top of page
Search

Week in Cybersecurity - July 18, 2025

Cyber threats are evolving—and fast. This week, we’re seeing how both attackers and defenders are stepping up their game. From insider risk patterns that show a small group of employees pose the biggest danger, to Google’s AI catching a vulnerability before hackers could exploit it, to the notorious Scattered Spider group shifting tactics across industries—there’s plenty for SMB leaders to take note of. Here's what you need to know to stay ahead.


A glowing hand holds a bright digital shield with a lock icon, set against a dark background with green light effects. Mood is secure.

Top News This Week


Most Cybersecurity Risk Comes from Just 10% of Employees

A new report from Living Security and the Cyentia Institute reveals a surprising truth: just 10% of employees are responsible for nearly 73% of all risky cybersecurity behavior within organizations. The biggest risk often isn’t where you expect—it’s not remote workers or contractors, but full-time, in-office staff and even seasoned executives.


The report highlights that focusing only on phishing misses the bigger picture. Risk comes from poor credential habits, excessive access, and unpredictable behavior—especially among the “chaotic risky” users who are both inconsistent and high-risk.

One major concern: most companies only detect about 43% of risky behavior, and that number drops significantly for those relying solely on traditional security awareness training.


Takeaway: Improving cybersecurity isn’t just about more training—it’s about gaining better visibility into who your riskiest users are and building smarter, more targeted mitigation strategies. A few high-risk individuals can pose a disproportionate threat—make sure your defenses are focused where they matter most.

(Help Net Security)



Google’s AI Tool Foils Hackers Before They Strike

Google’s new AI-powered security tool, Big Sleep, has made a breakthrough in cybersecurity: it discovered a critical software vulnerability (CVE-2025-6965) before hackers could exploit it. The vulnerability was found in SQLite, a widely used open-source database, and was previously only known to threat actors.


What makes this notable is that Big Sleep didn’t just identify a flaw—it predicted it was about to be used in a live attack and helped Google’s teams shut it down preemptively. Google believes this is the first known case of an AI directly stopping a real-world cyber threat before it happened.


This marks a major leap forward in how AI is being used in threat detection and prevention. According to Google, AI tools like Big Sleep can free up cybersecurity teams by handling the time-consuming process of scanning code for vulnerabilities, allowing humans to focus on more complex and strategic threats.


Takeaway: AI is rapidly changing the cybersecurity landscape—not just for tech giants, but for everyone. As threat actors get more sophisticated, SMBs should expect to see more AI-powered tools trickling down to help protect systems proactively, not just reactively. Investing in advanced security tools and partners that leverage AI will become increasingly important.


Scattered Spider Hackers Shift Tactics and Target New Industries

Microsoft is sounding the alarm on Scattered Spider (aka Octo Tempest), a cybercrime group known for its clever social engineering schemes. Since April, the group has expanded its targets beyond retail and insurance to include airlines and other industries, while also evolving its attack methods.


While still relying on impersonation and help desk manipulation to reset passwords, the group is now using more advanced techniques such as:

  • Adversary-in-the-middle (AitM) attacks

  • SMS abuse to intercept login codes

  • Deployment of DragonForce ransomware

  • Targeting VMWare ESX hypervisors for large-scale disruptions


Notably, their attack flow has changed: instead of starting in the cloud and working inward, they're now breaching on-premises infrastructure first, then moving to cloud environments.


Cyber Tip of the Week


Don't trust your help desk blindly. Social engineering attacks often start with someone pretending to be a legitimate employee. Make sure your internal help desk requires multi-step verification—not just a name or employee ID—before resetting passwords or changing access.


Stat of the Week


73% of risky cybersecurity behavior comes from just 10% of users.


(Source: Living Security & Cyentia Institute)


This highlights how targeted security interventions—not blanket training—can have the biggest impact.


Final Thoughts


This week’s stories all point to a critical truth: cybersecurity is evolving fast, and so are the attackers. From AI-powered defense tools like Google’s Big Sleep to the shifting tactics of groups like Scattered Spider, staying secure means being proactive, adaptive, and aware of where your biggest risks really lie. SMBs don’t need to do everything—but they do need to do the right things.


Until next week—stay sharp and stay secure.


Have questions about your cybersecurity posture? Let’s talk.

bottom of page