TelcoNews UK - Telecommunications news for ICT decision-makers
Story image

Cyber attack on M&S exposes UK food supply chain risks

Yesterday

The recent cyber attack on Marks and Spencer (M&S) has cast a spotlight on the growing threat of cybercrime in the UK's food supply sector, sparking urgent debates among experts about the readiness of critical infrastructure to withstand sophisticated online assaults.

Dr Harjinder Singh Lallie, Associate Professor at Warwick Manufacturing Group, The University of Warwick, contextualised the attack's broader implications: "The recent cyber attack on Marks & Spencer highlights the critical vulnerability of the UK's food supply chain — an essential pillar of our national infrastructure. The food sector is under relentless cyber assault, and attacks like these can seriously disrupt access to basic necessities."

The attack, reportedly executed by the notorious group Scattered Spider, drew intense scrutiny for its methodical approach. Dr Lallie stressed the ongoing nature of these risks and the essential need for a holistic response: "The industry must urgently strengthen resilience, not just in preventing breaches, but also in developing robust response mechanisms. This includes real-time detection, rapid containment, and parallel operational systems to minimise disruption for customers. Cyber security must now be seen as central to national food security and public confidence."

Security analysts are examining the tactics used in the breach, with particular attention to the possibility of third-party involvement. David Mound, Senior Penetration Tester at SecurityScorecard, explained, "Scattered Spider is a highly sophisticated and persistent cybercriminal group, best known for using social engineering to directly target employees and help desks. They typically impersonate staff, trick IT support into resetting credentials, and bypass security controls like multi-factor authentication, often through tactics like MFA fatigue or SIM swapping. They focus on gaining legitimate access, often through cloud identity platforms like Okta or Microsoft Entra, and then move laterally using common admin tools to stay under the radar."

Mound highlighted the evolving nature of such threats, noting, "While they're not primarily known for supply chain compromises, they have shown they'll exploit third-party access when it serves their goals (as seen in the Caesars Entertainment breach). In the case of M&S, there's some speculation that a third party may have been involved, but that hasn't been confirmed. What's clear is that this was a carefully planned attack, with data reportedly exfiltrated weeks before systems were encrypted."

Following the attack, M&S has faced mounting questions over the robustness of its cyber security measures, especially given the sector's foundational role in the daily lives of millions. Industry observers warn that a compromise of such scale not only threatens commercial operations but also public trust in the reliability of food supply chains.

Mound distilled the lessons for other organisations in the aftermath: "For organisations, the lesson is clear: focus on identity security and third-party risk. That means deploying phishing-resistant MFA, restricting administrative access, and training staff, especially helpdesks, to verify who they're dealing with. Third-party suppliers should be continuously assessed for risk, and access tightly controlled. A breach of one vendor shouldn't give an attacker the keys to your entire environment. This is about building resilience, not just technology, but people and process as well."

Regulatory authorities and industry leaders are expected to scrutinise the incident closely, with calls growing for updated guidance and mandatory standards to safeguard national infrastructure. Recent events have exposed the profound interconnectedness of modern supply chains and their potential to become a single point of failure in the face of advanced cyber adversaries.

As the investigation into the M&S hack unfolds, the attack serves as a clarion call for vigilance, collaboration, and systemic change across the food industry and beyond. Both public and private sectors are being urged to adopt a posture of continuous improvement, ensuring that lessons learned translate rapidly into action before the next high-profile breach occurs.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X