What lessons can be learnt from the UK retail cyberattacks?

It’s been a challenging few weeks for some of the UK’s top retailers, with cyber criminals setting their sights on three of the high street’s biggest names – Marks & Spencer, Harrods and Co-op Group.

In the case of Marks & Spencer, a successful attack reportedly left the company unable to process contactless payments or fulfil online orders, and facing stock shortages due to disruptions in its automated inventory systems. Financially, the attack is thought to have wiped around £700 million off its market value, with shares dropping 7% following the breach.

For Co-Op, a cyberattack had a significant impact on its operations – particularly in relation to supply chain disruptions and data security. There have been empty shelves, delivery delays and payment system issues; with parts of the company’s IT system needing to be shut down, impacting on back-office functions and call centres. It has also been reported that the hackers managed to steal personal data from around 20 million customers, including names, contact details, and membership card information.

As for Harrods, it appears the luxury retailer has come away relatively unscathed by an attempted attack on its systems, with some customers struggling to pay for purchases but its services being mostly being unaffected.

 

Government issues warning to businesses

What these attack have again demonstrated is the vital importance of having strong cyber defences in place – something the government has been quick to voice.

Speaking at the annual summit of the UK National Cyber Security Centre (NCSC), Pat McFadden, UK Minister for Intergovernmental Relations, issued a stark warning to businesses, urging companies to treat cybersecurity as an ‘absolute priority’.

The Minister made reference to the Cyber Resilience and Security Bill, which is one way the government is aiming to strengthen the country’s cyber defences and protect critical infrastructure from the rising cyber threat.

The bill is expected to come into force later in 2025, following its progression through Parliament, with key measures including:

• Stronger cybersecurity standards – Businesses will be required to implement multi-factor authentication, patch management, and employee training to reduce vulnerabilities.
• Ban on ransomware payments – Public sector organisations and critical infrastructure providers will be prohibited from paying ransomware demands, aiming to disrupt cybercriminal incentives.
• Mandatory incident reporting – Companies will need to report cyberattacks promptly, improving national response coordination.
• Expanded regulatory oversight – The bill will also increase the remit of cybersecurity regulations, ensuring more digital services and supply chains are protected.

 

What strategies are hackers using?

So, how did the hackers manage to pull off the recent attacks? And what other strategies are commonly being used by cyber gangs today?

Importantly, what can businesses do to best protect themselves against the growing threat?

 

Method 1: Social engineering and phishing 

AI is making it even easier for criminals to produce convincing phishing emails, which can be used to trick employees into revealing credentials and other sensitive information.

In the case of the M&S attack, hackers are thought to have gained control of employees’ phone numbers and used social engineering tactics to trick IT help desk staff. By pretending to be employees and using stolen personal details, they were able to convince IT staff they needed a password reset, and went on to gain access to high level systems.

 

Method 2: Targeting legacy systems and outdated software 

Many organisations still rely on outdated IT infrastructure, making them an easy target for hackers.  Whether it’s unsupported operating systems, or unpatched vulnerabilities, these gaps are something cybercriminals are only too happy to exploit.

This was true for DemandScience, a business-to-business data aggregator that suffered a massive data breach, leading to sensitive information linked to over 122 million individuals being exposed. The attack was traced back to a decommissioned system that had been left exposed for nearly two years. The system was declared retired, but remained accessible online, creating a hidden vulnerability.

 

Method 3: Targeting supply chains

Hackers may look for weaknesses within supply chains and third-party vendors, as a way to infiltrate and gain access to larger networks. You can find out more about this issue in our blog: Managing the supply chain cybersecurity risk

For example, hackers exploited a vulnerability in MOVEit Transfer  – a widely used file transfer software – to infiltrate multiple organisations. The attack impacted major corporations, government agencies, and financial institutions.

 

Method 4: Mobile and browser-based malware 

Hackers are targeting mobile device vulnerabilities too, including weaknesses in mobile apps and operating systems. One way they are doing so is with browser-based malware – malicious code that is embedded in websites, ads, and browser extensions that can bypass traditional email security filters.

 

Method 5: Cloud security breaches 

Poorly secured cloud environments can create major vulnerabilities for businesses, allowing hackers to steal sensitive data, disrupt operations, and deploy ransomware. Many cloud services also rely on application programming interfaces (APIs), which can be exploited if not properly secured.

Single-factor authentication or reused credentials can make it easier for attackers to gain unauthorised access, while some will try using long-term, stealth attacks to infiltrate cloud systems and remain undetected.

 

Protecting your business

There are a number of steps businesses can take to safeguard themselves against cyberattacks, reduce the risk of a success attack and lessen the potential damage and disruption one might cause.

• Employee training: Educate employees about the dangers of phishing emails and the importance of not clicking on suspicious links or attachments.
• Regular backups: Regularly back up critical data and store backups offline or in a secure cloud environment. This ensures that you can restore your data.
• Security software: Ensure you have reputable antivirus and anti-malware software in place to help detect and block cyber threats.
• Patch management: Keep all software and systems up to date with the latest security patches to prevent attackers from exploiting known vulnerabilities.
• Access controls: Implement strict access controls to limit the spread of ransomware within your network. Use multi-factor authentication (MFA) to secure sensitive accounts.
• Incident response plan: Develop and regularly update an incident response plan to quickly and effectively respond to ransomware attacks.
• Speak to an expert: Like our team at Dragon IS, who will always be across the latest threats and strategies and can help keep the risk of a successful attack to a minimum.

In need of expert support?

Here at Dragon IS, we work with small and medium sized businesses, helping them with a broad range of issues relating to their IT infrastructure and cybersecurity. For an informal chat about your IT needs, please email info@dragon-is.com or call us on 0330 363 005.

 

You may also be interested in:

• Do you know your cybersecurity weak spots?
• How to tackle employee password fatigue
• The impact of reputational damage following a cyber attack