By DTP Group With expert insight from Guy Hawkridge, Head of IT & Security
The cybersecurity industry has never had more tools, technology, or talent. Yet the breaches keep coming. And not because attackers are getting smarter, but because the basics are still being ignored. Too often, companies are compromised by issues that should have been solved a decade ago: poor patching practices, unknown cloud assets, and missing multi-factor authentication (MFA).
As DTP Group’s Head of IT & Security, Guy Hawkridge, puts it: cyber attackers today “no longer need to break in, they simply log in.” With years of direct experience managing cybersecurity at DTP Group, Guy has led responses to modern threats in complex environments. His perspective? Most breaches are preventable, and the tools to stop them already exist, they’re just not being used effectively.
Still falling at the first hurdle
While ransomware used to be a niche concern, Guy has seen its commoditisation first-hand. “Ransomware-as-a-Service has made it accessible to almost anyone,” he explains, “and the methods to deliver it, weak credentials, unpatched software, haven’t changed much at all.” In fact, the most common techniques today rely on old vulnerabilities and simple missteps, not advanced hacking.
Social engineering is another growing concern. Instead of brute-forcing their way in, threat actors are picking up the phone, pretending to be IT support, and asking for credentials. It’s working because many companies still lack the user awareness and layered controls to stop it.
Cloud missteps are the new front door
As organisations accelerate cloud adoption, their security strategies often lag behind. One of the most frequent issues Guy encounters is exposed services, particularly misconfigured AWS S3 buckets holding sensitive data like payroll information and credentials.
“These aren’t always malicious setups,” he notes, “they’re just forgotten projects that nobody locked down properly.” The growing sprawl of cloud environments means companies are exposing assets they don’t even know exist.
His advice is straightforward: start with visibility. “If you don’t know what’s out there, you can’t protect it. Tools like Shodan and Driftnet can help you understand what’s internet-facing, but the first step is just knowing what you own.”
MFA and patching: The unsexy truth
If there’s one drum Guy beats consistently, it’s that basic cyber hygiene still isn’t being prioritised. The Sophos 2025 report reveals a troubling trend: 65% of breached organisations lacked MFA, a sharp rise from 22% in 2022.
“People underestimate how hard patching and MFA deployment can be across different systems,” he says. “It’s not glamorous, and it doesn’t get the attention that AI or zero-days do – but it’s the stuff that works.”
Real-world incidents back this up. In one breach, a single legacy demo account left without MFA was exploited to access cloud storage provider Snowflake, which in turn led to impacts on major organisations like Ticketmaster and Santander. The account was meant to be temporary, but no one ever shut it down.
AI hype: Solution or distraction?
While many vendors are pushing AI as the future of cybersecurity, Guy remains sceptical. “Of all the breaches I’ve seen or read about, none have involved AI. They’ve involved forgotten systems, weak credentials, and old software.”
He believes the biggest risk from AI isn’t that it’s being used by attackers, it’s that it’s distracting defenders. Companies are reallocating budget and attention to AI tools before fixing basic flaws in their environments.
“There’s a lot of noise around AI, but it’s pulling focus away from things that still aren’t working,” he warns. “If you’re not patching, not using MFA, and not monitoring your environment, AI isn’t going to save you.”
A simplified playbook for real resilience
Guy’s approach to cybersecurity is refreshingly simple and effective:
- Discover your assets – You can’t defend what you don’t know exists.
- Roll out MFA everywhere – Particularly on admin and cloud accounts.
- Patch regularly and realistically – Automate where possible and track what can’t be.
- Separate privileges – Admin work should be done through dedicated accounts, not day-to-day logins.
- Retire or isolate legacy systems – If it can’t be secured, it shouldn’t be connected.
What’s next? Unfortunately, more of the same
Despite the growing sophistication of tools, Guy doesn’t expect the threat landscape to change dramatically in the next few years. “We’re still seeing the same problems that we were five years ago,” he says. “Breaches caused by old software, missing patches, or lack of MFA.”
The sectors most at risk – finance, healthcare, and education – continue to struggle with outdated infrastructure and slow-moving change processes. Attackers know this, and they’re capitalising on it.
Security doesn’t need to be complicated
Asked what advice he’d give to executives today, Guy keeps it clear: “Don’t over-engineer your defences. Keep it simple. Focus on what actually works.”
Cybersecurity, he argues, has been made unnecessarily complex. The irony? The systems that get breached are often the most convoluted, while the solutions, patching, MFA, visibility, are relatively straightforward.
At DTP Group, we help organisations make sense of their cybersecurity environments, cut through the noise, and focus on the practices that deliver the most protection.
Because in today’s threat landscape, the biggest danger isn’t what’s new. It’s what you’ve forgotten to fix.
