Cyber Security Awareness Month 2025
Phishing remains the single most common cyber threat facing organisations today. What’s changed in 2025 is the sophistication, speed, and scale at which these campaigns are delivered.
As part of Cyber Security Awareness Month 2025 and considering recent UK PLC identity incidents, this article explores how phishing and deepfakes are evolving into identity-driven, trust-based attacks that demand more than awareness training. They require visibility, culture, and coordinated response.
Phishing in 2025: The Everyday Attack That Never Left
Despite advances in technology, phishing remains the most frequently detected and reported threat type within e2e-assure’s SOC. Across sectors such as local government, manufacturing, retail, and critical national infrastructure (CNI), phishing accounts for a significant proportion of daily alerts and user-reported incidents.
These attacks range from traditional credential theft and invoice fraud to more advanced multi-stage campaigns that blend malicious attachments, fake login portals, and social manipulation. Many now exploit legitimate cloud services to bypass filters and appear trustworthy.
Attackers know that humans remain the most reliable entry point into a network. And with AI-assisted phishing kits generating realistic messages at scale, even well-trained users can be deceived.
The Deepfake Era: Where attackers even sound like you
The rise of AI-powered impersonation is redefining what trust means in digital communication. Deepfake audio and video tools are now being used to mimic supplier voices, senior executives, or even frontline staff to authorise payments, request credentials, or approve access.
The challenge for organisations is no longer spotting fake emails but recognising when the person you’re hearing or seeing might not be real.
Why Reporting Still Matters
Even as automation and AI-enhanced SOC workflows accelerate detection, the human reporting loop remains essential. When employees report suspicious activity, it provides context and behavioural data that automated systems cannot replicate.
Every user report adds a human signal to the technical picture – confirming intent, providing narrative detail, and enabling analysts to prioritise.
Identity and Insider Risk: Where Trust Meets Visibility
Phishing is no longer just about stealing credentials; it’s about exploiting identity. New starters, contractors, and individuals with elevated access are frequent targets because attackers understand how to mimic onboarding workflows or approval processes.
MFA and password managers remain vital defences, but they only protect known access points. The bigger challenge is managing insider risk – not just malicious insiders, but employees who are manipulated into making trusted mistakes.
This is where visibility and culture intersect. A SOC that monitors authentication logs, behavioural patterns, and anomalous identity use can detect early warning signs. Equally, a workforce trained to question unexpected requests, even from familiar sources, is a line of defence that technology cannot replace.
The Supply Chain Weakness: Humans as the First Domino
Recent UK breaches affecting major brands such as M&S, Jaguar Land Rover, and Co-op highlight how the human factor has become the first domino in wider supply chain compromise. Attackers no longer need to breach a well-protected enterprise directly. Instead, they infiltrate a smaller supplier with weaker defences and use that access to move laterally.
e2e-assure’s SOC continues to see this pattern play out. A compromised supplier account sends a convincing invoice or project update, the recipient clicks, credentials are harvested, and within hours the attacker has legitimate access to multiple linked systems.
Supply chain trust must now be built on verification and monitoring, not assumptions. Identity correlation, domain validation, and anomaly detection are the foundations of modern supplier assurance.
The e2e-assure Perspective: Context Is Everything
At e2e-assure, we believe resilience against phishing and AI-enabled impersonation starts with contextual awareness. Our SOC doesn’t treat phishing alerts as isolated events but correlates them across identity, device, and supplier telemetry.
By connecting what happens in inboxes with what happens in authentication logs, endpoint behaviour, and network traffic, our analysts can identify whether an attack is opportunistic or part of a coordinated campaign.
This integrated approach means that when a user reports a suspicious email, it doesn’t vanish into a ticket queue. It becomes part of a wider picture that informs identity protection, supply chain risk management, and overall operational resilience.
Protecting People at Machine Speed
Phishing and deepfakes may evolve, but one principle remains constant: people are both the target and the solution. In a threat landscape defined by automation and AI, human judgment, culture, and visibility are still what make the difference between compromise and containment.
e2e-assure’s SOC team helps organisations strengthen these defences by combining SOC visibility, identity correlation, and supply chain intelligence – protecting people, processes, and productivity in a machine-speed world.
