Cybersecurity Decrypted #39: Deepfake Dilemma, Iran Tensions, Security Defaults Tightened

Many organizations are sitting on a cybersecurity goldmine but aren’t using it. Tools like Microsoft 365 and Google Workspace offer strong security features, like Multi-Factor Authentication (MFA) and advanced email filtering, but most companies—especially small businesses—leave them switched off.

Why? Often, it’s a lack of dedicated security staff, know-how, or simply the complexity of implementation. Microsoft, for instance, has historically made more advanced controls a headache, while some providers lock premium features like Single Sign-On (SSO) behind paywalls, putting off smaller firms that are strapped for cash.

The good news? Change is coming. Microsoft announced this week that, starting in July 2025, all Microsoft 365 tenants will block access to SharePoint, OneDrive, and Office files via outdated legacy authentication protocols. This follows their February move to enforce MFA by default for all admin panel accounts. Microsoft is also stepping up security for newly provisioned and reprovisioned Windows 365 Cloud PCs with new security defaults rolling out in the second half of 2025.

But here’s the rub: Higher security defaults can add complexity and cost, especially for lean teams. There’s a debate brewing—do these measures protect or overwhelm? Still, the trend is clear: companies are increasingly raising the bar on security defaults, or at least making these controls easier to adopt. With cyberattacks on the rise, the question isn’t whether organizations can afford to strengthen their defenses—it’s whether they can afford not to.

Industry news, including funding, acquisitions and new product releases to watch this week.

• Snyk acquires Invariant Labs: “We’re combining deep security research with real-time, production-grade defenses to secure [AI agents] at runtime. This acquisition isn’t just about security features; it’s how Snyk is leading the evolution of governance for intelligent agents, giving enterprises the confidence to safely build and deploy.”- Manoj Nair, Chief Innovation Officer at Snyk. 🔗
• Google release defends against prompt injection: The tech giant is incorporating new security measures into its genAI systems to make it more difficult and expensive for attackers to breach them. 🔗
• Meta offers passkey support for Facebook: Users will be able to switch to the secure authentication method “soon” across Facebook for iOS and Android, as well as Facebook’s Messenger platform. 🔗
• UK cyber startups struggle to receive funding: Despite government support efforts amid a string of recent threats against UK businesses, VC funding for UK cybersecurity startups is on track to hit its lowest level in a decade. 🔗
• Ransomware payments are dropping, new report finds: According to Sophos’ State of Ransomware 2025 report, the average payment dropped by 50% over the past year, with 53% of victims paying less than the initial demand. 🔗

Would you be interested in a weekly interested just on industry news?

AI-generated deepfakes—hyper-realistic videos, images, or audio created using deep learning and Generative Adversarial Networks (GANs)—are no longer just a Sci-Fi gimmick; they’re a serious cybersecurity menace. From impersonating CEOs in fraud schemes to spreading disinformation during elections, deepfakes are becoming increasingly common. And not only that, but they’re scarily convincing.

The risks are staggering: There are a huge number of use cases for deepfake attacks—from sending users non-consensual adult content, blackmail, and fake endorsements, to carrying out financial fraud, data breaches, reputational damage, and even instigating legal battles over consent and digital identity. We’ve likely all heard about the Arup deepfake incident, in which an employee was tricked into sending £20M GBP to cybercriminals after joining a deepfake video scam call. And in a concerning trend, we’ve heard that WhatsApp is increasingly being used as a vector to spread deepfaked voice notes of CEOs, asking for the purchase of gift cards or for employees to share MFA codes.

Countering this threat demands a multi-pronged approach. Multi-factor authentication, biometric liveness checks, and robust KYC processes can block deepfake impersonation attempts. Security Awareness Training (SAT) with behavior-based, positive-reinforcement models can help teach users to spot social engineering. We’re also seeing the emergence of AI-powered detection tools like Intel’s FakeCatcher or Google’s SynthID, but they’re locked in an arms race with ever-improving deepfake tech. And finally, we see further hope in content-tracing initiatives like C2PA.

Why it matters: The clock’s ticking. Without coordinated action from tech providers, governments, and regulators, deepfakes could erode trust in what we see and hear. As Edgar Allan Poe warned, “Believe half of what you see and nothing of what you hear,”—which has never been more relevant than now.

Read our full guide to AI deepfakes, including how malicious AI swarms may threaten democracy.

Threats and APTs

• Record-breaking DDoS attempt thwarted: Cloudflare has reported stopping a 7.3 Tbps DDoS attack—the largest on record. 🔗
• “Salt Typhoon” group targets Canadian telecom providers: According to the FBI and Canadian Centre for Cyber Security, the China-backed APT group targeted dozens of key organizations with reconnaissance attacks. 🔗
• Health organizations hit by ransomware: Unnamed attackers took down a key health information system within the Tonga Ministry of Health, while another ransomware group targeted McLaren Health Care, stealing the Social Security numbers and health insurance information for over 740,000 people. 🔗
• North Korean hackers hijack Zoom meetings: The Pyongyang APT, “BlueNoroff”, tricked meeting participants into executing malicious commands that provider the attackers with full access to their systems. 🔗
• False alarm: A viral report of 16 billion stolen credentials turned out to be a database of older, already leaked passwords. So that’s alright then! 🔗
• Infostealer exposes treasure trove of Paraguayan data: After infecting a government employee’s device with infostealer malware, attackers have listed the personal data of 7.4 million Paraguayan citizens—almost the entire population—for sale on the dark web. 🔗
• UK Council breach exposes PII: Oxford City Council reported that the attackers may have access personally identifiable information of current or former Council officers. 🔗

Government and Policy

• US House of Representatives bans WhatsApp: Due to worries about the popular messaging app’s security, House staff are prohibited from downloading WhatsApp on any government-issued device. 🔗

• The profitability of ransomware: Rupesh Chokshi, Senior Vice President at Akamai Technologies, explores the future of application security in the age of AI. Listen here.
• The AI arms race: Amir Kazemi, Director of Product Marketing at Cycode, discusses why 80% of CISOs say that attack surfaces are unmanageable, and how ASOC can help DevSecOps teams reduce those challenges. Listen here.

Subscribe today.

• Top RMM Solutions For MSPs
• Top Mobile Device Management (MDM) Solutions
• Top Email Security Gateways
• Top Email Security Solutions For Office 365
• Top Identity And Access Management Solutions
• Top Phishing Protection Solutions
• Top Phishing Simulation And Testing Solutions
• Top Cyber Threat Intelligence Solutions