Caitríona Redmond: As the Marks & Spencer cyberattack unfolds, how cybersafe are we?
Catriona Redmond. M&S was being subjected to quite a forceful cyberattack, and at the time of writing this column, the attack was continuing to impact day-to-day operations in the major clothing and food retailer.
Over the Easter Bank Holiday weekend, I started hearing about consumers who were concerned about contactless payments made in Marks and Spencer. My ears immediately picked up because this sounded very unusual.
The following Tuesday, the news was out; M&S was being subjected to quite a forceful cyberattack, and at the time of writing this column, the attack was continuing to impact day-to-day operations in the major clothing and food retailer.
It's important to note that Marks & Spencer says that they believe that customers do not have to take personal action, meaning their data has not been accessed.
What started as the rumblings of some internet issues over the previous weekend, though, rapidly increased in size to a widespread cyber-attack and when the dust settles, one of the biggest issues that the UK-based retailer will have to contend with is the loss of trust.
Customers who feel let down by delayed deliveries, not being able to order online, or redeeming vouchers may vote to shop elsewhere.
There are reports of stock issues in the UK, with some shelves and racks being empty, then staff in the online fulfilment warehouse have been told to stay at home while online purchases are suspended.
Reading through the comments on the M&S social media announcements tells a story of worried customers and people advocating for the staff who are clearly holding very challenging roles and struggling with vociferous negative feedback at the moment. It all adds up to a very stressful picture for everyone concerned.
The age of filling out a pocket diary in pen and carrying it around on your person is long gone. In the digital age, we rely on our mobile phones and online accounts to keep our information secure and easily accessible but that has clear risks.
Cyber-attacks aren’t a new occurrence, but they are on the increase. In December 2024 Microsoft described the cyber threat landscape as complex, challenging, and extremely dangerous.
Last month, a UK Government-led survey on cyber resilience revealed that an estimated 3% of businesses and 1% of charities have been a victim of fraud that resulted from a cyber breach or attack (cyber-facilitated fraud) in the last 12 months, equating to approximately 40,000 businesses and 2,000 charities. There were an estimated 72,000 cyber-facilitated fraud events across the UK business population in the previous 12 months.
Howden, a UK-based insurer, said in late 2024, that cyber-attacks cost businesses 1.9% of their revenue on average, with companies generating an annual revenue of over 100 million pounds most likely to suffer an attack. It would be interesting if there was a similar CSO-led survey in Ireland.
Ireland is certainly not immune to widespread cyberattacks either; there are very few of us who were not impacted by the attack on the HSE several years ago. The cost and impact of this attack on our public health service continue to reverberate to this day.
While there is no suggestion that consumer information has been breached in the M&S crisis, it’s a timely reminder that even the robust systems of a major retailer are vulnerable to attack. As I’m not a cybersecurity expert, I contacted Sean Crowley of Secora Consulting, one of Ireland’s top experts on the topic, to ask his advice for any consumers who may be concerned by the recent cyberattack.
The bad news is that there is no company that is 100% secure against being the victim of a cyberattack or data breach. People should assume that at some point a company they deal with will be breached and their information will be compromised. Being able to act quickly when it happens is the appropriate mitigation.
Sean says that one of the best ways to minimise the risks of your data being compromised via a third-party breach is to reduce the amount of data you share. The less you share online, the less impactful a compromise will be.
He recommends enabling any enhanced security features available on your online accounts, such as Multi-Factor Authentication. That additional layer of security can make the difference between your account being hacked or not.
He makes a very clever suggestion of keeping track of the apps and companies that hold your most sensitive information and adding these plus the word cyber-attack to a google alert. That way you get an email if there has been a threat or a breach, often before company issues a statement, and you can act fast.
Ultimately, if your data is exposed, immediately change your passwords and enable any security features. If your credit or debit card information has been compromised, contact your bank ASAP and follow their advice.
Many thanks to Sean and the Secora team for answering all my questions on this tricky topic. I now feel much better equipped to protect my information in the future and handle any breaches that may occur, and I hope this helps you too.
Did you know you should only use a password once, and not use the same password on several websites or apps? If you can’t remember if you’ve replicated your password then fear not, both Android devices and iPhones will automatically check for this over the internet and prompt users to change. You can find this in your phone settings. Three factor authentication apps sounds like a mouthful but are incredibly easy to use. These apps rapidly cycle through numerical combinations which you use to access a secure account. Typically, the numbers change every 30 seconds to 1 minute and are contained on your mobile device. Common apps include Google Authenticator, Microsoft Authenticator, and Okta. They are simple to install on your phone from the app store and add to your digital accounts.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
