Cyber security in action: key questions and expert insights

19/02/26 Wavenet
cyber security Q&A

What keeps security leaders awake at night?

This Q&A answers the most common and most critical cyber security questions raised in our Cyber Security in Action webinar. It delivers clear, expert advice on preventing the attacks that cause the greatest disruption, helping organisations turn complexity into confident, informed action.

1. How can we attract highly skilled youngsters into ethical hacking rather than cyber crime?

Many of today’s leading ethical hackers developed their skills informally. The priority is early engagement before technical talent is drawn into criminal activity.

Key points:

  • Government bodies such as the National Cyber Security Centre (NCSC) and National Crime Agency (NCA) run programmes to retrain individuals into ethical cyber roles.
  • Some of the strongest cyber professionals have a background in hacking and malware research.
  • Early outreach, education, and ethical pathways are critical to redirect technical talent.

Takeaway: The key is to ensure that as an industry, we are creating apprenticeships, training programmes, and clear career pathways in cyber security to engage technically gifted young people before criminal behaviour becomes an option.

2. Should organisations adopt passwordless authentication?

Yes, where it is practical and supported by organisational infrastructure.

Key points:

  • Biometrics (fingerprint, facial recognition) and hardware keys significantly reduce password risk.
  • Passwordless approaches are more secure but can be complex to deploy across large organisations.
  • Password managers are a strong alternative where passwordless is not feasible.

Recommended practices:

  • Use biometrics and hardware tokens where supported.
  • Combine with multi-factor authentication (MFA).
  • Avoid password reuse across systems.

Takeaway: Passwordless authentication, supported by MFA and hardware-based security, significantly reduces credential risk and should be adopted where technically and operationally feasible.

3. What patch management software should we use?

There is no single solution that suits every organisation.

Key points:

  • Patch management should be aligned with your wider IT and infrastructure strategy.
  • Internet-facing systems should be prioritised and patched within 7–14 days for critical vulnerabilities.
  • Consult your IT or service provider to select a tool that integrates with your environment.

Takeaway: Effective patch management is driven by speed and consistency, not by tool selection, organisations must prioritise critical vulnerabilities and internet-facing systems.

4. Staff dislike awareness training. How can we make it more engaging?

Security awareness training works best when it is practical, short, and relevant to everyday work.

Key points:

  • Keep sessions brief and focused on the most relevant threats (phishing, passwords, suspicious activity).
  • Run in-person or live sessions where possible for higher engagement.
  • Use phishing simulations to create interactive learning.
  • Gamify learning (scores, prizes, competitions).
  • Reinforce cyber security as a shared responsibility and cultural value.

Takeaway: Security awareness must be relevant, interactive, and embedded into organisational culture to drive lasting behavioural change.

5. How does offline backup work with cloud storage?

Modern cloud backup solutions can provide protection similar to traditional offline backups.

Key points:

  • Use immutable backups that cannot be altered or deleted by attackers.
  • Ensure backups are logically separated from your production network.
  • Regularly test recovery from backups.
  • Make sure that you maintain at least one backup copy that cannot be modified by ransomware or malicious actors.

Takeaway: Resilient backup strategies require immutable, segregated backups that are regularly tested to ensure reliable recovery from ransomware and cyber incidents.

6. Has the balance shifted in favour of defenders or attackers? What should leadership change?

Artificial intelligence (AI) is now used by both attackers and defenders reshaping the cyber security landscape.

Key points:

  • Attackers use generative AI to produce more convincing phishing emails and fraudulent websites.
  • Defenders use AI to enhance threat detection and improve response times at scale.
  • While defenders currently retain an advantage, cyber security remains a constant arms race.
  • Organisations must introduce clear governance around AI use to prevent sensitive data being shared with public tools.
  • Stronger data classification and access controls are required to reduce exposure.

Continued investment in detection, monitoring, and incident response readiness is essential.

Takeaway: Cyber security has become a leadership and governance issue, requiring clear oversight of AI use, data protection, and incident readiness at board level.

For more information on how you can utilise AI going forward click here.

7. What is a trusted long password storage solution?

Password managers provide the most secure and practical approach to storing and managing credentials.

Key points:

  • Enterprise-grade password managers such as Bitwarden, Keeper, and 1Password encrypt and securely store credentials.
  • Access to password managers should be protected using multi-factor authentication or hardware security keys.
  • Credentials should never be stored in spreadsheets or unsecured documents.
  • Each system should use a long, complex, and unique password.

Takeaway: Enterprise password managers protected by MFA offer the safest and most effective way to manage credentials at scale while also reducing the risk of compromise through password reuse.

8. Do you recommend using a VPN? Should home workers route traffic via the office firewall?

VPNs play an important role in securing remote access, but their value depends on how they are used within an organisation’s security architecture.

Key points:

  • Privacy-focused VPNs used to obscure location are not essential for most business users and are typically a personal choice rather than a corporate security requirement.
  • Corporate VPNs that route traffic through organisational security controls are strongly recommended.

Routing traffic through corporate security systems enables greater visibility, policy enforcement, and threat monitoring.

Secure Access Service Edge (SASE) solutions such as Cato Networks and CISCO provide modern alternatives to traditional VPN architectures.

Takeaway: Remote users should access the internet through corporate security controls to maintain visibility, enforce security policy, and reduce exposure to unmanaged home networks.

9. Are Western hacking groups new or simply just more visible?

Western-based cyber crime groups are becoming more visible rather than representing an entirely new threat.

Key points:

  • Historically, most major attacks originated from Russia and China.
  • Financially motivated attacks have driven increased cyber criminal activity in Western countries.
  • Cyber crime continues to expand wherever financial opportunity exists.

Takeaway: Cyber crime is increasingly financially driven and geographically diverse, reinforcing the need for organisations to focus on defence rather than attribution.

10. What attack vector are we not talking about enough?

For most UK organisations, the most significant cyber threats remain ransomware and phishing attacks, which continue to exploit basic security weaknesses, so these are the threats that need the most focus.

Key points:

  • Ransomware and phishing are among the most disruptive and costly cyber attacks facing organisations today.
  • These attacks are most commonly enabled by weak or reused passwords, phishing emails, and unpatched vulnerabilities.
  • The majority of successful attacks rely on exploiting these three entry points rather than sophisticated technical flaws.

Takeaway: By strengthening password controls, improving phishing defences, and maintaining patching discipline, organisations can prevent the vast majority of cyber attacks and significantly reduce overall cyber risk.

For more information on cyber risks affecting businesses in 2026 check out this resource.

Need some help?

We can support you at every stage of your cyber security journey, combining expert consultancy, managed security services, and proven technologies to help reduce risk, improve resilience, and respond effectively to evolving threats. By working with together, we can help you move from reactive defence to proactive protection.

Cyber Security, Blogs

Latest blogs

See all posts
checkout till
3 ways retailers can reduce downtime with retail connectivity

Downtime is more than a technical inconvenience in retail. When systems go offline, sales stop, queues build, staff become frustrated, and customers lose confidence in the brand. From card payments failing at the till to stock systems not updating in real time, even short periods of disruption can have an outsized impact on revenue and customer experience.

Read more
ransomware
Top ransomware protection tips for everyone

Secure your personal data We are all personally, ransomware targets, so we're taking the time to offer some top tips, that each and every one of us can follow to protect our personal data from a ransomware attack. Imagine turning on your computer to find a startling message: all your files - family photos, tax documents, everything - are locked. You cannot open a single one. To get them back, a stranger on the internet is demanding hundreds of pounds. This isn’t a scene from a movie; it’s a real and increasingly common threat called ransomware.

Read more
sd-wan
SD-WAN benefits for education: enhance school, college and university networks

Online learning platforms, cloud-based applications, virtual classrooms, and bandwidth-heavy multimedia resources have become essential to modern education. As these demands grow, many institutions are turning to SD‑WAN (Software-Defined Wide Area Networking) to support their digital transformation.

Read more
it in education
Best IT support for schools: enhance education

The right IT support services help schools and colleges operate smoothly, prevent downtime, and enhance the overall learning experience. This guide breaks down the most effective IT solutions for educational institutions and explains how to choose the right IT partner. Why IT support is essential in modern education Schools and colleges depend on technologies such as cloud platforms, WiFi networks, learning management systems (LMS), and safeguarding tools. Without strong IT support, everyday learning can easily be disrupted. High‑quality IT support ensures: Consistent uptime for learning platforms Secure protection for student and staff data Smooth operation of classroom hardware Reliable connectivity across campus A strategic roadmap for future IT improvements Top IT support services for schools and colleges 1. Managed IT support Managed IT support gives schools access to a fully equipped technical team without needing an in‑house department. Typical features include: 24/7 help desk Device and server management Cyber security monitoring Backup and disaster recovery Software updates and patch management This approach reduces costs, increases system reliability, and frees educators to focus on learning—not technical issues. 2. Student technology support Students rely on devices and online platforms every day. Student tech support ensures they can access lessons without interruption. Common services include: Device troubleshooting (laptops, tablets, Chromebooks) Login and password resets Connectivity support Assistance with online learning platforms Safety filtering guidance This support is especially vital in hybrid or remote learning environments. 3. Classroom technology solutions Modern classrooms need fully supported and integrated digital tools. Classroom IT solutions typically include: Interactive whiteboards Projectors and AV systems Classroom management software WiFi optimisation Digital collaboration tools These technologies make lessons more engaging and interactive. 4. Microsoft education support Microsoft remains one of the most widely used platforms in schools. Supporting these tools effectively helps ensure seamless digital learning. Key areas include: Office 365 management Teams for Education Intune device management Azure cloud services Identity and access management 5. Microsoft education training Empower your teaching and facilitate innovative learning for your students with Microsoft education training. Key areas include: Microsoft 365 Education Tools Training Microsoft's Showcase School Programme How to choose the right IT support provider When evaluating IT support services, schools should consider: Budget and funding constraints Current IT infrastructure Scalability needs Security and compliance requirements Provider’s education-sector experience Availability of both remote and on‑site support Choosing a specialist with education experience ensures better safeguarding compliance, user-friendly solutions, and long‑term value. The benefits of outsourcing IT support Practical and operational benefits More schools now outsource IT due to benefits in security, performance, management and cost: Lower long‑term costs Access to specialist expertise Faster response and issue resolution Stronger cyber protection A strategic, future-proof technology plan Learning benefits Technology is enabling and facilitating better learning experiences and outcomes, empowering teachers, increasing pupil engagement and enriching the classroom experience: Personalised learning paths Instant access to learning resources Better collaboration among students Support for SEND and diverse learning needs Preparation for a digital workforce Schools that invest wisely in IT create stronger educational outcomes. The growing demand for IT skills in education As digital transformation accelerates, technology is playing a key role in enhancing learning and schools increasingly require IT professionals skilled in: Networking Cyber security Cloud infrastructure EdTech implementation Support and troubleshooting Online IT certification programmes are helping build the next generation of education‑sector IT specialists. Wavenet: A trusted IT partner for UK schools and the public sector For educational institutions seeking a reliable and experienced IT services provider, We are one of the UK’s leading education technology specialists. With over 30 years of experience delivering designed‑for‑schools solutions, we supports more than 4,000 education establishments nationwide across cloud platforms, cyber security, communications, safeguarding, and network services. We provide ICT services, broadband, WiFi, audio‑visual systems, remote support, and fully managed IT services - all delivered by DBS‑checked staff and supported with clear, transparent SLAs. By partnering with us, schools gain access to expert guidance, best‑practice ICT strategy, robust cybersecurity, and a long‑term technology roadmap - helping them create a connected, secure, and future‑ready educational environment.

Read more
managed security services provider
What is a Managed Security Services Provider (MSSP)?

Managed Security Service Providers (MSSPs) offer outsourced monitoring, management, and protection of an organisation’s security infrastructure. Their services typically include managed threat detection, continuous security monitoring, incident response, and vulnerability management. By partnering with an MSSP, businesses can leverage specialist expertise and advanced technologies to safeguard their digital assets more effectively.

Read more
UK digital infrastructure connectivity
Higher ROI for firms investing in infrastructure

Digital infrastructure is now a national and commercial priority For UK C-suite leaders, the growth conversation has fundamentally shifted. The latest UK infrastructure analysis1. shows that 2026 marks a major shift from policy vision to project delivery, unlocking billions in digital infrastructure, fibre connectivity, grid upgrades, and modernisation programmes. This shift positions digital infrastructure as a core driver of competitiveness, innovation, and long-term business ROI.

Read more