1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Five lessons learned from the M&S, Co-op, and Harrods security br

    From TechnologyDaily@1337:1/100 to All on Wednesday, October 08, 2025 15:30:09
    Five lessons learned from the M&S, Co-op, and Harrods security breaches

    Date:
    Wed, 08 Oct 2025 14:21:37 +0000

    Description:
    Retail breaches highlight lessons in people, vendors, operations, planning, and trust.

    FULL STORY ======================================================================

    The recent cyberattacks on M&S, Co-op, and Harrods werent just technical breaches, they were wake-up calls for every IT professional responsible for safeguarding digital infrastructure .

    These incidents werent random acts of digital vandalism; they were well-coordinated, multi-stage operations that exploited the most common vulnerability in any cybersecurity program: the human element

    Here are five hard-hitting lessons from these high-profile breaches that
    every security leader should internalize and act upon, urgently. 1. Your people are your biggest vulnerability (and your best defense)

    Lets start with the uncomfortable truth: your users are your perimeter now. You can invest in next-gen firewalls , zero trust architecture, and the best intrusion detection systems on the market, but if an employee gets tricked into resetting a password or clicking a malicious link, none of that matters.

    Thats precisely what happened here. These werent attacks that required elite technical prowess. The threat group Scattered Spider, known for its skill in social engineering, didnt need to breach a firewall, they simply needed to manipulate an IT help desk employee into granting access. And it worked.

    This is why investing in people must match, if not exceed, your investment in technology. Security awareness training must evolve beyond annual compliance videos. We need simulated phishing tests, real-world attack scenarios, and constant reinforcement.

    Your staff needs to know what these attacks look like and how to respond in real time. When trained right, your employees can be your first line of defense. When ignored, they become the attackers favorite target.

    The lesson? You can patch a server, but you cant patch human error. Train relentlessly. 2. Third-party risk is not a them problem, its a you problem

    One of the most sobering revelations from these breaches is that
    organizations were hit not because of their own failures, but because of someone elses. In the case of M&S, attackers gained access via Tata Consultancy Services (TCS), a third-party supplier managing their IT help desk.

    This isnt an isolated incident. In our latest Global Third-Party Breach Report, we found that 35.5% of all breaches now originate from third-party relationships, a 6.5% increase over the previous year. In retail
    specifically, that number jumps to a staggering 52.4%.

    As enterprises become more integrated, attackers no longer need to breach the front door, they simply target a trusted vendor with privileged access. And thats the crux of the problem: most businesses still treat third-party risk
    as a contract clause or a once-a-year questionnaire. Thats not enough
    anymore.

    You need real-time visibility into your entire digital ecosystem, suppliers, SaaS platforms, outsourced IT providers, and beyond.

    Vet vendors with the same scrutiny you apply to your own infrastructure. Demand evidence of controls, enforce contractual obligations, and monitor continuously. Because if they go down, chances are, you go with them. 3. Business disruption is the new breach

    Lets talk about the actual damage. Yes, data was stolen. Millions of customer records were affected. But for M&S and Co-op, the bigger crisis was operational paralysis.

    M&Ss online systems were crippled for weeks. Stores ran out of stock as automated ordering systems failed. Co-ops funeral services reverted to pen
    and paper. Grocery shelves went empty. This wasnt just about cybersecurity,
    it was about business continuity.

    Heres what IT leaders need to understand: attackers are shifting tactics. Todays ransomware gangs arent just looking to encrypt your files; theyre looking to disrupt your operations so completely that you have no choice but to pay.

    In our research, we found that 41.4% of ransomware attacks now start through third parties, and the focus is squarely on operational leverage.

    If your business cant function, your brand suffers, your customers flee, and your revenue evaporates. Downtime is the new data loss. Plan accordingly. 4. You need a plan B, C, and D (and youd better practice them)

    Hope is not a strategy. Too many organizations have an incident response plan that exists in theory but falls apart under pressure. If you dont rehearse your response, youre not ready.

    The M&S and Co-op breaches exposed a hard truth: once an attacker is inside, recovery is excruciatingly slow if your systems arent segmented, your backups arent offline, or your teams arent coordinated. Ask yourself:

    - Can you continue operations if your core systems are compromised?

    - Do your backups meet the 3-2-1 rule, and are they immutable?

    - Can you communicate with customers and employees securely without tipping off the attacker?

    These are not theoretical questions. These are the differences between a few days of disruption and a multimillion-pound catastrophe. Tabletop exercises arent optional, theyre your dress rehearsals for the real thing. 5. Transparency is the only way to rebuild trust

    When disaster strikes, how you respond publicly matters as much as what you
    do behind the scenes. Customers today are tech-savvy. If your services are down or your shelves are empty, they know somethings wrong.

    Initially, some of the affected companies were tight-lipped. But Co-op CEO Shirine Khoury-Haq took a different approach, she acknowledged the breach, apologized publicly, and owned the impact. That level of transparency, while difficult, is how you start rebuilding trust.

    Lets be clear: customers can forgive a breach. What they wont forgive is a cover-up. You must communicate clearly, quickly, and honestly. Share what you know, what youre doing, and what affected individuals should do to protect themselves. If you dont control the narrative, the attackers, or the media, will.

    And remember: regulators are watching. Under GDPR and similar frameworks, delayed or misleading disclosure isnt just a bad look, its a liability. Final thoughts

    Cybersecurity is a team sport and no single organization can outpace todays threat landscape alone. But by learning from incidents like these, by hardening our people, processes, and partners, we can collectively raise the bar.

    Cyber resilience isnt a static goal, its a discipline, and in an era of interconnected risk, it's the only path forward.

    We've featured the best secure email provider.

    This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro



    ======================================================================
    Link to news story: https://www.techradar.com/pro/five-lessons-learned-from-the-m-and-s-co-op-and- harrods-security-breaches


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)