M&S finally gets up off the mat
There was good news for Marks & Spencer customers this week, as the company took another step towards recovery from its four-month-long cyber ordeal.
Successful attacks on businesses as visible as M&S are a reminder of how serious the cyber crime threat now is.
For millions of consumers this wasn’t some abstract back-office outage, it hit square in the face by taking away the ability to collect online orders and even use contactless payments. The direct impact created sustained media attention and widespread frustration in a way that typical breaches don’t.
It also dragged on for months. The ‘click and collect’ service was only brought back on line this week, 15 weeks after the attack began.
A cyberattack on, for instance, a logistics firm or a payment processor could cause similar financial and operational chaos, but the public rarely connects those incidents to empty shelves or delayed shipments. The M&S breach made that connection undeniable, turning a technical issue into a very visible, everyday problem.
The SME knock-on effect
For SMEs the M&S case is a powerful cautionary tale. While most don’t have the brand recognition of a major retailer, they are just as vulnerable, and almost certainly have far fewer security resources.
That’s not to even consider so-called ‘supply chain attacks’ (as opposed to cyber attacks on supply chains) where the hackers are working toward another end target. An attack on a niche vertical SaaS platform, or even a small local supplier, could be the entry point for a larger assault on a major partner, creating a ripple effect across the entire supply chain.
While we repeat, as we all do, that ‘every company, regardless of size, must see cyber security not as an optional expense but as an essential investment’, the attacks will, of course, continue.
Smaller, local businesses are faced with a paradox: they need to embrace digital tools to stay competitive, yet doing so increases their exposure to cyber threats. This heightened risk can cause some small-to-medium businesses to delay moving to e-commerce, the cloud, or digital payments.
One irony is that many smaller outfits may actually be safer as they are typically embracing well-architected digital solutions with proper security controls, rather than maintaining legacy systems or manual processes that create different but equally serious vulnerabilities. However, even those ensconced in such systems need to take securing their data seriously. With public cloud, for instance, the provider is there to secure the network, not the stuff you put on it.
The question is whether the cyber security conversation sparked by visible incidents like the M&S breach will stick in our minds like the HSE attack of 2021, or be quickly forgotten like the vast majority of successful attacks on businesses.
Subscribers 0
Fans 0
Followers 0
Followers