Inspiring Tech Leaders
Dave Roberts talks with tech leaders from across the industry, exploring their insights, sharing their experiences, and offering valuable advice to help guide the next generation of technology professionals. This podcast gives you practical leadership tips and the inspiration you need to grow and thrive in your own tech career.
Inspiring Tech Leaders
Cyberattacks hit M&S, Co-Op, and Harrods – What Tech Leaders need to learn from these incidents and how to prepare before a crisis hits
The recent wave of sophisticated cyber attacks targeting iconic UK brands like Marks & Spencer, Co-Op, and Harrods serves as a stark wake-up call for all technology professionals. Ransomware groups like DragonForce, operating via a concerning Ransomware-as-a-Service model, have exposed critical vulnerabilities, causing millions in damages and severe operational disruption.
These incidents are not just headlines, they are urgent case studies highlighting the real-world impact of evolving cyber threats. How prepared is your organisation? What are the crucial leadership lessons when facing such a crisis? Is cybersecurity truly integrated into your core business strategy, or is it still treated as a siloed IT issue?
In the latest episode of the Inspiring Tech Leaders podcast, I explore and analyse these attacks and consider the following:
💡 The tactics used by groups like DragonForce and their affiliates.
💡 The specific impacts on retail operations and market value.
💡 Why the retail sector is such an attractive target.
💡 Critical steps for leadership in incident containment and response.
💡 The strategic importance of robust cybersecurity readiness.
This is not just about retail, the lessons apply across all industries. Don't wait for a crisis to hit. Equip yourself with the insights needed to navigate the complex cybersecurity landscape.
Listen Again - End User Computing (EUC) and the strategies for managing it effectively. Discover why there is more to EUC than meets the eye, and learn how organisations can tame its complexities to unlock significant savings and enhance security. https://www.buzzsprout.com/1702192/episodes/14935280
I’m truly honoured that the Inspiring Tech Leaders podcast is now reaching listeners in over 70 countries and 1,000+ cities worldwide. Thank you for your continued support! If you’d enjoyed the podcast, please leave a review and subscribe to ensure you're notified about future episodes. For further information visit - https://priceroberts.com
Welcome to the Inspiring Tech Leaders podcast, with me Dave Roberts. Today we are talking about the recent cyber attacks on three major UK institutions, these being Marks & Spencer, Co-Op, and most recently, the iconic luxury department store Harrods. All have been hit by cyberattacks or attempted breaches. These incidents, unfolding in quick succession, expose significant vulnerabilities within the retail sector and raise critical questions for leaders across technology, security, operations, and strategy.
As this is another rapidly evolving situation, let’s start with the most established incidents.
Marks & Spencer has been grappling with more than a week of severe IT chaos. From contactless payments going offline intermittently to online sales being completely halted for extended periods, M&S is dealing with a sophisticated ransomware attack.
A group of cyber criminals, calling themselves DragonForce, has claimed responsibility for a string of devastating ransomware attacks on these major UK retailers. And if their warnings are to be believed, this is only the beginning.
The Cybercriminal group announced that it had infiltrated the systems of several high-profile retailers. Their message indicated that this is just the start. Not only have they stolen what they claim is millions of customers’ personal data, but they’re also threatening to release that data unless hefty ransoms are paid. DragonForce typically expects ransom payments in the millions, a practice that’s becoming worryingly too common.
So who exactly are DragonForce? This is not just a loose group of hackers, this is an organised cybercrime syndicate. They are operating as a ransomware-as-a-service outfit, which is a model where other cyber gangs can essentially subscribe to DragonForce’s hacking tools and infrastructure. DragonForce is now no longer acting alone, they have rebranded as a ransomware cartel. By distributing their software to affiliates under a shared platform, they are effectively franchising cybercrime. DragonForce handles the infrastructure, provides hacking tools, storage, 24/7 server monitoring, and even battle software that can crack core operating systems. In return, they take a 20% cut of any ransom earned by their affiliates. That means even hackers with little technical know-how can now launch full-scale ransomware attacks with the use of the DragonForce toolkit.
One of those affiliates is a group known as Scattered Spider, also referred to as UNC3944, is a hacking group mostly made up of teens and young adults believed to live in the United States and the United Kingdom. The group gained notoriety for the MGM Resorts takedown in Las Vegas in 2023. This group is often described as a loose collective that leverages rented ransomware tools to execute large-scale, high-impact attacks.
The attack on M&S has been described by insiders as a digital bomb, which has caused a highly disruptive event with the financial repercussions already running into the millions of pounds.
Online operations faced significant downtime, contactless payment systems were unreliable, causing widespread customer frustration, and reports indicated gaps on shelves due to disruptions in automated stock systems. M&S’s share price experienced a noticeable dip, reflecting the market's concern, wiping out almost 700 million in market value at its lowest point. While recovery efforts are underway, the full impact is still being assessed.
Around the same time the M&S crisis was deepening, Co-op, the well-known mutual operating over 2,000 stores, 800 funeral homes, and legal services, confirmed its own cybersecurity event. Last week, Co-op announced it had proactively shut down some of its back-office and communications systems in response to attempted unauthorised access.
The initial news from Co-op was that all its frontline services including the stores, funeral homes, and rapid delivery services, all continued to operate normally without interruption. However, behind the scenes, critical systems, including stock monitoring and remote virtual desktops used by staff, were temporarily disabled as a precautionary measure.
It was initially thought that Co-op had moved swiftly and decisively to shut down potentially vulnerable systems before major damage could occur. This included disabling virtual desktops and certain support services to prevent any potential intrusion from spreading.
This proactive decision had garnered praise from cybersecurity professionals. By prioritising containment, Co-op aimed to limit the potential blast radius.
However, in a report to the BBC, the hackers provided direct evidence of their intrusion into Co-op’s internal IT systems. They claim to have stolen private information from 20 million Co-op members, a number not yet confirmed by the company.
Initially, Co-op played down the situation, saying the breach had only a small impact and that there was no evidence customer data was compromised. But under pressure and as the hackers pushed their extortion attempts further, they have now admitted the data accessed was far more significant.
But just as the dust seemed to be settling, news broke that Harrods, the world-renowned luxury department store, became the latest target. Harrods confirmed it experienced attempts to gain unauthorised access to some of its systems, prompting immediate action.
The Knightsbridge flagship store, along with H Beauty outlets and airport shops, remained operational, and the Harrods website continued to function. However, the store acknowledged it had been forced to shut down some internal systems and had restricted internet access at its physical sites as a defensive measure. This restriction reportedly caused some temporary difficulties for customers attempting to make payments in-store.
In a statement, Harrods emphasised the proactive steps taken by its security team to keep systems safe. Harrods stated it was not asking customers to take any direct action, indicating a belief that customer data had not been compromised during the incident. They pledged to provide further updates as necessary.
The Harrods incident, coming so closely on the heels of the M&S and Co-op events, underscores a worrying trend. Cybersecurity experts are unequivocal that these attacks are not random acts. Retailers are increasingly finding themselves in the crosshairs of sophisticated cybercriminals seeking to steal valuable customer data or, perhaps more commonly now, extract hefty ransoms by crippling essential operations.
The retailers have confirmed they are actively working with the UK’s National Cyber Security Centre to investigate the attacks.
So, why is retail such an attractive target? The sector's operational complexity is its Achilles' heel.
Retailers rely on a vast, interconnected web of systems including point-of-sale terminals, intricate supply chain management, customer relationship management databases, online account portals, click-and-collect logistics systems, and multiple payment processing platforms. Disrupt just one critical node in this network, and you can cause significant chaos. Disrupt several simultaneously, as seen with M&S and you risk grinding the entire business to a halt.
Ransomware is particularly devastating in this environment. Once it infiltrates a network, it can spread rapidly, encrypting vital data across servers and workstations. The attackers then demand payment, usually in cryptocurrency. Even if the ransom is paid, there are absolutely no guarantees the data will be fully recoverable or that the attackers will not strike again.
Let’s reflect on the crucial aspect of leadership in these situations. How should organisations prepare for, and respond to, a cyber crisis of this magnitude?
The most important priority is containment, rather than immediate continuity. Shutting down affected or potentially vulnerable systems quickly, even if it causes some internal disruption, is essential to prevent the attack from spreading laterally across the network. This demonstrates a focus on long-term resilience over short-term operational convenience.
Communication and transparency are critical, but without inducing panic. All three retailers involved issued relatively calm and professional initial communications. Clear, factual communication is key to maintaining trust.
Incident response readiness is non-negotiable. If you are leading a technology, security, or operations team, the recent events should prompt urgent questions. First of all, do you have a comprehensive, up-to-date incident response plan? And has it been tested recently with realistic simulations? Does your organisation have monitoring in place to detect suspicious activity on your endpoints, network or privileged user accounts. And how quickly can systems be isolated if a compromise is detected?
These are not merely technical questions for the CISO or IT department, but they actually represent fundamental board-level strategic priorities. The cluster of attacks on M&S, Co-op, and Harrods must serve as a stark wake-up call for the entire retail sector, and indeed for businesses across all industries.
As cybercriminals become bolder, more sophisticated and increasingly leveraging AI for phishing campaigns and automating attack sequences, it is clear that it can impact every business, from the largest multinational chain to the smallest independent e-commerce store.
There will no doubt be broader implications too. We can expect to see Cyber insurance premiums rise as the frequency and severity of attacks increase. Regulatory scrutiny from bodies like the ICO is likely to intensify, particularly if customer data breaches are confirmed. As we have seen with M&S, investor confidence can be easily shaken, leading to pressure on share prices and market valuations. And ultimately, customer trust becomes even harder to maintain when payment systems fail, deliveries are delayed, or personal data is perceived to be at risk.
Companies that continue to treat cybersecurity as a purely technical IT issue, siloed from the core business strategy, are dangerously behind the curve. Cybersecurity is a fundamental strategic risk and managing it effectively is an essential leadership responsibility.
M&S, Co-op, and now Harrods have all recently confronted the harsh reality of modern cybercrime.
For leaders in technology, operations, security, and at the executive level, these stories are not just cautionary tales from the headlines, they are urgent action plans.
My advice is do not wait for a crisis to hit your organisation. Start reviewing, testing, and strengthening your defences and response plans now. The threat is real, it is evolving, and as the past few weeks have shown, it can impact even the biggest names on the high street.
Well, that’s all for today. If you enjoyed this episode, don’t forget to subscribe, leave a review, and share it with your network. You can find more insights, show notes, and resources at www.inspiringtechleaders.com
Thanks again for listening, and until next time, stay curious, stay connected, and keep pushing the boundaries of what's possible in tech.
