Harrods, Co-ops, Marks & Spencer (M&S) and Adidas have all experienced destructive cyber attacks in recent weeks that have caused shock waves in the retail industry. M&S alone warned of £300 million ($405 million) in profits. The attack began on Easter weekend and also reduced its market cap by more than £750 million ($1 billion).
The cooperative also became a victim on April 30, and a few days later reported that hackers had access to “large amounts of” customer data. Then on May 2, Harolds also experienced a cyber attack, although in this case, they managed to prevent any malicious intrusion.
101Cooperation Group Ranking Fortune 500 Europe
In the M&S incident, third-party service provider TATA Consulting Services (TCS) reportedly launched an internal investigation to determine whether this is the portal for hackers to gain access.
All this points to the vulnerability between retail businesses, despite the fact that there has been a threat of cyberattacks for many years. But why is the retail business targeted?
252Marks & Spencer Ranking Fortune 500 Europe
“Retailers are the primary targets of cybercriminals due to the large amount of personal, financial and other sensitive data they manage. For malicious actors, accessing this data is like golden dust: high prices and potentially lucrative,” Marc Rivero wealth.
On May 27, Adidas reported that, like M&S, hackers have accessed customer data through third-party service providers.
For M&S, if the attack does come from Indian companies, “that will certainly affect their brand image”, according to Mumbai analyst Vaibhav Chechani of broker Nirmal Bang. TCS also serves as the “strategic partner” of the cooperative.
“Due to the large amount of personal, financial and other sensitive data they manage, retailers are the primary targets of cybercriminals…”
Marc Rivero, Principal Security Researcher at Kaspersky Global Research and Analysis Team
Riverrow commented: “From the M&S attack, social engineering allows attackers to bypass complex cybersecurity measures by exploiting human errors. These “human hacker” policies manipulate users to click malicious links, disclose sensitive information, or grant restricted access to the system.”
“Simply put, data opens the door. It can enable fraudulent behavior, fuel-targeted phishing activities, and even leverage other businesses in the supply chain to penetrate into other businesses in the supply chain. This not only makes retailers profitable, but also has strategic value in the broader digital ecosystem.”
M&S CEO Stuart Machin confirmed this, blaming the attack on “human error” rather than weaknesses in its cybersecurity measures, adding: “It’s a time of time, and we are now focusing on recovery with the goal of exiting this period, which is our stronger business, and our strategy remains unchanged. And keep moving forward.”
Despite this optimistic outlook, Miya Knights, a publisher and retail expert on retail technology magazine, believes other retailers can also be targeted, and they believe the most vulnerable will be “those with considerable level one liquidity in many channels.”
Speech wealth“Cybersecurity has always been a basic requirement as long as retailers have deployed it and traded online. But as long as e-commerce has become a major driving force for growth, maintaining the digital systems they now rely on must be at the heart of their business because it is at the heart of financial services companies,” she added.
This should be a wake-up call needed by the retail industry to treat these threats in the same way as financial services institutions. Actions to combat threats appear to be happening within the industry, with one of the well-known retail CTOs saying he is working with several other retailers, including some direct competitors, to mitigate the risk of future cyberattacks.
M&S CEO Stuart Machin (accused) of attacks on “human errors” rather than weaknesses in his cybersecurity measures…
According to Rivero, the pressure from the retail sector’s online community is constantly exploring to detect vulnerabilities that access large amounts of data. “Retailers must regularly re-evaluate their cybersecurity strategies and continue to invest in strong defense mechanisms,” he said.
He continued: “Retailers must adopt a multi-layered approach to cybersecurity, acknowledging that nothing can provide complete protection. This approach should begin with the education of employees. Training employees to recognize that phishing attempts and suspicious behavior is crucial, and that human error remains one of the most common points for attackers.”
However, retailers are not the entire responsibility of retailers. Update your password regularly, enable multifactor authentication where possible, be cautious about suspicious messages or emails, and monitor financial activity closely, “report any abnormal behavior immediately,” adding: “A cautious, informed approach is still the best way to defend”.
His advice to retailers using third-party service providers: “Adopting an active approach: regularly conduct a thorough risk assessment of all suppliers, perform strict access controls, and the need for regular security audits. Continuous employee training is also essential – not only for non-IT employees, but also for teams whose social engineering engineering strategies are often targeted.”
As he said, “In the landscape where cybercriminals exploit every weak link, resilience must go beyond the organization itself to cover the entire supply chain and all suppliers”.
