UK Retailers M&S and Co-op Prepare for Potential Cyber Assaults

UK Retailers M&S and Co-op Prepare for Potential Cyber Assaults

Cybersecurity Crisis Hits UK Retail Giants: Marks and Spencer and Co-op

It's been a turbulent week for two of the UK's biggest retail brands, Marks and Spencer (M&S) and Co-op, as they found themselves smack-dab in the middle of a raging cybersecurity storm. From suspended online orders at M&S to Co-op locking down its systems, it's becoming alarmingly clear that cyber threats no longer just pose an IT problem - they're a full-blown business continuity crisis.

According to cyber expert Jon Abbott, CEO of ThreatAware, cyber resilience is the foundation for business resilience, and in a sector built on trust and reputation, the cost of downtime is a double whammy: it's not just about lost revenue, it's about long-term brand damage.

Co-op, with over 7,000 locations, took a proactive stance in shutting down parts of its IT systems after detecting a potential breach. Internal emails, however, hint at growing concern. Staff were told to keep cameras on during calls, avoid transcribing meetings, and report suspicious messages. These measures may suggest that hackers could already be inside.

This follows M&S's ransomware attack, believed to be orchestrated by 'Scattered Spider', a subset of the notorious Lapsus$ hacking crew infamous for high-profile breaches at Transport for London (TfL) and MGM resorts. The Metropolitan Police and National Cyber Security are currently conducting an investigation.

Brushing Up Against a Broader Risk

While these incidents may appear isolated, cybersecurity experts are worried they are symptoms of a broader, escalating risk landscape. Security firm Delinea's Spencer Young warned that the disruption caused by the M&S attack, and now Co-op, is significant. He emphasized that attackers are reminding us that IT infrastructure remains vulnerable, especially if businesses fail to assess cyber risks and monitor access. Despite identity and credentials security growing in significance, there are still considerable vulnerabilities that organizations need to address, especially in remote environments.

A report from Sonicwall found that over 600 new malware variants are created daily, with ransomware attacks costing companies an average of $4.91 million - well beyond the ransom itself.

"Ransomware holds operations hostage," says Spencer Starkey, Sonicwall's senior manager. "For retailers who serve consumers daily, even minor downtime poses a major threat."

The Exposed Frontier of Retail

Retailers occupy a unique position: sprawling customer data, complex supply chains, and often underfunded cyber teams. This relatively open landscape makes them prime targets for criminal gangs. Hackers are aware that disrupting just one point in a supply chain gives them maximum leverage, and the reputational and regulatory pressure may make companies more likely to pay up.

Jason Gerrard of Commvault pointed to disquieting industry stats, with most firms taking over three weeks to recover from a cyber attack, and some taking over 200 days. This delay frequently occurs because companies only define what needs restoring once a crisis has already struck.

Humanizing the Response

Beyond technical failures, there is growing consensus that a culture of empathy is just as crucial as code. "Empathy can be as powerful as a firewall," says Vivek Dodd, CEO of compliance training firm Skillcast. “How you communicate in crisis — owning the issue and prioritizing people — can determine whether you lose customers or earn their loyalty.”

Retailers are being urged to treat cyber defense as a business-wide priority. This includes investing in identity security, scenario planning, and cyber drills, not just infrastructure. As hackers leverage AI to automate malware and phishing, large retailers' complex systems have more points of vulnerability than ever before.

The Road to Resilience

Despite the crises faced by Co-op and M&S, there's a silver lining: both companies acted swiftly, showing signs of mature incident response planning. Scott Dawson, CEO of DECTA payments, emphasized the need to shift from reactive patching to proactive resilience engineering, "We need to bake security into every layer of the IT stack - not bolt it on after the fact."

As M&S and Co-op continue to recover, retailers across the country are reassessing their readiness. The hope is that this moment will lead to increased investment in smart infrastructure and a cultural shift towards cyber readiness.

"Cybersecurity is no longer just the tech team's concern," Jon Abbott reiterated. "It's board-level. It's brand-level. And it's survival-level."

To enhance resilience and counter future cyber attacks, retailers can enlist specific cybersecurity measures:

1. ** Zero Trust Model**Implementing a Zero-Trust model that assumes no entity is trusted by default, incorporating micro-segmentation and continuous user context checks to minimize unauthorized access risks.
2. ** Employee Education**Frequently educating staff on recognizing phishing attempts and following best practices for data security helps reduce the likelihood of human error leading to breaches.
3. ** Regular Updates and Patching**Regular system updates and patching, particularly replacing end-of-life hardware, help close vulnerabilities that cybercriminals might exploit.
4. ** Advanced Technologies**Utilizing advanced technologies such as AI and ML to enhance threat detection and reduce response times can provide a more resilient defense against sophisticated cyberattacks.
5. ** Vendor Risk Management**Implementing robust Vendor Risk Management (VRM) practices, encompassing the use of security questionnaires, obligations for vendors to notify breach notifications, and regular updates to internal cybersecurity policies, helps minimize third-party-related security risks.
6. ** Multi-Factor Authentication**Enforcing Multi-Factor Authentication (MFA) adds an extra layer of security for accessing systems and data.
7. ** Data Backup Strategy**Implementing a data backup strategy ensures business continuity in case of data loss or system compromise.
8. ** Security Policies**Establishing comprehensive security policies that are regularly reviewed and updated ensures alignment with evolving threats and best practices.
9. ** Industry Collaboration**Collaborating with other retailers and cybersecurity experts to share threat intelligence and best practices offers early warnings and collective mitigation strategies for emerging threats.
10. ** Continuous Monitoring**Implementing continuous monitoring systems to detect and respond quickly to potential threats helps ensure a swift reaction to cyber threats.
11. In the face of escalating cybersecurity risks, retail businesses such as Marks and Spencer and Co-op are investing in advanced technologies like AI and Multi-Factor Authentication (MFA) to strengthen their defense against sophisticated attacks.
12. As businesses like M&S and Co-op seek to enhance their resilience, they are implementing a Zero Trust Model that assumes no entity is trusted by default, incorporating micro-segmentation and continuous user context checks to minimize unauthorized access risks.
13. Recognizing the importance of human error in cybersecurity, retailers are emphasizing employee education on recognizing phishing attempts and following data security best practices as part of their broader strategy to counter future cyber attacks.

Read also: