Cyber attacks have rocked UK retailers – here's how you can stay safe
Following recent attacks on retailers, the NCSC urges other firms to make sure they don't fall victim too
The National Cyber Security Centre (NCSC) has warned organizations to tighten up their security practices following the recent cyber attacks on M&S, Co-op, and Harrods.
The security agency is calling on firms to review their password reset policies, and in particular how IT help desks authenticate workers when they make a reset request.
Organizations should be particularly cautious in the case of senior employees with escalated privileges, such as Domain Admin, Enterprise Admin and Cloud Admin accounts.
Similarly, the advisory noted that businesses should make sure that they're using multi-factor authentication (MFA) across the board.
Notably, the agency warned organizations should be constantly on the lookout for ‘risky logins’ within Microsoft Entra ID Protection, where sign-in attempts are flagged as potentially compromised due to suspicious activity or unusual behaviour.
"Preparation and resilience does not mean just having good defences to keep out attackers. No matter how good your defences are, sometimes the attacker will be successful," wrote NCSC national resilience director Jonathon Ellison and chief technology officer Ollie Whitehouse.
"It also means detecting threat actors when they are using your employees’ legitimate access (or are on your network, or in your cloud services) whilst being able to contain attackers to prevent damage, and to respond and recover when an attack has got through your defences."
The Information Commissioner's Office (ICO) has similar advice warning organizations to make sure that accounts are protected by a strong password, and that passwords aren't being reused across multiple accounts.
What happened with the retail attacks?
Attacks against UK retailers have rocked the industry in recent weeks. M&S was the first to be hit, followed by the Co-op and Harrods at the end of April.
The attacks have caused lasting disruption for M&S in particular, which has been unable to provide contactless payment, click-and-collect services, or online sales.
While the Co-op attack was initially thought to have been limited in its impact, the retailer told BBC News last week that hackers had “accessed data relating to a significant number” of current and past members.
The threat actors behind the Co-op attack, who are going by the name ‘DragonForce’, told the broadcaster they are also responsible for the incidents at M&S and Harrods.
Attacks are a ‘wake-up call’ for UK businesses
In a speech at CyberUK this week, chancellor of the Duchy of Lancaster Pat McFadden is expected to describe the attacks as 'a wake-up call for every business in the UK', and to call on firms to treat cybersecurity as an 'absolute priority'.
"We are ready to support you," he will say. "The National Cyber Security Centre is standing ready to support businesses and provide advice, and guidance, on how to raise the cyber security bar."
Small businesses are being encouraged to engage with the NCSC’s Small Business Guide to help bolster their defences and support through the Cyber Local scheme, which provides tailored funding to boost regional cyber skills.
MORE FROM ITPRO
- 2024 was a record year for commercial cyber attacks
- Cyber attacks against UK firms dropped by 10% last year, but experts say don't get complacent
- Global cyber attacks jumped 44% last year
-
HPE Discover 2026 Live: all the news and announcements as they happenFollow along for key insights from CTO Fidelma Russo's day 2 keynote at HPE Discover 2026
-
Everpure continues data management pivot with new Data Intelligence platform launchNews The move by Everpure aims to help enterprises maximize the use of AI-ready data and break down silos
-
NCSC urges organizations to shore up supply chain security practicesNews With attackers increasingly compromising open source packages to spread malware, organizations need to be on their guard
-
A ‘perfect storm’: NCSC chief issues warning over quantum threats, nation-state hackers, and the dangers of global ‘hacktivism’News NCSC CEO Richard Horne says nation-state attacks, AI and the looming quantum threat require stronger global collaboration
-
The NCSC says it’s time to switch to passkeysNews UK security organization calls for companies to step up and offer more secure ways to login
-
NCSC issues alert over Russian hacker campaign targeting SOHO routers
News The APT28 group has exploited vulnerable internet routers to covertly reroute internet traffic through malicious servers
-
NCSC names and shames pro-Russia hacktivist group amid escalating DDoS attacks on UK public services
News Russia-linked hacktivists are increasingly trying to cause chaos for UK organizations
-
The NCSC touts honeypots and ‘cyber deception’ tactics as the key to combating hackers — but they could ‘lead to a false sense of security’News Trials to test the real-world effectiveness of cyber deception solutions have produced positive results so far
-
LastPass hit with ICO fine after 2022 data breach exposed 1.6 million users – here’s how the incident unfoldedNews The impact of the LastPass breach was felt by customers as late as December 2024
-
Government urges large enterprises to shore up defenses as NCSC warns UK faces four 'nationally significant' cyber attacks every weekNews UK enterprises of all sizes face escalating cybersecurity threats, ministers have warned
