Top Cybersecurity News Stories From September 2025

Cybersecurity news this September drove home a familiar truth: resilience matters more than ever.  

From high-profile supply chain disruptions to the evolving role of Zero Trust, the stories shaping the industry all point to the truth that prevention alone isn’t enough. Organizations need containment, clarity, and outcomes they can measure.

This month’s news features insights from top security experts on:

• Jaguar Land Rover’s continued recovery from an early September cyberattack
• The importance of breach containment in OT systems
• Zero Trust at 15-years-old — and why full adoption is essential
• How channel teams can truly differentiate themselves by helping customers realize value beyond the pricing sheet

JLR cyberattack exposes supply chain fragility

Jaguar Land Rover’s cyber woes continue.  

According to Beth Maundrill in this month’s Infosecurity Magazine article, JLR Extends Production Halt After Cyber-Attack, the luxury carmaker confirmed it will extend its production pause until at least September 24 following a cyberattack earlier this month.  

The disruption isn’t contained to the automaker itself. It’s rippling through the supply chain, putting smaller firms and their employees at risk. Reports indicate some suppliers have already begun layoffs, even as JLR employees remain secure in their roles.

For Illumio, the real story is the cascading effect on operational resilience. Maundrill interviewed Trevor Dearing, director of critical infrastructure at Illumio, about the breach.

“JLR is no doubt an anchor for local industry,” he said. “For suppliers, this prolonged downtime will mean that cashflows will dry up fast.”

It’s not just damaging for the supply chain. Dearing explained that it’ll also likely hurt JLR when they come back online. “Some of those businesses may not be there to restart and make recovery even slower and more painful,” he said.

Maundrill said the heart of the problem is the industry’s reliance on “just-in-time” logistics. This is where interconnected third-party systems keep assembly lines running without stockpiles of parts.  

The efficiency gains are undeniable, but as Dearing highlighted, this attack shows how tightly coupled ecosystems can magnify risk. Small suppliers that depend solely on JLR contracts are especially vulnerable when operations grind to a halt.

The incident also underscores why resilience must be baked into operational environments. Downtime in a hyper-connected supply chain can turn one company’s cyberattack into a regional economic crisis, as Dearing’s comments suggest.  

For other manufacturers, this should serve as a wake-up call. Today’s breaches are about sustaining operations when attackers target the systems that keep the physical world moving.

With attackers aiming squarely at operational resilience, the JLR case is a reminder that visibility, segmentation, and breach containment are essential to protect not just one company but the ecosystems that depend on it.

When chaos is the goal, containment is the answer

In response to recent attacks like the JLR breach, Illumio’s Trevor Dearing also wrote an article for TechRadar, When Chaos Is the Goal, Resilience Is the Answer. His key warning to security leaders was that traditional prevention isn’t enough to protect operational technology (OT).  

“From halting fuel pipelines to crippling hospital IT systems, cyberattackers are seeing continued success in targeting the infrastructure that underpins society,” he said. Their goal is simple: maximum disruption. And in critical sectors like energy, manufacturing, and healthcare, even brief outages can be devastating.

The problem, Dearing explained, is that OT systems were never designed for today’s threat landscape. Many rely on protocols like Modbus, PROFINET, and DNP3 which are still running unmodified from their legacy pre-digital days without encryption or authentication.

With flat networks, outdated firmware, and limited support for modern defenses, attackers don’t need sophisticated exploits — just a foothold. “Many of these OT systems aren’t just vulnerable,” Dearing said. “They’re predictably exploitable, and adversaries know it.”

Dearing argues the only way forward is to shift focus from prevention to containment. “Relying solely on prevention creates a false sense of security,” he said. The smarter strategy is to assume the perimeter will fail, and build in controls that limit the damage.

That means visibility first, then applying microsegmentation to stop lateral movement, grouping assets into zones, and governing access with Zero Trust principles. With these guardrails in place, a breach can’t spiral out of control.

AI-driven approaches are also starting to play a role.  

According to Dearing, AI security graphs can learn normal communication patterns in your network. This helps security teams automatically isolate out-of-the-ordinary communications before they can grow into full-blown attacks. Defenders can build true resilience, protecting critical functions without disrupting operations.

But resilience isn’t just technical. It requires cultural change, too.  

Dearing highlights a dangerous mindset in OT: “There’s a persistent ‘if it ain’t broke…’ attitude around OT systems, but in today’s threat landscape, that attitude is increasingly dangerous.”  

Instead of waiting for regulation or major incidents, organizations must act now. His advice is to start with the basics: visibility, segmentation, and access control. Identify what matters most and make it harder to reach.  

“Resilience, not perfection, is the new security benchmark,” Dearing said.

Zero Trust at 15: why full adoption still matters

In his Security Week article, Zero Trust Is 15 Years Old — Why Full Adoption Is Worth the Struggle, Kevin Townsend reflected on the journey of a security model that has reshaped the industry since John Kindervag’s seminal 2010 paper No More Chewy Centers.  

The concept remains simple but powerful: “Don’t trust, always verify.” As Kindervag said in the article, “Information security professionals must eliminate the soft chewy center by making security ubiquitous throughout the network, not just at the perimeter.”

Despite widespread recognition, Zero Trust implementation remains uneven.  

Townsend calls Zero Trust a “curate’s egg: good in parts.” Forrester’s model has been embraced by regulators — EO14028 for U.S. federal agencies and Europe’s NIS2 directive — but without uniform definitions or standards.  

That leaves organizations struggling to translate principle into practice. As Kindervag said, there is no product that can be installed to provide Zero Trust. Instead, Zero Trust has become a widely accepted best practice.

But the barriers are also real. Poorly implemented Zero Trust can increase risk by creating friction that users work around. Human behavior like trust, laziness, and curiosity can all be the weak link.  

Kindervag underscored this point with a memorable analogy:  

“I see some guy I’ve never seen before getting beer out of the fridge. I say, ‘Honey, do you know the guy?’ She says, ‘No.’ I reply, ‘Oh, well, I guess since he’s able to get beer out of our fridge, he must belong here.’ And that’s what we do every single day for attackers in our environment.”

Fifteen years in, Zero Trust is more relevant than ever, especially as AI-driven threats and deepfakes erode traditional trust signals. But adoption can be challenging.  

He reminded security leaders, “Cybersecurity is hard! We chose to be in this business. If you don’t have that right attitude, please go into a different business.”

Value realization: the channel’s true differentiator

In his article in Channel E2E, Why Value Realization Is the Channel’s Competitive Edge, Illumio’s Dave Yow, senior director of partner sales AMS, argues that in today’s market, partners aren’t judged by what they sell, but whether customers actually see results.  

He sees value realization being the key differentiator as budgets tighten, sales cycles drag, and consolidation changes how vendors and buyers operate. With CFOs scrutinizing every dollar, the partners who win are those who can prove business outcomes, deliver quick wins, and stay engaged long after the sale.

The pressures are clear: “Cybersecurity budgets are under the microscope,” Yow said. Sales cycles now stretch from six to 12 months, and consolidation is reshaping both the vendor and buyer landscape.  

While big players expand portfolios through acquisition, many organizations are looking to simplify by cutting redundant tools and consolidating spend. The danger, Yow noted, is that this often leads to shelfware and underwhelming outcomes.

That’s why “good enough” won’t cut it anymore. Yow said that failed deployments erode trust, fuel skepticism, and make CISOs wary of new investments. Partners, caught in the middle, are increasingly expected to drive outcomes even when the technology isn’t fully deployed.

Yow advises channel partners to shift focus from features and price points to outcomes and ROI.  

“Every engagement should begin with a shared understanding of success,” he said. That means asking early: “What business outcomes matter most to the customer?” and “How will the customer measure those outcomes?”  

From there, he recommends partners:

• Design proof-of-concepts that mirror real-world needs.
• Steer customers toward quick-to-deploy solutions.
• Stay engaged post-sale with regular check-ins, usage reviews, and ongoing support.

Ultimately, trusted advisors are the ones who have the hard conversations. “Helping customers realize value isn’t a bonus; it’s the foundation of every successful engagement,” Yow said.  

By prioritizing value realization, channel partners can build stronger relationships, shorten sales cycles, and deliver outcomes that prove their worth in an era of tightening budgets and accelerating change.

Learn how Illumio Insights can help your team see, understand, prioritize, and address today’s threats.