By AJ Thompson, CCO at IT consultancy Northdoor plc
The retail giant has also had to limit employee access when working from home and highlights the ongoing threat from cybercriminals.
As another cyberattack hit a well-known brand causing more chaos the case for organisations to ensure that they are up to date with their protective measures and can be resilient in the face of a breach has never been stronger.
At the beginning of every year dire warnings about the likely increase in cyberattacks come from experts. 2025 has, so far, proved these experts right, with sophisticated attacks hitting companies and causing chaos. In a statement, M&S said that it had been the victim of a cyber-attack and that it was pausing taking orders online. Whilst M&S reassured customers that there was no action needed it as later forced to limit access of employees who were working from home.
Although the nature of the attack remains uncertain, the immediate impact is very clear. With online shopping paused and employees unable to access internal networks from home, the continuing and cascading impact of an cyberattack is clearly visible. Over the coming days we are likely to hear more about the attack and the ramifications on the business and customers, but it is already clear that this breach is in line with the other high-profile attacks we have seen since the beginning of the year.
It should act as a warning to all companies to tighten up their defences, ensure resilience in the face of a cyberattack and better protect data and customers, as AJ Thompson, CCO at Northdoor plc explains.
“This latest high-profile attack is another example of cyber criminals successfully gaining access to systems and data and causing havoc. M&S has had to shut down its external facing online retail offering and its internal systems for employees that work from home meaning that it has had a huge impact on the business.
“Whilst M&S is scrabbling to restore systems the attack itself should act as a wake-up call to all other businesses, no matter what sector they operate in. In the face of a highly sophisticated approach from cyber criminals and against a backdrop of an increasingly complex regulatory landscape, companies have to ensure defences and resilience are firmly in place and part of the company culture.
“However, for many companies fighting back against this ever-changing threat seems to be a daunting, if not impossible, task. The level of attacks does seem to be increasing. In the last few months, we have seen Morrisons, Barclays, Lloyds, Southern Water, Gateshead Council, British Airways and TalkTalk all impacted by various types of cyber intrusion, and this latest attack fits the bill in terms of the amount of disarray caused.
“It is not all bad news for UK companies though. Firming up defences, educating staff and understanding what the latest threats look like are all crucial steps for businesses to protect themselves and ensure resilience in the face of such an attack. Some are turning to third-party consultants to help implement these within businesses. They can plug any gaps in internal teams as well as providing expertise to help keep data and systems safe. There will undoubtedly be further attacks over the coming months and businesses of all sizes need to take steps now to better protect themselves,” Thompson concluded.
