The IT Nerd

Marks and Spencer (M&S) has disclosed that it is responding to a cyberattack over the past few days that has impacted operations. As it stands the only way to buy something from the company is with cash. And if you ordered something, you may not be able to collect it.

Javvad Malik, Lead Security Awareness Advocate at KnowBe4 commented:

“The recent cybersecurity incident at Marks & Spencer serves as a reminder of the interdependencies in modern retail operations. The disruption to Click and Collect services and contactless payments underscores how any technical issue can have far-reaching consequences across an entire organization.”

“M&S’s prompt communication and engagement with the ICO demonstrate a commendable level of transparency and regulatory compliance. However, the event also reveals potential gaps in cyber resilience and crisis management strategies.”

“The key lesson here is the importance of cultivating a positive and strong security culture throughout the organization. Cybersecurity can no longer be siloed within IT departments; it must be integrated into every aspect of business operations and decision-making processes.”

“Moving forward, organizations must prioritize the development of a security-first mindset at all levels, from the boardroom to the retail store.”

Whenever M&S recovers from this, I hope that they take the required steps to make sure that this sort of event cannot happen again. Because as bad as this is, it could easily have been way worse.

This entry was posted on April 23, 2025 at 12:36 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.