Unraveling the Cyber Threat: A Chaotic Week for Marks and Spencer and Co-op
UK retailers Marks & Spencer and Co-op prepare for potential digital assaults
In the heart of the UK's bustling retail scene, renowned brands Marks and Spencer and Co-op have been shaken by a relentless onslaught of cyber attacks. This tumultuous week has turned the spotlight on cybersecurity as a business continuity issue, rather than an isolated IT concern.
"Cyber resilience is the bedrock of business resilience," asserts Jon Abbott, the charismatic CEO of ThreatAware. "In an industry built on trust and reputation, the price of downtime transcends mere revenue - it's long-term brand damage."
The Co-op, with its expansive network of over 7,000 locations, took a proactive stance by shutting down parts of its IT systems after detecting a potential intrusion. Internal emails hint at mounting anxiety, suggesting employees have been urged to keep cameras running during calls, abstain from transcribing meetings, and report any suspicious activities - signs pointing towards suspicions that the attackers may already have found their way inside.
This whirlwind follows Marks and Spencer's experience with ransomware, believed to be perpetrated by 'Scattered Spider' - a notorious splinter group of the infamous Lapsus$ collective, infamous for wreaking havoc on high-profile organizations like Transport for London (TfL) and MGM resorts. The Metropolitan Police and the National Cyber Security Centre are currently investigating the matter.
A Growing Predicament
Though the incidents might seem isolated, experts are alarmed that they might be symptomatic of a wider, escalating risk landscape. Delinea's Spencer Young warns, "The fallout from the attack on M&S, now joined by Co-op, is undeniable."
"Attackers are reminding us that IT infrastructure remains vulnerable, especially if businesses fail to assess cyber risks and monitor access," Young continues. "Despite identity and credentials security gaining importance, organizations still need to address significant vulnerabilities - particularly in remote setups."
A Sonicwall report reveals that over 600 new malware variants are birthed daily, and ransomware attacks cost companies an average of $4.91 million - far outstripping the ransom itself. "Ransomware holds operations hostage," states Spencer Starkey, Sonicwall's senior manager. "For retailers who serve consumers daily, even minor downtime is a major threat."
The Retail Frontier: A Plentiful Target
Retailers occupy a unique niche, boasting vast customer data, sprawling supply chains, and often strapped cybersecurity teams. This makes them an attractive target for criminal syndicates, according to Jason Gerrard of Commvault.
"Hackers go for the big fish," Gerrard explains. "By disrupting a single point in the supply chain, they gain maximum leverage." He also underscores the potential for hefty payouts, as the likelihood of reputational damage and regulatory pressure makes companies more inclined to comply with demands.
Gerrard notes additional concerns, with many companies taking over three weeks to recover from a cyber attack, and some taking over 200 days. The delay often stems from firms defining what needs restoring only after a crisis has struck.
Humanizing the Equation
Beyond technical shortcomings, there is a growing consensus that culture plays a crucial role in dealing with cyber threats.
"Empathy can be as powerful as a firewall," says Vivek Dodd, CEO of compliance training firm Skillcast. "How you communicate in a crisis - showing ownership and prioritizing people - can determine whether you lose customers or gain their loyalty."
Retailers are being urged to view cyber defense as a company-wide priority. This includes investing in identity security, scenario planning, and cyber drills, not just infrastructure.
With hackers employing AI to automate malware and phishing, large retailers' complex systems have more vulnerabilities now than ever before.
A Cyber Battle Scarred: Lessons in Resilience
Despite the chaos, both Co-op and Marks & Spencer have shown commendable quick responses, displaying signs of mature incident response planning.
Scott Dawson, CEO of DECTA payments, encourages a shift from reactive patching to proactive resilience engineering, suggesting that security should be baked into every layer of the IT stack, not bolted on after the fact.
As Marks & Spencer and Co-op seek recovery, retailers across the country are re-evaluating their readiness. The hope is that this turbulence will spark greater investments in smart infrastructure and foster a cultural shift towards cyber readiness.
"Cybersecurity is no longer the exclusive domain of tech teams," reiterates Jon Abbott. "It's the boardroom's concern. It's the brand's concern. And it's the question of survival."
Background
- Methods Used: The attacks seem to involve techniques commonly used by cyber groups such as the Scattered Spider collective. Tactics include posing as company IT or helpdesk staff to deceive employees into revealing sensitive information like account credentials, OTPs, or MFA codes. Additionally, methods like MFA bombing or SIM swapping may be used to obtain unauthorized access to employee accounts.
- Investigations: The UK National Cyber Security Centre is collaborating with the affected retailers to understand the nature of the attacks. It remains unclear whether these attacks are part of a targeted campaign by a single actor or unrelated incidents.
- Data Compromise: Co-op member data was compromised in the attacks, raising concerns about privacy and potential identity theft.
- Business Disruptions: Marks & Spencer temporarily halted online order taking via its website and apps following the cyber attack, impacting customer convenience and company revenue.
- Broader Impact: The attacks have potential implications for the food supply chain, as highlighted by the Chair of the Joint Committee on the National Security Strategy. Disruptions in services could lead to empty shelves and unfulfilled deliveries, affecting local communities.
- Government and Regulatory Response: The UK Government is concluding a consultation on proposals to counter ransomware, reflecting a broader recognition of these threats. The Joint Committee on the National Security Strategy will scrutinize the Government’s future steps closely. The Centre is working with affected parties to minimize harm and understand the attacks better. This cooperation underscores the importance of collaboration between private businesses and national security agencies in addressing cyber threats.
- The Co-op, with its vast network, took proactive measures by shutting down parts of its IT systems, suspecting an intrusion, as employees were warned to maintain camera records during calls, avoid transcribing meetings, and report any suspicious activities.
- Experts are concerned that the cyber attacks on Marks and Spencer and Co-op might indicate a larger, escalating risk landscape, as Delinea's Spencer Young warned about the fallout from the M&S attack, and the potential for businesses to overlook cyber risks and monitor access.
- Ransomware attacks cost companies an average of $4.91 million, far outweighing the ransom amount itself, according to Sonicwall's Spencer Starkey. He underlined that retailers, who deal with consumers daily, face major threats from even minor downtime.
- Retailers, such as Marks and Spencer and Co-op, are attractive targets for criminal syndicates due to their vast customer data, sprawling supply chains, and often underfunded cybersecurity teams, notes Jason Gerrard of Commvault.
- Beyond technical shortcomings, Vivek Dodd, CEO of compliance training firm Skillcast, emphasizes that empathy and prioritizing people in crisis communication can determine whether a company maintains or loses customer loyalty.
- In response to the chaos, retailers are being encouraged to consider cyber defense as a company-wide priority, investing in identity security, scenario planning, and cyber drills, instead of just infrastructure, as the threat landscape continues to grow more complex with AI-powered malware and phishing techniques.
