THE LATEST OPINIONS
FROM OUR EXPERTS

Infostealers malware designed to harvest credentials, session tokens, and browser data have surged into prominence as one of the most prolific threat vectors confronting UK businesses in 2025. These tools, easily rented via malware-as-a-service platforms, give even low-skill adversaries direct access to high-value data and pave the way for larger intrusions.Tony Gee, Principal Cyber Security Consultant at 3BDS, warns that this trend isn’t just another uptick in commoditised malware. It represents a fundamental shift in attack economics. Gee emphasises that stolen credentials and session data are now the primary fuel for lateral movement and breach escalation, often preceding ransomware and supply chain compromises. Rather than viewing Infostealers as a background nuisance, he argues organisations must treat them as a core strategic threat that demands robust identity protection, advanced detection, and proactive credential hygiene across the enterprise.For leaders, Gee’s message is unambiguous: strengthening identity-centric defences and behavioural analytics isn’t optional. It’s essential to thwart the silent but accelerating infostealer economy.

At a time when cyber-attacks are escalating but security budgets are tightening, organisations are increasingly relying on what The Stack calls the “$0 CISO” - security leaders forced to deliver meaningful risk reduction with minimal financial resources. This article by Kate O' Flaherty explores how CISOs can still drive real progress by focusing on processes, culture, and the smart use of open-source tooling rather than expensive platforms.Benn Morris, CEO of 3B Data Security, a sister company of UBDS Digital, offers practical and grounded guidance throughout the piece. He stresses that when budgets are constrained, CISOs must first implement achievable security processes aligned to the organisation’s maturity - rather than deploying heavy controls that staff will ignore or work around. He highlights the importance of building a strong security culture, noting that awareness, curiosity, and a “positive learning philosophy” often deliver more impact than tooling alone.Morris also outlines how open-source technology can fill critical gaps for cash-strapped teams. From transforming old hardware into firewalls to using free SIEMs, intrusion detection systems, and digital forensics tools, he explains how security leaders can create meaningful visibility and control without licence fees — while warning that such tools still require time, expertise, and ownership to manage effectively.As cyber-threats continue to outpace corporate budgets, the article makes clear that resilience increasingly depends on creativity, collaboration, and clarity of purpose. For CISOs operating with little or no budget, the path forward lies in sweating existing assets, strengthening culture, and focusing on the practical steps that reduce risk where it matters most.

As digital infrastructure becomes the backbone of modern economies, cybersecurity has evolved from a technical safeguard into a strategic enabler of resilience, trade, and national security. In this techUK article, Nour Louhichi, Senior Consultant at UBDS Digital, explores how proactive governance, shared accountability, and stronger supplier assurance are essential to securing the UK’s critical national infrastructure.Louhichi also highlights how UBDS Digital and 3B Data Security are helping organisations turn cyber risk into resilience - with NCSC-assured capabilities spanning Cyber Incident Exercising, Response, and PCI Forensics.

In an era where law firms are prime targets for cybercriminals, Benn Morris, CEO of 3B Data Security, underscores a simple truth: resellers must evolve from vendors to trusted security partners. Legal practices don’t just manage documents. They safeguard highly sensitive client data and regulatory obligations. According to Benn, effective cybersecurity starts with understanding a firm’s unique risk profile and regulatory pressures, rather than pitching generic products off the shelf.He challenges resellers to go beyond licences, advocating long-term support through tailored threat assessments, ongoing security posture reviews, and practical guidance that keeps teams resilient without adding operational friction. For Morris, the most valued partners are those who help embed security into daily workflows, making protection a seamless part of business, not an afterthought.

Law firms face an increasingly complex threat landscape handling vast amounts of sensitive client data while remaining under-resourced for cyber defence. In this article from News in the Channel, Benn Morris, CEO of 3B Data Security, sister company of UBDS Digital, stresses that resellers must act as trusted partners, not mere suppliers, when helping legal firms build effective defences. He explains that:“Resellers need to take the time to understand each firm’s risk profile, the sensitivity of the data they handle, how their teams operate, and the regulations they need to meet.”Morris emphasises that security for law firms cannot be one-size-fits-all. He highlights how small regional practices have vastly different needs from large corporate firms - and how the most valuable resellers offer long-term support, regular reviews, training and threat-update guidance to integrate security into daily operations.With legal firms often under attack for client data exposure, operational disruption and compliance failure, this article positions reseller partnerships as a critical line of defence - and as a strategic enabler of resilience and trust.

When ransomware or IT outages strike, the systems we rely on most often fail - forcing organisations back into pen-and-paper operations. In this insightful piece written by Tamsin McGee for Raconteur, with contribution from Tracey Hannan-Jones, Consulting Director – Information Security at UBDS Digital, where she highlights why analogue readiness isn’t optional. She explains:“Picture losing your customer-relationship management platform for a week… What are your sales and customer-success teams doing meanwhile?”Tracey Hannan-Jones argues that companies need to formally identify their core, critical business functions and ensure manual substitutes are enabled. She emphasises that being ready to switch to offline processes - whether in retail, utilities or public services - requires planning and practice in advance. Without this, even the best digital systems can become liabilities when they go offline.She also underscores the importance of human-centric continuity: when tech fails, the culture, processes and people become the business’s lifeline. By preparing analogue workflows, organisations not only protect operations—they preserve trust and enable recovery under pressure.

This IT Pro article looks at how attackers are increasingly able to bypass multi-factor authentication (MFA) using techniques such as phishing proxies and MFA fatigue attacks. It highlights why MFA, while still essential, can no longer be relied on as a standalone security control.Fred Tromp is a security specialist focused on identity-based threats and modern attack techniques, with experience helping organisations understand how authentication controls are being targeted and exploited.Fred argues that MFA on its own is no longer enough to stop determined attackers. He stresses the importance of phishing-resistant authentication methods, stronger detection capabilities and improved user awareness to counter evolving tactics that exploit both technology and human behaviour.Read more about Fred Tromp’s opinion and practical recommendations in the full article.

When Microlise was hit by a cyberattack, the impact didn’t stop at one organisation. This Assured article breaks down how the incident triggered knock-on disruption across the supply chain, exposing just how vulnerable interconnected businesses are when third-party security fails.Benn Morris, CEO of 3B Data Security, works closely with organisations to uncover and reduce cyber risk across suppliers, partners and extended digital ecosystems. Benn warns that the Microlise incident is a clear warning: strong internal security means little if suppliers aren’t held to the same standard. He emphasises the need for active third-party risk management, continuous oversight and clear accountability to prevent attackers from exploiting weak links.Read more about Benn Morris’s perspective in the full article.