Marks and Spencer successfully resumes their click-and-collect service
The Marks and Spencer (M&S) cyber attack in April 2025, attributed to the cybercriminal group Scattered Spider, has underscored the critical importance of a holistic approach to cybersecurity. The attack, which is estimated to cut M&S's profits by up to £300 million this year, exploited weaknesses in helpdesk procedures and resulted in the deployment of ransomware and data exfiltration.
Following the incident, experts have emphasized the need for organizations to strengthen their basic cyber hygiene measures, particularly regarding social engineering defenses, identity and access management, and third-party access oversight.
Key Recommendations for Organizations
In light of the M&S breach, the National Cyber Security Centre (NCSC) has issued guidance to tighten up security practices. Here are some key recommendations:
- Strict enforcement of Identity and Access Management (IAM): Ensure strong authentication methods, including mandatory multi-factor authentication (MFA) for all user accounts, particularly those with privileged access.
- Enhanced employee awareness and training: Focus on social engineering tactics like phishing and vishing, since human error was a major factor in the M&S breach.
- Robust monitoring and anomaly detection: Implement continuous monitoring tools to detect unusual activities promptly, such as unexpected credential changes or access patterns.
- Rigorous third-party risk management: Carefully vet and continuously oversee all third-party providers and their access controls, since attackers exploited a third-party IT provider in this case.
- Operational resilience planning: Develop clear incident response and recovery plans to minimize disruption if an attack occurs.
Preventable Breach Illustrates Compliance Gap
The M&S breach is considered preventable with adherence to these foundational cybersecurity practices, illustrating a compliance gap that many organizations need to address to avoid similar crises. Furthermore, this incident exemplifies how low-tech social engineering can bypass sophisticated technical defenses, reinforcing NCSC advice to prioritize human factors and controls over solely relying on technology.
Effective Cybersecurity Requires a Holistic Approach
The primary takeaway for organizations is that effective cybersecurity requires a holistic approach combining strong access controls, staff training, continuous monitoring, and strict third-party governance to reduce vulnerabilities exposed by the M&S cyber attack and recommended by the NCSC in their recent guidance.
Additional Measures for Senior Employees
Particular caution should be exercised for senior employees with escalated privileges, such as Domain Admin, Enterprise Admin, and Cloud Admin accounts. These accounts are prime targets for attackers, and extra measures should be taken to secure them, such as implementing stricter password policies, enabling MFA, and limiting access to only necessary services.
M&S Resumes Click-and-Collect Services
Following the incident, M&S halted online ordering for clothing, home deliveries, contactless payments, and click-and-collect systems in April. However, the company has now resumed click-and-collect services, allowing customers to collect their orders from stores.
References
[1] National Cyber Security Centre (NCSC). (2025). Guidance for organisations following the Marks and Spencer (M&S) cyber attack. Retrieved from NCSC website
[2] National Cyber Security Centre (NCSC). (2025). Social engineering: Protect your organisation from human-led attacks. Retrieved from NCSC website
Read also:
- Navigating the Path to Tech Product Success: Expert Insights from Delasport, a Trailblazer in the Tech Industry
- Enhanced Privacy Technologies in Data Transmission and Internet Infrastructure
- Trump commends the impressive narrative of the intelligence chief
- Commvault Acquires Satori Cyber to Enhance Data Security Capabilities
