Marks and Spencer (MKS) have suffered a cyber attack that put some of its IT systems out of commission and exposed their customers to loss of personal information. Its on-line clothing business was shut down for several weeks causing very substantial financial losses.
According to an FT report this was caused by criminals breaching its systems using “social engineering tactics via a third-party supplier”. I presume they mean that identity impersonation was used to obtain access to M&S IT systems.
Apart from the fact that the heavy use of outside contractors will always make a company vulnerable, weak identity verification is always going to be a problem. Sensitive systems should be protected against identity theft by using better than simple password security. Companies such as Intercede (IGP) provide highly secure software products to secure identities – I hold shares in them.
A company as large as M&S should know better. When your company relies on functioning IT systems to process orders, you really do need to take steps to forestall such cyber attacks.
FT article: https://www.ft.com/content/19dcd993-877e-43c5-aab4-c727e574e3f2
Roger Lawson (Twitter: https://x.com/RogerWLawson )
You can obtain notifications of new posts in future by following me on Twitter (now “X”) – see https://x.com/RogerWLawson where new blog posts are usually mentioned.