Cyber security breaches are shaking the retail sector to its core. Recent attacks on Marks & Spencer (M&S), Co-op, and Harrods have caused major disruption.
Customers were largely affected. But what about business operations, the costs, and shockwaves through the supply chain? These challenges offer valuable lessons to help businesses protect themselves and stay resilient.
Ready for a closer look? Here’s what happened, the impacts, and how your business can strengthen its defences.
How the attacks happened
M&S: Unprepared and vulnerable
M&S systems were locked down for five days thanks to a Dragonforce orchestrating a ransomware attack. Key virtual machines used for e-commerce and payment processing were rendered useless. The financial toll was staggering, with daily losses of £3.8 million and a market value drop exceeding £500 million (7% share drop)1. And aside from the numbers, the chaos was palpable.
An insider revealed there was no clear plan to handle a cyber security incident2. Staff worked on personal devices, communication channels were disrupted, and paranoia set in. Nobody knew if hackers still had access. Recovery could take months as M&S rebuilds its systems and regains customer trust.
Co-op’s customer data breach
The Co-op Group fell victim to an attack that compromised customer names and contact details. Thankfully, sensitive financial data wasn’t affected. But internally, it was clear the damage extended far beyond data. Employees were forced to verify identities in virtual meetings, highlighting fears that attackers might still have access to internal systems.
Harrod’s swift response
Harrods tackled their breach head-on, limiting internet access across stores to minimise damage. Their operations remained largely unaffected, but the attack showed even luxury brands aren’t spared. Harrods’ quick containment efforts show how important a robust incident response plan is.
Who are the attackers?
DragonForce is the group behind these coordinated attacks. It’s a Malaysian-origin operation that began as a hacktivist movement in 2023. It’s since evolved into a Ransomware-as-a-Service (RaaS) group that offers its malware and infrastructure to affiliates for a cut of the profits. Dragonforce’s ransomware uses advanced encryption techniques, and it exploits vulnerabilities like the infamous Log4Shell to infiltrate systems.
The group’s methods include phishing emails, stolen credentials, and privilege escalation tools like Mimikatz. DragonForce’s shift to a RaaS model marks their transformation into a professionalised extortion machine targeting high-profile victims.
The ripple effects of the attacks
The impacts of these attacks don’t stop at the targeted companies. Suppliers, logistics partners, and smaller businesses in the retail sector bear the brunt too.
Take M&S’s suspension of online sales, for example. Vendors relying on their platform faced lost revenue, while supply chain delays left crates of goods stranded. Co-op’s breach eroded customer trust, forcing businesses connected to their network to reassure their own clients. Harrods, though quick to act, still faced scrutiny over whether their precautions were enough.
The message is clear for businesses of all sizes: the ripple effect of a cyber attack can be just as damaging as the direct hit.
Lessons for businesses to take away
The increase in cyber criminal activity reminds us that no company is too large or too prepared to be a target. But that doesn’t mean you can’t fight back.
Here’s how to improve your security posture:
- Prepare an incident response plan
A clear, actionable plan is your best friend when an attack strikes. It should include:
- Steps to identify and contain threats.
- Defined roles and responsibilities.
- Methods for keeping staff and customers informed during recovery.
The quicker and more organised your response, the less chaos you’ll face. And the less cost you’re likely to incur.
- Start penetration testing
Think of penetration testing as a “stress test” for your systems. Ethical hackers simulate attacks to find weaknesses. This helps you address gaps before someone can exploit them.
- Build a cyber security culture
The weakest point in any system is often its people. The ICO classified human error as the cause for around 80% of data breaches. Train employees to spot phishing emails and adopt secure practices. A well-trained team acts is the perfect first line of defence.
- Enforce strong password practices
Hackers love weak passwords. Make sure your staff have strong, unique passwords and use multi-factor authentication (MFA) wherever you can.
- Monitor third-party risks
Your security is only as strong as your partners’ security. Review who has access to your systems and make sure you’re both protecting sensitive data.
- Adopt a zero-trust model
Zero trust means verifying everyone, every time. Limit access to systems and data based on necessity. Keep constant checks in place to spot suspicious activity.
It’s time to act now
The attacks on M&S, Co-op, and Harrods prove how critical cyber security is. It should always be a priority, not an afterthought.
Hackers like DragonForce are evolving. They’re becoming more sophisticated and relentless in their tactics. If you can learn from these events and apply proactive measures, your business can stay one step ahead.
Don’t wait for a breach to realise you need stronger protections. Whether it’s setting up an incident response plan, testing your defences, or providing team training, we’re here to help.
Together, we can take cyber security from complexity to confidence.
Protect your business today.
