The recent cyber attack on Marks & Spencer is a sobering reminder that no organisation, regardless of size or legacy, is immune to cyber threats.
With click-and-collect orders down, customer services disrupted, and IT teams stretched to the limit, the M&S incident offers five critical lessons for businesses everywhere.
Sources close to the incident revealed that M&S lacked a cyber incident response plan. This left teams scrambling with reactive measures, working overtime and even sleeping in offices to contain the damage.
Businesses must develop and regularly test comprehensive incident response and recovery plans. This includes technical response workflows, defined team roles, communication strategies, and coordination with suppliers or partners. Tabletop exercises and post-incident reviews help ensure that these plans remain current and effective under pressure.
The National Cyber Security Centre (NCSC) has warned that attackers are now impersonating IT help desks to manipulate staff into revealing credentials. This form of social engineering is sophisticated and convincing, especially when targeting employees during high-stress moments.
Help desk teams should follow strict identity verification procedures, particularly when handling reset requests for high-privilege accounts. Techniques such as multi-factor authentication (MFA) reset approvals, secure ‘code word’ systems, and anomaly detection tools can help reduce the risk of compromise.
Hackers often don’t “break in”; they log in. As seen in similar attacks on Co-op and Harrods, cyber criminals use social engineering to trick employees and gain privileged access.
Social engineering relies on human error and emotional manipulation. Tactics include spoofed emails, fake IT support calls, and urgent messages from senior executives. Regular phishing simulations, awareness training, and a strong security culture are crucial in mitigating this risk.
Click-and-collect, contactless payments, and online services were all impacted in the M&S breach. Every hour of downtime damages customer trust and incurs costs.
Real resilience isn’t just about having backups; it’s about restoring critical services in minutes, not hours or days. Businesses should invest in prioritised restoration protocols and cloud-based failover systems to keep operations running during a cyber event.
From identity verification and Zero Trust to endpoint monitoring and extended detection and response (XDR), businesses must adopt a layered security posture.
A modern cyber defence must include endpoint protection, identity and access management (IAM), behavioural analytics, secure backups, and active 24/7 monitoring. Layered security limits the damage of any single point of failure and is crucial for business continuity.
Aura works with organisations to build resilience before crises occur. From developing incident response plans and enhancing user authentication processes to running phishing simulations and providing managed business continuity services, we’re committed to helping our clients stay protected and operational.
Our partnerships with Barracuda, Microsoft, Mimecast and others ensure that we can deliver round-the-clock monitoring, security awareness training, Zero Trust solutions and rapid incident response—protecting your systems, data, and reputation from increasingly sophisticated threats.
Let’s talk about your cybersecurity strategy and how Aura can help you stay ahead of emerging threats.
Contact us to review your resilience plan.