The recent Harrods, Co-Op and M&S cyber attack have sent shockwaves through the UK retail sector, raising urgent questions about how prepared major brands truly are for today’s threat landscape. If attackers can successfully penetrate the networks of such high profile, presumably expensively defended networks, what can we do to avoid being next?
We asked Ewan Ferguson, CEO and Chris Templeton, CTO, where they think the root cause of these breaches lay, and what if anything we can learn from them.
Ewan: “While it’s tempting to view each breach in isolation, the reality is that these events reveal a systemic issue; many retailers are relying on static cyber defences that simply aren’t built to withstand modern, adaptive threats.”
At FullProxy we work with large organisations across the UK to build resilience, not just protection. And what our experts suggest the M&S cyber attack highlights is a widespread overconfidence in outdated security models.
The M&S breach, believed to involve the ransomware group Scattered Spider, resulted in significant operational disruption and forced the retailer to temporarily suspend online services. Time will tell what impact the highly publicised breach will also inflict on such a well trusted brand. This wasn’t just a technical failure, it was a business crisis.
But how did these retail breaches really happen?
As Ewan’s identified, one likely answer lies in the limitations of static defence. These are systems that are configured once and rarely revisited. They may include traditional firewalls, perimeter protections, and access policies that assume the network is a known, controlled space.
But attackers today don’t play by those rules.
“Security isn’t something you do once and walk away from,” says Ewan. “Even if updates are applied regularly, there’s a delay between patch release and patch application. For retailers like M&S, that delay creates a window of vulnerability, and attackers know how to exploit it.”
Retailers often operate on complex, ageing infrastructures. Legacy systems that can’t be updated quickly – or even at all – are still common. And while IT teams know the importance of patching, applying updates during business hours can be too disruptive, especially during trading peaks.
“Understandably, retailers try to minimise downtime,” Ewan explains. “But the very act of delaying updates, even by a few days, increases risk.”
Even worse, once attackers gain a foothold – whether through a phishing email, stolen credentials, or a zero-day exploit – they can move laterally within a network. That’s where lack of network segmentation and poor identity and access management become critical liabilities.
“Ransomware isn’t only about encryption, it’s about escalation,” says CTO Chris Templeton. “The speed and spread of the M&S cyber attack suggest the possibility of a zero-day exploit or an overlooked privilege path. It’s a sign that reactive security is no longer enough.”
The key takeaway from the M&S cyber attack is that it isn’t just about M&S. It’s about an entire industry still catching up to adversaries who move faster, adapt quicker, and know where to strike.
Static security models, the set and forget approach, has never worked; resilience must be engineered, not assumed. Cyber security should be front of mind for every online retailer, with proactive ongoing management embedded strategically as a business continuity imperative.
The M&S, Harrods and Co-op cyber attacks are far from isolated. Retailers are increasingly being targeted because of their data-rich environments, complex supply chains, and customer-facing systems; all of which present broad attack surfaces and potentially lucrative rewards.
What’s needed now is a mindset shift.
Retailers must move from static defence to dynamic resilience. That includes:
These aren’t just “nice to haves”—they’re the new baseline for cyber maturity in retail.
At FullProxy we help businesses across the UK move beyond legacy defences and adopt security strategies that evolve with the threat landscape. If your systems haven’t been re-evaluated recently (or if you’re still relying on traditional perimeters) it’s time for a rethink.
How to move towards a Zero Trust Mindset: https://www.fullproxy.com/zero-trust/what-i-learned-about-zero-trust-adoption/
How to safeguard surges in Retail website traffic: https://www.fullproxy.com/company/black-friday-and-cyber-monday-tips-to-brace-the-surge/
Why digital certificate management is the cornerstone of modern cyber security: https://www.fullproxy.com/certificate-management/whats-digital-certificate-management-and-why-does-it-matter/
We’ve got decades of experience installing. configuring and optimising advanced security solutions for private & public sector organisations with complex security & compliance needs.
Scotland’s expert cyber security consultants, with the proven, premium expertise you need. F5, Fortinet & AppViewX specialists.
Get in touch to learn more about how we can help secure your environment and get quicker ROI from your investment.
