Visibility, Awareness and Control
Cybersecurity risks are not always caused by sophisticated attacks or major system failures. In many cases, risk builds quietly through everyday habits, overlooked tools, and limited visibility into where data is stored or how users interact with systems.
As organisations continue to adopt AI tools, browser-based workflows, and increasingly distributed environments, maintaining control over users, devices, and data is becoming more challenging.
This month’s bulletin explores three areas where stronger awareness, governance, and visibility can help reduce risk and improve resilience.
Why Security Awareness Training Still Fails
Most organisations now provide some form of cybersecurity awareness training, yet phishing attacks, credential theft, and accidental data exposure continue to succeed. The challenge is often not whether training exists, but whether it changes behaviour in day-to-day situations.
Why It’s a Risk:
Generic content may not reflect real-world threats employees face
Users may recognise risks in theory but still respond poorly under pressure
What You Can Do:
Deliver regular, scenario-based training using realistic examples
Reinforce awareness through phishing simulations and short refresher sessions
Focus on practical behaviours rather than compliance-driven completion rates
The Growing Risk of Unmanaged Browser Extensions
Browser extensions have become common across modern workplaces, helping users improve productivity and automate tasks. However, unmanaged extensions can introduce serious security and data privacy risks, especially when users install tools without oversight.
Why It’s a Risk:
Malicious or compromised extensions may capture credentials or sensitive data
Extensions often request excessive permissions without user awareness
IT teams may have little visibility into what is installed across endpoints
What You Can Do:
Restrict extension installation to approved or trusted sources
Review and audit installed extensions across managed devices
Educate users on the risks of browser-based tools and permissions
Do You Know Where Your Critical Data Actually Lives?
As businesses expand across cloud platforms, collaboration tools, and hybrid environments, critical data can quickly become fragmented across multiple locations. Without visibility and governance, organisations may struggle to protect sensitive information effectively.
Why It’s a Risk:
Sensitive data may be duplicated across unmanaged or unknown locations
Users may store files outside approved platforms for convenience
Lack of visibility increases compliance and security risks
What You Can Do:
Conduct regular data discovery and classification exercises
Define approved storage locations and governance policies
Use DLP and monitoring tools to identify and reduce data exposure
Continuing the Conversation: Riding the AI Tsunami
As AI adoption accelerates across industries, organisations are facing new questions around security, governance, and data handling. Following BIM Summit 2026, Symetri and Cortida will continue the discussion in a dedicated online roundtable focused on the cybersecurity implications of AI.
The session will explore:
- Emerging AI regulations and compliance considerations
- Data handling and security risks linked to AI adoption
- The practical implications for businesses adopting AI technologies
The roundtable will be moderated by Michael Pettersson, Chief Information Security Officer at Symetri, with Richard Huggins, Head of IT Solutions, and Alex Dewar from Cortida joining the discussion.
Vulnerabilities & Further End-of-Life Notifications
Staying aware of newly disclosed vulnerabilities and active threats is essential for reducing exposure and prioritising remediation.
Active Vulnerabilities & Security Advisories
- Microsoft Warns of Actively Exploited SharePoint Server Zero-Day
A critical SharePoint vulnerability is being actively exploited, allowing attackers to gain unauthorised access to on-premise environments. Immediate patching and monitoring are strongly recommended. - Windows Active Directory Flaw Opens Door to Malicious Code Execution
A newly disclosed flaw in Active Directory could enable attackers to execute malicious code, increasing the risk of privilege escalation within enterprise environments. - CISA Alerts on Exploited Microsoft Exchange and Windows CLFS Security Flaws
Multiple Microsoft vulnerabilities are being actively exploited, reinforcing the importance of timely patching and vulnerability management across critical systems. - Critical Chrome Flaws Allow Arbitrary Code Execution – Patch Immediately
Critical vulnerabilities in Google Chrome could allow attackers to execute arbitrary code on affected systems. Users should update browsers immediately. - NCSC Warns of Messaging App Targeting
The National Cyber Security Centre has issued a warning about malicious activity targeting messaging platforms, highlighting the need for vigilance around communication tools and user behaviour.
BIM Summit 2026 On Demand
Catch up on selected BIM Summit sessions and reconnect with partners including Cortida, HP, and Eagle Point to continue the conversation around AI, data, and digital transformation.
Bluebeam Max: The Superpower Taking Revu Into the AI Era
The construction industry is entering a new era, and Bluebeam is once again leading the way. In 2026, Bluebeam Max will launch as a new premium subscription that combines the power of Revu with advanced AI technology. This blog highlights just some of features you will expect to see within Bluebeam Max.
What’s New in Inventor 2027: A Guide to the Latest Features
Consultant Jason Kelly explores the new 2027 features in Autodesk Inventor Professional. Including updates to the content center and Autodesk Assistant
What’s New in Vault 2027: A Guide to the Latest Features
Vault 2027 release includes improved property handling, stronger PLM connectivity, and the introduction of the AI‑powered assistant.
+44345 370 1500 · info@symetri.co.uk