Cybercrime rocks the high street – what (or who) is next?

23/05/25 Wavenet
Cybercrime rocks the high street – what (or who) is next? placeholder thumbnail

Picture waking up to headlines revealing your business has been targeted by a sophisticated cyber-attack. This recent harsh reality, of stolen customer data and significant operational disruption, faced by UK retail giants Marks & Spencer and Co-op, has exposed the extreme vulnerability of retail cyber security.

So, what is the story behind these attacks, and how can you protect your business from becoming the next headline in cybercrime news?

The breaches brought to light exhibit the rising threat from organised cybercrime groups like Scattered Spider and DragonForce. While the full scope is still unravelling, what is clear is that these incidents emphasise that businesses can no longer afford insufficient cyber security measures.

While publicly available technical insights about these attacks remain sparse, our security teams have put together a high-level overview based on our experiences with similar incidents and our threat intelligence regarding the known threat actor.

What do we know so far?

Scattered Spider, notorious for its sophisticated social engineering and sky-high ransom demands against high revenue European and US companies, in exchange for not leaking sensitive company and customer data, allegedly orchestrated the attacks. Yet, newer ransomware group DragonForce has publicly claimed responsibility.

Reports from both BBC and the National Cyber Security Centre suggest that social engineering (hacking through human error) was the gateway, with crafty manoeuvres like smishing (SMS) or vishing (voice phishing), bypassing defences and gaining access to C-suite, IT, or security roles.

Both M&S and Co-op have suffered significant operational and reputational damage as a result of the attacks. And the M&S share price has dropped by over 14%, wiping more than £1 billion from its market capitalisation. Fully recovering from this cyber attack will be a lengthy and challenging process – if it’s even achievable at all.

Who is most under threat?

Major enterprises in sectors such as retail, finance, telecommunications, hospitality, and cloud services are prime targets for these cyber predators. Why? Their operational complexity and high value data make them especially tempting for Scattered Spider. While patterns of behaviour exist for this most disruptive and innovative cybercriminal collective, it continually adapts tactics, techniques, and procedures (TTPs) to bypass security controls, so unpredictability remains their powerful weapon. The question isn’t “if” but “when” they will strike again.

"Protecting data is not a luxury - it's a fundamental necessity. Cyber threats are evolving rapidly, and organisations of all sizes are at risk. Insider knowledge confirms that cyber security must be embedded into your core business strategy - it's not optional.” - Paul Colwell, Chief Information Security Officer, Wavenet.

What can you do to protect your business?

These recent attacks aren’t isolated incidents; they’re part of a broader surge in targeted, sophisticated cybercrime. But – have no fear – proactive measures can drastically reduce your risk:

Deploy phishing-resistant multi-factor authentication (MFA)

Secure your access points with advanced MFA solutions including hardware security keys (such as YubiKey) and modern app-based number matching.

Enforce strict call-back verification for password resets

Enhance your password reset procedures and instate strict call-back verification protocols. This ensures the identity is thoroughly confirmed before any sensitive account changes are made.

Implement network segmentation

Implement VLANs, firewalls, and access controls, and regularly test segmentation effectiveness to isolate critical systems and limit lateral movement by attackers.

Patch business-critical systems in a timely manner

Stay updated, monitor for new vulnerabilities, schedule and deploy patches, and verify successful updates to minimise the window of exposure to known exploits.

Regularly test your data backups, failover and failback

Schedule and conduct regular backup tests, including failover and failback exercises, to ensure data can be restored quickly and reliably in a crisis.

Monitor security logs for suspicious activity

Implement 24/7 security monitoring with a Security Operations Centre (SOC) across your environment, using advanced SIEM (Security Information and Event Management) tools. This detects, investigates, and responds to suspicious activity in real time.

Perform regular penetration tests including social engineering assessments

Engage in regular testing with CHECK and CREST-accredited penetration testers that will conduct regular technical and social engineering assessments (such as phishing simulations and vishing) and provide detailed reports and actionable recommendations to address weaknesses.

Create and rehearse business continuity & incident response plans

Regularly rehearse Business Continuity and Incident Response Plans and facilitate tabletop exercises and live simulations to ensure your team is prepared for incidents.

Prepare and protect your data using the 3-2-1 strategy

Regularly review backup strategies to ensure compliance and resilience and follow the 3-2-1 rule: three copies of your data, on two different types of storage, with one copy off-site (or in the cloud).

Ensure your data is immutable or air-gapped

Configure immutable backups (that can’t be altered or deleted, even by attackers) and set up air-gapped storage solutions, providing maximum protection against ransomware and insider threats.

All of these measures will help. The key question is - are you confident that your organisation can withstand such organised cyber onslaughts?

Paul Colwell continues: “Every employee and every process must treat security as a vital requirement, because if human error or complacency creates vulnerabilities, it could cost your organisation greatly. It's not just prevention; it's safeguarding!".

Is your business prepared for what’s next?

These disruptive organised attacks are increasing and other major UK retailers such as Harrods have already become victims. But this isn’t the only type of threat that is intensifying.

Ransomware, AI-driven attacks, phishing, DDoS, supply chain compromises, insider threats, and vulnerabilities in cloud, containers, and emerging technologies are all increasing in frequency and sophistication.

Businesses must evolve, too, bolstering detection, response and resilience strategies to stay ahead.

Our Cyber and Operational Resilience expert Martin Lewis, adds a cautionary word to make sure your approach to backup and recovery is part of your cyber resilience and not an afterthought. “Effective data protection strategies are not just compliance checkboxes, they are critical controls that can protect your sensitive data and help to contain the blast radius of a cyber incident.”

With our comprehensive suite of cyber security services you gain a trusted partner equipped to navigate these challenges. To explore how we can help, visit the CyberGuard homepage.

 

Cyber Security, Retail, CyberGuard

Latest blogs

See all posts
IT failure
How to prepare for a major IT failure

When a major IT failure strikes, organisations don’t get a second chance to prepare. Decisions must be made quickly, and IT information needs to be trusted, accurate, and accessible. This is where business continuity (BC) software can play a crucial role in strengthening IT service continuity (ITSC). In this article we consider what you can do to prepare in advance of an IT failure occurring and then look at how BC software can help.

Read more
penetration testing
Common vulnerabilities found in penetration testing - how to fix them

You lock your front door at night - but what about your digital one? Every website, app, and online service you use is like a house with its own set of locks. Some are sturdy and well‑maintained, while others have loose hinges, missing keys, or windows left wide open.

Read more
Placeholder thumbnail
What is cloud computing and how it benefits businesses

If you stream films on Netflix or check your email from anywhere in the world, you’re already using the cloud. But for large enterprises, cloud computing is far more than consumer convenience - it’s the foundation for operational agility, cost optimisation, and long‑term resilience. Today, the cloud underpins digital transformation across every industry. It removes the limits of traditional on‑premises infrastructure, replacing them with scalable, secure, and cost‑efficient services delivered over the internet. So, what is cloud computing really? Think of it like a global utility grid Just as organisations don’t generate their own electricity, they no longer need to build and maintain vast IT estates to power their operations. Instead, they plug into a global network of hyperscale data centres and pay only for the capacity they consume. This model transforms IT from a capital‑intensive function into an agile, consumption‑based platform that can grow or shrink instantly with business demand. Demystifying “the cloud”: what it actually is Despite the name, the cloud isn’t ethereal. It’s built from thousands of enterprise‑grade servers housed in heavily protected data centres around the world. These provide: Always‑on global availability Enterprise‑grade physical security Redundant power, cooling and connectivity High‑performance compute and storage resources Instead of storing your data on a single device or server, the cloud stores information across these resilient environments, enabling global access, multi-layer redundancy, and seamless continuity. Reducing enterprise IT costs without compromising capability Historically, enterprises spent heavily on hardware refresh cycles, data centre space, maintenance, and large support teams. Cloud computing removes these constraints. With a cloud operating model, organisations can: Shift from CapEx to OpEx Subscribe to the compute, storage and applications you need - instead of owning hardware. Avoid hardware lifecycle management Infrastructure is continuously refreshed by the cloud provider. Optimise usage Pay only for what you consume, with autoscaling to manage peaks and troughs. Reduce hidden overheads Power, cooling, physical security, patching and maintenance are no longer your responsibility. For large organisations with complex estates, this delivers predictable budgeting and measurable savings. Resilience and data protection: your always‑on safety net Enterprise outages can halt business operations. Traditional on‑premises infrastructure creates single points of failure. Cloud architecture removes this risk with: Built‑in geo‑redundancy Automated backups Multi‑site replication High availability by design If a device is lost, a server fails, or a site experiences disruption, your systems and data remain secure and accessible. This ensures continuity, protects reputation, and reduces recovery time dramatically. Scalability at enterprise scale: power for any demand Scalability is essential for large organisations with fluctuating workloads or global operations. Cloud platforms automatically scale to handle: Seasonal or event‑driven spikes Large-scale data processing Rapid user onboarding Global expansion Capacity expands the moment it’s needed - and scales back down afterwards - allowing enterprises to stay agile and cost‑efficient. Enabling hybrid work and seamless collaboration Enterprise teams are now spread across regions, countries and time zones. Cloud‑based collaboration tools eliminate version control issues and data silos. With cloud productivity solutions: Teams work from a single source of truth Multiple users can co-edit in real time Permissions and governance are centrally managed Hybrid workers get the same consistent experience This dramatically improves operational efficiency and supports a modern, flexible workforce. The cloud isn’t the future - it's the enterprise advantage today For large organisations, the cloud delivers: Lower infrastructure costs Stronger resilience and security Rapid scalability Higher productivity and collaboration Simpler hybrid working Freedom from legacy limitations It’s not a future trend - it’s the foundation of modern business.

Read more
Placeholder thumbnail
Seven CEO priorities to cut cyber risk in 2026

Cyber risk in 2026: a core business issue, not just an IT problem The Global Cybersecurity Outlook 2026 report by the World Economic Forum highlights seven priorities CEOs should own:

Read more
PSTN Switch-off
What is the PSTN Switch-off? UK network modernisation explained

The PSTN switch-off marks a significant shift in telecommunications. It's a move from traditional landlines to digital solutions. This transition is set to transform how organisations communicate.

Read more
Placeholder thumbnail
BCM software: what it is and why you need it in 2026

Business disruption is no longer an exception - it is an operational reality. Cyber-attacks, supply chain failures, extreme weather and system outages now pose ongoing risks for organisations of every size.

Read more

Stay service-savvy

Get all the latest news and insights straight to your inbox.