This Week’s Top 5 Cyber Stories: SailPoint, BT, CrowdStrike

SailPoint: Are Seasonal Hires Cybersecurity’s Weak Link?

As retailers enter the Golden Quarter, SailPoint CISO Rex Booth warns that seasonal hiring and soaring online demand are creating one of the year’s most precarious cybersecurity environments.

After a string of major attacks on brands including M&S, JLR and Balenciaga, identity has become retail’s most fragile control.

“Organisations will be onboarding huge volumes of seasonal staff at speed... many of whom will be given instantaneous access to critical systems without proper training,” Rex says.

This rapid onboarding fuels identity sprawl, with shared tills logins, generic accounts and poorly tracked access rights leaving blind spots that attackers can exploit. Dormant or over-privileged accounts often persist into the new year, offering easy entry points for threat actors.

Given the tight integration of retail systems, a single compromised identity can halt fulfilment, disrupt logistics and erode consumer trust. SailPoint emphasises behavioural analytics and policy-driven alerts as essential tools to detect anomalies early and prevent peak-season incidents from escalating into crises.

Boomi: Governing Rogue AI Agents in Hyper-Connected Business

Boomi’s Global Field CTO for API Management, Markus Müller, argues that hyper-connected businesses can only harness agentic AI safely if they first fix their data and API foundations.

Boomi positions itself as the integration “glue” that unifies fragmented systems, enabling organisations to build a single golden record of trusted data that powers both generative and agentic AI.

Markus stresses that “build-now-govern-later” is too risky. Instead, enterprises need an always-on view of AI activity, with a central hub that automatically discovers agents, monitors how they use APIs and applies governance from the moment they are created.

Least-privilege access, lifecycle controls and deterministic processes keep agents on predictable rails while still allowing autonomy.

As agent adoption drives an explosion in APIs, Boomi warns of “zombie APIs” left unmonitored and vulnerable. Integrated API management and data guardrails are essential to exposing rogue behaviour early, protecting sensitive systems and building the trust leaders need to scale AI innovation safely.

BT Launches Sovereign Platform to Safeguard UK Data

BT has unveiled a new sovereign platform designed to keep AI, cloud and data operations within UK jurisdiction, strengthening security and compliance for public and private sector customers.

Built on BT’s national infrastructure and supported by UK-based personnel, the platform allows organisations to host sensitive workloads and manage data entirely under domestic regulatory frameworks while maintaining performance and resilience.

“Sovereignty isn’t simply a matter of compliance or risk management – it’s key to unleashing the potential of AI and ensuring resilient operations in an increasingly uncertain world,” says Jon James, CEO of BT Business.

The platform extends BT’s cybersecurity and network trust architecture, offering enhanced data residency, access control and monitoring for highly regulated environments.

From mid-2026, BT Business will roll out sovereign options across its wider portfolio, enabling tailored levels of sovereignty for sectors such as defence, government and critical infrastructure.

Integrated with BT’s threat intelligence and managed security operations, the platform underpins the UK’s broader cyber and AI governance ambitions.

CrowdStrike: AI Threats' Impact on the Security Landscape

CrowdStrike’s Field CTO for Europe, Zeki Turedi, warns that today’s threat landscape is being reshaped by speed, deception and AI-driven precision, with identity now a primary battleground. He highlights SCATTERED SPIDER as a defining example of this shift.

The eCrime group combines voice phishing of help desks, accurate impersonation and rapid privilege escalation to compromise IT, security and C-suite accounts, often moving from access to ransomware in under 24 hours.

“Aggressive, identity-focused tradecraft” enabled the group to hit high-impact sectors such as aviation, insurance and retail, where downtime and data exposure create maximum leverage. Recent arrests have disrupted its operations and sent a clear signal that such actors “are not beyond reach”, yet Zeki stresses that defence must evolve just as quickly.

He urges organisations to enforce phishing-resistant MFA, harden help desk processes, invest in cross-domain analytics and logging, and rehearse incident response so they can detect identity abuse early and contain breaches before they escalate.

India's Sanchar Saathi: Security vs Privacy vs Integrity

India’s Department of Telecommunications has issued a directive that forces smartphone makers to pre-install the Sanchar Saathi app on all devices sold in the country, with system-level integration that prevents users from uninstalling it.

Framed as a measure to combat fraud and identity theft under the Telecommunications Act 2023, the app gives authorities greater visibility into device identifiers and endpoint activity, marking a shift from network-level security to direct device monitoring.

Civil liberties groups and opposition politicians argue the move crosses a red line. The Internet Freedom Foundation says it turns every handset into a vessel for state-mandated software, while MP K.C. Venugopal has branded it a “dystopian tool to monitor every Indian”.

The order also creates operational and legal headaches for manufacturers. Apple is reported to view the mandate as incompatible with its security model, and industry groups warn the 90-day compliance window is unrealistic, especially amid contradictory government messaging on whether the app will, in practice, be optional.