October has been a month of important updates, with the latest NHS DSPT and ISO 27001 changes, as well as Microsoft’s end of support for Windows 10. We’ve been focused on helping organisations stay secure, compliant, and ahead of evolving requirements.
We’re also excited to be welcoming two new members to the Periculo team in the coming weeks — strengthening our ability to deliver even more value and expertise.
Let’s dive into this month’s newsletter.
The NHS DSPT has officially released the 11 mandatory audit assertions that will form part of the 2025/26 submission requirements. These updates set out the key areas organisations must evidence during their audit, including governance, access control, incident response, supplier assurance, and technical security.
At Periculo, we’re already incorporating these changes into our audit preparation and evidence-mapping services to help clients meet the new requirements ahead of the June 2026 deadline.
To understand what the 11 assertions mean in practice and how they’ll impact your next DSPT audit, read the full breakdown in our latest blog.
If your organisation is still certified under ISO 27001:2013, it’s time to act. The standard has been superseded by ISO 27001:2022, and all organisations must transition by October 2025 to remain compliant.
Our latest blog breaks down what’s changed, why the update matters, and how to make the transition smooth — from updated Annex A controls to a stronger focus on operational resilience and continuous improvement.
Read the full article to understand what these changes mean for your business.
We’re excited to share that we’ll soon be welcoming two new members to the Periculo team as we continue to grow and strengthen our capabilities.
Joining us in the coming weeks will be:
An Operations & Project Manager, who will help streamline our internal processes, improve project delivery, and ensure we continue to provide the fast, high-quality service our clients expect.
A Security Consultant, who will expand our technical expertise and play a key role in supporting clients with penetration testing, risk assessments, and compliance readiness.
As Periculo continues to grow, these additions will help us scale efficiently while maintaining the personal, detail-driven approach that sets us apart. We can’t wait to introduce them properly in next month’s newsletter.
The Jaguar Land Rover’s cyberattack this year has become one of the most expensive in UK history, with an estimated £1.9 billion impact on the wider economy. Production was halted for weeks, and more than 5,000 suppliers were affected as the disruption rippled through the automotive supply chain. The government’s £1.5 billion emergency loan guarantee helped stabilise key partners, but the incident highlights how one company’s breach can threaten thousands of others.
Supply-chain resilience and supplier assurance have never been more critical. Periculo helps organisations identify and manage risks across their vendor network—ensuring that every link in the chain is secure.
Microsoft has officially ended free security updates for Windows 10 as of 14 October 2025, marking a significant change for organisations still operating on legacy systems.
For businesses yet to complete their migration to Windows 11, this transition introduces increased security risk, especially where older hardware or software dependencies remain in use. From this point forward, only Extended Security Updates (ESU) will be available, and at an additional cost.
Unpatched or unsupported devices are now more vulnerable to exploitation, making migration planning, patch management, and endpoint monitoring more important than ever.
Over 80% of cyber incidents now involve the misuse of stolen or weak credentials.
According to recent NCSC findings, compromised passwords remain one of the easiest ways for attackers to gain unauthorised access to systems, often through phishing, credential stuffing, or brute-force attacks.
Use Passphrases, Not Passwords.
Swap complex, hard-to-remember passwords for simple but long passphrases, for example, a random sentence or phrase you can easily recall. Combine this with multi-factor authentication (MFA) to reduce the risk of credential-based breaches dramatically.
Credential Stuffing
A cyberattack in which criminals use stolen usernames and passwords from one breach to try to access accounts on other platforms, taking advantage of password reuse.