A major UK retailer has had to suspend all online sales due to a cyberattack which has struck deep at the heart of its operations.
Founded in 1884, Marks and Spencer has served British shoppers for nearly 150 years. In 1999, they launched their online shopping service, and by 2024 they could count 9.4 million active customers on their online platforms. Clearly, their online operations are significant. But this also makes them a tempting target for threat actors looking for either financial gain or the opportunity to simply cause digital chaos.
For Marks and Spencer, this cyberattack has proved costly both in terms of revenue and reputation. And a similar fate could easily be awaiting your business.
How Cybercriminals Disrupted Marks and Spencer’s Operations
Following the Easter holiday weekend, Marks and Spencer was forced into announcing that they had suspended all online sales. Over the weekend, they revealed they had become aware of a major cyberattack affecting their services. Contactless payments in their stores had been failing and their online click-and-collect service had also been affected, with shoppers unable to log into the in-store system to verify their purchases. Several days later, the ability to make online purchases was still unavailable, with many of Marks and Spencer’s international online platforms also suspended.
The exact nature of the attack has not been disclosed yet, with the retailer simply explaining that there has been a cybersecurity incident and that they’re working with experts to resolve this. The official line is that customers do not need to worry about this attack, but with 9 million customers’ details at risk, there is clearly cause for concern. Rumors persist that Marks and Spencer has been the victim of a ransomware attack, but this is purely speculation. Nonetheless, independent security experts have advised customers to keep an eye on their bank statements.
Simple Steps to Shield Your Business from Cyber Threats
Around a quarter of Marks and Spencer’s sales come from their online shopping service, so this cyberattack represents a major blow to their revenue. Additionally, whatever this lapse in security is, it will stick in the minds of shoppers for a long time, potentially encouraging them to take their purchases elsewhere.
So, in an age where e-commerce is such an important aspect of business, it’s crucial that your business knows how to protect itself from similar attacks. To help you keep your defenses in shape, make sure you follow these best practices:
- Operate a Zero-Trust Model: Always double check who’s trying to access your PCs and networks. Even if it appears to be a safe connection, it pays to verify it first. Use strong passwords, two-factor authentication, and make sure devices connecting to your network are secure.
- Keep Your Software Updated: Vulnerabilities in old software are what hackers get up for in the morning. That’s why it’s vital that you always update your software as soon as updates are available. Updates fix holes in your security and ensure that attackers are unable to breach your defenses so easily.
- Develop an Incident Response Plan: Designing a comprehensive incident response plan allows you to take swift, decisive action in the case of an emergency. For Marks and Spencer, this focused on shutting down their online sales, but this could even extend to shutting down all non-essential networks and restricting network access. The quicker you can implement these plans, the sooner you can limit your digital risk.
For more ways to secure and optimize your business technology, contact your local IT professionals.
Read More