A major UK retailer has had to suspend all online sales due to a cyberattack which has struck deep at the heart of its operations. 

Founded in 1884, Marks and Spencer has served British shoppers for nearly 150 years. In 1999, they launched their online shopping service, and by 2024 they could count 9.4 million active customers on their online platforms. Clearly, their online operations are significant. But this also makes them a tempting target for threat actors looking for either financial gain or the opportunity to simply cause digital chaos.

For Marks and Spencer, this cyberattack has proved costly both in terms of revenue and reputation. And a similar fate could easily be awaiting your business.

How Cybercriminals Disrupted Marks and Spencer’s Operations

Following the Easter holiday weekend, Marks and Spencer was forced into announcing that they had suspended all online sales. Over the weekend, they revealed they had become aware of a major cyberattack affecting their services. Contactless payments in their stores had been failing and their online click-and-collect service had also been affected, with shoppers unable to log into the in-store system to verify their purchases. Several days later, the ability to make online purchases was still unavailable, with many of Marks and Spencer’s international online platforms also suspended.

The exact nature of the attack has not been disclosed yet, with the retailer simply explaining that there has been a cybersecurity incident and that they’re working with experts to resolve this. The official line is that customers do not need to worry about this attack, but with 9 million customers’ details at risk, there is clearly cause for concern. Rumors persist that Marks and Spencer has been the victim of a ransomware attack, but this is purely speculation. Nonetheless, independent security experts have advised customers to keep an eye on their bank statements.

Simple Steps to Shield Your Business from Cyber Threats

Around a quarter of Marks and Spencer’s sales come from their online shopping service, so this cyberattack represents a major blow to their revenue. Additionally, whatever this lapse in security is, it will stick in the minds of shoppers for a long time, potentially encouraging them to take their purchases elsewhere.

So, in an age where e-commerce is such an important aspect of business, it’s crucial that your business knows how to protect itself from similar attacks. To help you keep your defenses in shape, make sure you follow these best practices:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


With the digital world awash with malware, viruses and vulnerabilities, it’s hard to avoid security breaches. But does zero trust security have the answer?

Hundreds of thousands of new malware strains are created daily; the chances, therefore, of your organization being targeted are high. Typically, we use measures such as security education to enhance vigilance and tools such as anti-malware software to minimize breaches. But neither of these are 100% secure. In fact, no one security measure can ever be 100%. It’s possible, though, to maximize your security by introducing additional security measures. And this is where zero trust security can make a big difference.

The Lowdown on Zero Trust

When users log on to corporate networks, they are usually assigned a certain level of access control. This allows them to access the parts of the network that are required for them to do their job. So, for example, an employee in the finance department would have access to invoicing systems whereas this would be restricted to those in the marketing department. Such an approach allows you to limit unauthorized access to sensitive data. But the zero trust model takes things a step further.

Zero trust’s guiding ethos is one of “never trust, always verify” and it takes a hardline approach to access privileges. Rather than assuming that a device in a specific location should automatically be granted access to the network in that area, zero trust access demands verification every time resources are accessed. Instead of providing an element of trust, there is zero trust – hence the name of the model. It’s an approach which requires checking both the identity and health of the devices requesting access alongside mutual authentication.

How Can Zero Trust Help?

A significant number of security breaches are down to human error e.g. opening a malicious email attachment. But zero trust work to eliminate (or at the very least, minimize) this human error by bringing access control to the table. External devices, for example, can’t gain access to a secure network by using stolen network credentials – they need to prove that the device in question is authorized and that the user can provide authentication. Not only does this limit unauthorized external access to your network, but it limits the number of internal users who can access data which is unnecessary to their role.

Final Thoughts

Access control has been in place with IT infrastructures for decades, but the hardline model of zero trust access is one that all businesses should be shifting towards. In particular, large businesses with a multitude of different departments and employees are particularly at risk of security breaches. But this is only the case if all employees have access to the same resources. Questioning the integrity of specific devices – and foregoing any assumptions based upon location – is crucial when it comes to protecting your network.

If your organization does not already practice the zero trust model for access, then it’s time to get started. Plan your model by dividing your networks into specific sections and detailing who needs access to each one. You can then start putting additional security in place – such as two factor authentication – to strengthen your network and keep your data as safe as possible.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More