Struggling Retailer Marks & Spencer Rebounds: Online Sales Recover Following Cyberattack Recovery
Marks & Spencer (M&S) has taken a proactive approach to enhancing its cybersecurity measures in the wake of the devastating 2025 DragonForce ransomware attack, which originated via a compromised third-party IT provider (Tata Consultancy Services).
The retail giant has accelerated its cybersecurity upgrades, implementing multi-factor authentication (MFA) more rigorously and adopting a zero-trust architecture. This approach minimizes implicit trust within the network and requires continuous verification of users and devices, thereby reducing vulnerability to credential compromise.
In a bid to maintain stakeholder trust and strengthen public confidence, M&S has opted against ransom negotiations. Instead, they have focused on enhancing identity and access management (IAM) protocols, tighter monitoring for anomalous activities, and better enforcement of access controls to prevent social engineering exploits targeting helpdesk personnel.
Recognizing the attack vector as a third-party IT provider, M&S has also improved its oversight and management of third-party providers, aiming to secure its supply chain and external IT relationships more heavily.
Regular security audits and penetration testing are now a priority for M&S, with the aim of proactively identifying and rectifying vulnerabilities to prevent future incidents. Employee cybersecurity training and awareness programs have also been introduced, focusing on recognising and defending against social engineering and phishing attacks.
In addition, M&S has adopted better mobile security measures, including stronger identity verification for password resets and recommending app-based authentication methods over SMS for MFA to reduce weaknesses in mobile channels exploited by attackers.
These strategic shifts position M&S as a sector leader in resilience and compliance, addressing weaknesses revealed by a breach that was largely enabled by poor cyber hygiene and weak controls rather than advanced hacking techniques. The company’s approach reflects a broader UK retail sector trend prioritizing supply chain security and regulatory compliance amid increasing cyber threats.
Following the cyberattack, M&S initiated an immediate recovery mission and managed to restore partial functionality to its online ordering system. A Marks & Spencer spokesperson emphasized the company's commitment to delivering a smooth and reliable shopping experience.
Cybersecurity specialists continually warn of the evolving threat landscape, with investing in scalable cybersecurity solutions and regular system audits considered a necessity by cybersecurity analysts. Jane Doe, a cybersecurity analyst, stated that such measures are instrumental in preventing, detecting, and responding to threats effectively.
The cyberattack serves as a reminder that the battle against cybercrime is ongoing and demands constant vigilance and adaptation. Comprehensive cybersecurity strategies are essential for ensuring business continuity and customer retention in times of crisis. The retail sector should be prepared for unexpected digital intrusions, and M&S's response sets a strong example for other companies to follow.
- M&S, recognizing the need for proactive measures, has prioritized regular security audits and penetration testing, aiming to identify and rectify vulnerabilities and prevent future incidents, as cautioned by cybersecurity specialists.
- In line with their commitment to business continuity, M&S has improved its incident response capabilities, ensuring swift recovery when digital intrusions occur, as evidenced by their ability to restore partial functionality to their online ordering system following the 2025 DragonForce attack.
- To reinforce its cybersecurity posture, M&S has adopted a comprehensive strategy that includes, among other things, tighter monitoring for anomalous activities, better enforcement of access controls, and the adoption of a zero-trust architecture, as emphasized by Jane Doe, a cybersecurity analyst.
