Hello 👋 get a brew on because these are the top emerging risks between October 6th, and October 20th, 2025…

Review our report’s terminology here ↗

Our main risk this fortnight is…

1. Technological: Satellites Are Leaking the World’s Secrets

• Researchers from UC San Diego and University of Maryland used $800 of off-the-shelf equipment to intercept unencrypted satellite communications over three years, exposing roughly half of all geostationary satellite traffic as completely unprotected.

• During one nine-hour session, researchers captured 2,700+ T-Mobile phone numbers plus call and text content from remote cell towers, alongside unencrypted data from AT&T Mexico and Telmex cellular back-haul.

• U.S. and Mexican military communications were intercepted revealing troop locations, equipment positions, and operational details, while critical infrastructure data from Mexico’s Federal Electricity Commission exposed customer names, addresses, and maintenance work orders.

• Corporate traffic from Walmart Mexico (inventory system logins and internal emails), Santander Mexico ATM data, Banorte and Banjercito banking information, and in-flight Wi-Fi from 10 airlines was captured unencrypted.

• Each satellite transponder’s broadcast footprint covers up to 40% of Earth’s surface, meaning intercepted data is potentially visible across entire continents—and researchers only examined 15% of globally visible satellites from their San Diego location.

Sources

• Satellites Are Leaking the World’s Secrets | WIRED

• SATCOM Security Research Project | UC San Diego

• T-Mobile customer call and text data captured from satellite comms | 9to5Mac

• Researchers Warn of Global Satellite Security Crisis | HSToday

You should be concerned if…

• Remote operations dependencies: Businesses relying on satellite communications for cell towers in rural areas, offshore platforms, ships at sea, aircraft connectivity, or any remote operational link where terrestrial infrastructure is unavailable.

• Telecoms and utilities sectors: Organisations using satellite back-haul for network connectivity, especially those transmitting customer data, operational information, or control system commands over satellite links without verified end-to-end encryption.

• Defence and government contractors: Entities transmitting classified, sensitive, or operationally critical information over satellite links—particularly those assuming satellite communications provide inherent security through obscurity.

• Financial services and healthcare: Industries subject to strict data protection regulations (GDPR, HIPAA, PCI-DSS) using satellite connectivity in any part of their infrastructure chain face compliance violations if communications are unencrypted and interceptable.

These items are generic assumptions. We recommend considering your own unique risk landscape against your critical dependencies. If you don’t know what they are, get in touch.

Preventative actions

Audit satellite communications immediately

• Map every system, connection, and data stream touching satellite links across your infrastructure. Assume all satellite traffic is visible to adversaries unless you can cryptographically prove otherwise with verified end-to-end encryption.

Mandate encryption for all satellite traffic

• Implement end-to-end encryption as non-negotiable requirement for all satellite-based communications. If vendors cite cost, complexity, or bandwidth constraints as barriers, replace the vendor—this is not negotiable.

Segment networks treating satellites as hostile

• Treat satellite connections like public Wi-Fi networks requiring defence-in-depth. Never mix satellite links directly with core systems. Implement network segmentation isolating satellite traffic from critical infrastructure.

Deploy VPN layers over satellite links

• Add VPN encryption between data and satellite transmission even if underlying protocols claim encryption. Multiple encryption layers ensure interception yields worthless encrypted traffic rather than plaintext data.

Assume historical compromise and hunt threats

• If you’ve used unencrypted satellite communications, assume hostile intelligence agencies and cybercriminals have been listening. Conduct threat hunting for evidence of exploitation, unauthorised access, or anomalous activity patterns.

2. Economic: The Life Sciences Convergence Crisis

• Aon’s Global Risk Management Survey identifies top current risks for pharmaceutical, biotech, and medical device companies as: supply chain failure, regulatory changes, business interruption, cyber attack, product liability, increasing competition, geopolitical volatility, innovation failure, cash flow risk, and reputation damage.

• 91% of U.S. generic drug prescriptions rely on active pharmaceutical ingredients (APIs) with no domestic source—83 of the 100 most-used generic medicines depend entirely on imports from concentrated suppliers in China and India creating national security-level concentration risk.

• Regulatory divergence across FDA (U.S.), EMA (Europe), and Asian agencies complicates global launches while recent price controls in Germany and EU countries have forced companies to delay or withdraw product launches due to reduced profitability.

• Patent cliffs and innovation pressure: Patent expirations strip away exclusivity while newly launched therapies underperform (especially gene therapy and Alzheimer’s treatments), forcing companies to use predictive analytics to de-risk billion-dollar R&D investments earlier in development.

• Cyber attacks on manufacturers like the 2024 Cencora breach disrupted operations at 11 major pharmaceutical companies with ripple effects across entire supply chains, while EU’s NIS2 directive imposes strict cybersecurity mandates—yet 10% of sector companies still lack vulnerability management plans.

Sources

• Navigating Risk in Life Sciences: Building Resilience to Support Growth | Aon

• 2025 Supply Chain Challenges for the Life Sciences Industry | MedMarc

• Building a more resilient biopharma supply chain in 2025 | Pharma Manufacturing

• Four ways pharma companies can make their supply chains more resilient | McKinsey

You should be concerned if…

• Pharmaceutical and biotech operations: Companies manufacturing drugs, biologics, or medical devices dependent on specialised supply chains with single-source APIs, sterile fill-finish capacity, or critical components from geographically concentrated suppliers.

• R&D-intensive organisations: Firms with multi-billion dollar pipeline investments in late-stage development facing patent cliffs, where major project failures would create financial instability and loss of market leadership in critical therapeutic areas.

• Global regulatory complexity: Organisations navigating divergent approval processes across FDA, EMA, and Asian regulators while managing drug pricing reforms that directly impact revenue forecasts and investment decisions.

• Digital manufacturing operations: Life sciences companies with interconnected IT/OT systems where cyber attacks can halt production, spoil temperature-sensitive biologics, trigger compliance violations, and cascade across supply chain partners.

Preventative actions

Map supply chain with brutal honesty

• Identify every single-source dependency—API suppliers, sterile fill-finish facilities, critical components with no backup. Overlay geopolitical, climate, and regulatory risk maps. This requires continuous monitoring, not one-time assessment.

Diversify strategically despite cost

• Begin regulatory approval for alternative suppliers in different geographies now, even if the process takes years. Nearshoring and regionalisation are survival strategies, not optional cost optimisations.

Build strategic inventory buffers

• Abandon pure lean manufacturing for critical components. Model the trade-off between carrying costs and supply risk—strategic inventory redundancy is the price of resilience in an era of cascading disruptions.

Integrate risk into R&D decisions

• Use predictive analytics to assess and de-risk early-stage programs before late-stage investment. Align pipeline strategy with regulatory and reimbursement realities. Consider clinical trial failure insurance where economically viable.

Segment networks and harden cyber defences

• Operational technology and information technology must never share infrastructure. Implement zero-trust architecture. Ensure vulnerability management covers OT systems, not just IT assets—manufacturing floor is now attack surface.

Quick snippet stories

1. Japan’s Asahi brewery paralysed by ransomware
   Asahi Group Holdings suffered ransomware attack by Qilin gang in late September paralysing nearly 40% of Japan’s beer market. Order systems, shipping operations, and call centres went offline across 30 factories. Attackers stole 27GB of data including contracts, employee information, and financial documents. Analysts warn if outage extends into December, it could slash 80% of Q4 operating profit—demonstrating how ransomware targeting digital logistics can halt production even when manufacturing equipment remains functional.
   Source

2. Reddit co-founder declares internet “now dead”
   Reddit co-founder Alexis Ohanian argues “much of the internet is now dead” as bots and AI-generated content overtake genuine human interaction. He references “dead internet theory” pointing to “LinkedIn slop” as evidence of professional networks saturated with inauthentic posts. Ohanian claims next generation of social media must be “verifiably human” with proof-of-life mechanisms focused on smaller group chats rather than public feeds.
   Source

3. Windows legacy fax driver actively exploited
   Microsoft’s October Patch Tuesday revealed decades-old Agere Modem driver (ltmdm64.sys) included in Windows since 2006 was being actively exploited in the wild. CVE-2025-24990 (CVSS 7.8) was already seeing real-world privilege escalation attacks. Microsoft removed driver entirely rather than patching. Simultaneously disclosed critical pre-authentication RCE flaw in Windows Server Update Services (CVE-2025-59287, CVSS 9.8). Legacy driver ran in kernel mode with high privileges making it perfect attack vector.
   Source

4. Australia power outages hit Origin Energy
   Widespread power outages across multiple Australian regions disrupted residential and commercial operations. Utility provider Origin Energy faced scrutiny for infrastructure and contingency planning failures. Customers experienced prolonged blackouts while Origin’s stock faced volatility amid system reliability concerns. Businesses operating in Australia or depending on Australian suppliers should verify backup power capabilities and business continuity plans.
   Source

5. UK sick leave crisis threatens productivity
   MetLife UK survey found most large UK firms struggling with productivity losses tied to rising sick leave—both short and long-term. Employers cited burnout, mental health pressures, and post-pandemic health challenges as leading drivers of workplace absenteeism causing operational disruption. This represents core business risk requiring workforce resilience integration into business continuity planning, not just HR function.
   Source

Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗

Need support?

At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unreasonable Ventures to support this channel.

Book your 30min call here