Marks & Spencer (M&S), one of the UK’s most prominent retailers with over 65,000 employees, is currently grappling with the aftermath of a significant cyberattack that began over the Easter weekend. The incident has severely disrupted online orders, click-and-collect services, and contactless payments, prompting the company to suspend digital sales and limit remote staff access. 

While M&S assures customers that no personal data has been compromised, the operational and financial impacts are substantial. 

Current data reveals that, “The company’s shares have fallen by 4 per cent since the attack, which it first acknowledged on Tuesday. The hit is potentially significant: last year, M&S generated £1.3 billion of sales from online orders in its clothing and home business — more than a third of its overall clothing and home revenues of £3.8 billion.”

How did the breach happen?

While M&S has not publicly confirmed the exact nature of the cyberattack, cybersecurity experts suggest it bears the hallmarks of a ransomware incident. The evidence is based on M&S’s incident and response, specifically the fact that they’ve disabled its virtual private network (VPN) presumably to cut off the threat actor. 

Ransomware attacks are security breaches where bad actors gain unauthorized access to a company’s data, lock down its IT systems, and hold sensitive information hostage in exchange for a ransom payment. 

According to the latest research from the annual Verizon Data Investigations Report (DBIR), credential abuse remains the dominant vector across phishing, web attacks, and ransomware. 

Additionally, the report states, “Breaches involving humans were responsible for the majority of cases reviewed” (as opposed to automated exploit chains) with 60% of breaches involving the human element. 

Taken together, statistically, it is probable that initial access was gained via credential abuse or phishing and likely involved human action. 

What are effective mitigation strategies?

The M&S cyberattack underscores the critical need for robust cybersecurity measures in the retail sector. The golden standard is to deploy 100% phishing-resistant multi-factor authentication (MFA) to eliminate the overwhelming majority of enterprise risk. 

Here are some additional details for effective mitigation:

1. Eliminating weak credentials like passwords, one-time codes, push notifications, and other phishable methods of authentication. They provide bad actors with the path of least resistance to unauthorized access. 
2. Deploy passwordless, phishing-resistant, device-bound MFA universally to eliminate credential-based initial access vectors and MFA bypass attacks
3. Enforce device trust for both managed and unmanaged devices to ensure that all devices are running up-to-date versions of their operating system and applications which provides patches for known vulnerabilities
4. Continuously assess user and device risk with real-time risk signals. Risk changes over time. Your defense must adapt to them. 

By implementing these strategies, retailers can enhance their resilience against cyber threats and protect both their operations and customer trust.

See how Beyond Identity stops credential and device-based attacks before they begin. Book your demo here. 

‍