Marks & Spencer
When: April
What happened?
This wasn’t just a cyber-attack… it was an M&S cyber-attack that left management faces as bright pink as its Percy Pig gums.
The retail giant is still reeling from the effects of a “highly sophisticated and targeted” attack in April, which has been linked to notorious English-speaking hacker group Scattered Spider. The hackers reportedly tricked IT helpdesk workers to access company systems.
Although M&S has won praise elsewhere in this article for how it handled the fall-out, the incident will dent its profits by an estimated £300m, with online disruption expected to continue into July.
Who nominated it, and why?
Every single one of our 12 panellists had it in their top 5 (if you include the four that rolled it up into the wider Scattered Spider-related retail attacks), with the majority putting it top of the pile.
“The M&S attack is without doubt the most significant for me this year,” Computacenter’s Dr Colin Williams said.
“The company is held dear in the hearts of UK citizens which made the attack feel more personal than others. It also elevated the impact of social engineering, showcasing the effectiveness of identity manipulation tactics in the hands of skilled cyber attackers. The high financial impact and remediation cost estimates published by M&S and how challenging recovery has proved is a wake-up call for all organisations regardless of sector.”
“This one catches the eye for a few reasons, primarily the sheer scale of impact and apparent financial damage to the business,” Chorus MD Nicola Saner added.
Channel takeaway:
Chorus’ Saner said the nature of how the cyber-criminals accessed M&S’ systems could prompt other companies to tighten up their security.
“It’s been suggested there is a potential mix of third-party helpdesk, plus a lack of end-user verification when staff call the helpdesk,” she said.
“End user verification is understood but not widely deployed in our experience and we expect to see an uptake in this requirement going forward.”
Performanta CEO Guy Golan said the M&S attack offers an opportunity for cyber providers to discuss three things with their clients, namely security by design, change of CISOs’ reporting lines, and seeing security through a “bean counting mentality” rather than an investment.
