helped maintain support for vulnerable residents
- Data protection and segmentation: stronger network segmentation and identity/access controls could have limited lateral movement
- Public communication matters: councils issued regular updates to maintain trust and reduce panic
Ransomware surge
What happened:
- Throughout November 17th – 23rd 200 ransomware victims globally in one week, which was part of a broader trend:
- November saw 659 attacks, with manufacturing (+35%) and education (+24%) sectors hit hardest
- Top ransomware gangs: Qilin (107 claims), Akira (100), Clop (94)
- Clop exploited an Oracle zero-day, showing attackers’ reliance on vulnerabilities for initial access
- Data theft dominated: Over 31,200 TB of data allegedly stolen in November alone
Key lessons learned:
- Double extortion is standard: encryption is no longer the only indicator, silent data exfiltration often precedes detection
- Patch management is critical: zero-day exploitation remains a top entry point
- Sector-specific risk: manufacturing and healthcare remain prime targets due to operational sensitivity
- Incident response maturity matters: organisations with strong backups and tested IR plans recover faster and avoid paying ransom
Under Armour ransomware attack
What happened:
- Hackers claimed access to millions of personal records, targeting internal corporate systems
- The breach caused operational disruption and reputational damage, highlighting the trend of data-theft-first ransomware attacks
Key lesson learnt:
- Attackers now prioritise exfiltration over encryption:
- Traditional ransomware defences focused on encryption are insufficient
- Monitoring and anomaly detection (e.g. unusual data transfers, privilege escalation) is critical for early detection
Mixpanel breach impacting OpenAI customers
What happened:
- Analytics provider Mixpanel suffered unauthorised access, exposing API customer metadata and user IDs
- This incident shows how third-party risk can compromise even the most advanced tech ecosystems
Key lesson learnt:
- Third-party risk management is essential:
- Only use trusted vendors with strong security practices
- Implement continuous vendor risk assessments and enforce compliance
- CSG provides third-party vendor management to help businesses mitigate this risk
SitusAMC vendor breach affecting major banks
What happened:
- A supply-chain attack exposed sensitive mortgage-related data linked to major banks like JPMorgan, Citi and Morgan Stanley
- The FBI confirmed attackers focused on quiet data theft, not ransomware
Key lesson:
- Vendor risk management is as critical as internal security:
- Attackers increasingly exploit trusted partners to bypass strong internal defences
- Continuous monitoring, contractual security requirements and incident response coordination with vendors are vital
Key lessons for businesses
- No one is too small to be targeted
SMEs are prime targets because they often lack advanced defences - Supply chain risks are real
Your security is only as strong as your weakest vendor - Human error is still the #1 threat
Phishing and social engineering remain the easiest way in - Incident response plans save businesses
Companies with tested plans recover faster and minimise damage
What can you do in December?
CSG’s top 6 cyber security actions to protect your business before 2026:
- Enable Multi-Factor Authentication (MFA): add an extra layer of security to prevent credential theft
- Patch and update systems immediately: close known vulnerabilities, especially on VPNs and firewalls
- Review access controls: limit admin privileges and enforce least privilege principles
- Run a cyber awareness session with CSG: our team are happy to come down and educate your staff on phishing, social engineering and holiday-seasons scams. Arrange this today!
- Back up critical data securely: ensure backups are encrypted and stored offline or in a secure cloud
- Test your Incident Response Plan: run a tabletop exercise to confirm readiness
Looking Ahead: Prepare for 2026
Cyber threats are continuing to grow quickly, with AI-driven attacks, supply-chain exploits and identity-based threats will dominate in 2026. Staying informed and proactive is key.
Book your cyber security consultation with CSG today to assess your risk and strengthen your defences.
And don’t miss our end-of-year cyber security Webinar: “2026 Cyber Security Predictions”
Date: Tuesday 9th December | Time: 10:00 – 10:45am
Share this session with your team and start 2026 with confidence!
Together, we can build a stronger, more resilient business community.