M&S Cyber Attack Disruption Likely to Last Until July
Marks and Spencer (M&S) leadership has confirmed that the cyber attack on the retailer is likely to last until at least July, with CEO Stuart Machin stating that it may take another month for the business to fully recover from the ransomware attack.
The incident, which began through the systems of a third-party supplier of IT services, saw tech support staff's credentials stolen via social engineering. According to Machin, this suggests that the Scattered Spider hacking collective is indeed behind the attack, a gang that has previously used similar techniques against other targets.
A Complex Operation
M&S has heavily invested in cyber tooling over the past 24 months, which may have helped it spot and respond to the attack quicker. However, the company did not pay off its attackers, citing advice from incident responders.
Jason Gerrard, senior director of systems engineering at Commvault, warned that M&S' experience was a useful reminder to others that the ability to recover fast must be built into cyber resilience plans. "Behind the scenes, teams are scrambling to rebuild systems, trace breach origins, and restore customer data with forensic precision – all while execs are juggling regulators, insurers, auditors and shareholders," Gerrard said.
The longer it takes to return to 'normal', the more that 'normal' drifts further away, both in business operations and public perception. While recovery takes 24 days on average, some organisations don’t achieve business-as-usual for over 200 days. "This headline-grabbing downtime should be a warning to others that preparation for such a scenario is vital," Gerrard added.
A New Digital Transformation Plan
M&S has now moved into full recovery mode and is trying to get back on its feet. CEO Machin said: "Customers should be able to shop in our stores as normal. Our food business is delivering stock to stores in the normal way and all customers should find much better availability and should find what they need."
However, online orders are still paused for fashion, home and beauty, with plans to reopen online in the coming weeks. The company has also used the cyber attack as an opportunity to condense a two-year digital transformation plan into just six months.
A Challenging Time
"This has been a challenging time," said Machin. "[but] our business is in good shape with strong performance, strong foundations, and a solid financial footing. This has bolstered our resilience meaning we can recover at pace and regain momentum."
CEO Machin also acknowledged the emotional toll of the incident on staff and suppliers, thanking them for their hard work and support. He added that he was grateful to his peers in the business world, who had offered him guidance and encouragement during this difficult time.
A Cautionary Tale
"So many chief executives have called me over the past few weeks who have all gone through similar events," said Machin. "They told me firstly this will be one of the most challenging situations you face as a CEO. Secondly they told me we need to watch out for burn-out ... in the first few weeks. And thirdly they said to me it will take longer [to recover] than you would like and you would hope for, and it could be a distraction in the short-term."
"We’re only four and a half weeks into this incident," added Machin. "It feels like four and a half months if I’m honest."