The cyberattack, which began earlier this month, prompted M&S to take immediate action to contain the damage. The company has “locked remote-working staff out of some of its IT systems to contain the fallout,” effectively shutting down certain channels through which employees connect to internal networks while working remotely.

According to sources, the chain “has closed some of its programs that employees use to log into the internal IT systems when working away from the office.” This decision, while disruptive to employees, reflects the seriousness of the threat and aims to prevent further infiltration of the retailer’s IT infrastructure.

VPN Shutdown: A Common Response to Cyber Threats

Cybersecurity experts say that cutting off access to the virtual private network (VPN) is “most likely to stop the attack from spreading throughout M&S’s IT infrastructure.” VPNs, while providing secure connections, can also become entry points for malicious actors if compromised.

This move echoes similar responses seen in other recent cyber incidents targeting major corporations. In January, hospital chain CommonSpirit Health experienced a ransomware attack that forced them to temporarily shut down certain IT systems, impacting patient care and scheduling. Similarly, last year, shipping giant Maersk suffered a NotPetya attack that crippled its operations for weeks, costing the company an estimated $300 million.

Impact on Employees and Operations

While the company is working to mitigate the disruption, the impact on employees and customers is undeniable. “Sources close to the company said staff could still work from home, but that access to its internal systems had been scaled back while it dealt with the attack.” This suggests that employees may face limitations in accessing necessary data and applications,potentially hindering their productivity.

The suspension of online orders represents a significant blow to M&S’s revenue stream. “M&S, which has 65,000 staff, has suspended taking online orders and many of its shoppers were unable to use” the online platform. This disruption impacts not only the company’s bottom line,but also the convenience and accessibility for its customers,especially those who rely on online shopping.

The broader Threat Landscape: U.S.Businesses on High Alert

The M&S cyberattack serves as a stark reminder of the escalating cyber threat landscape facing businesses worldwide, including those in the United States. According to the FBI’s Internet Crime Complaint Center (IC3),ransomware attacks in the U.S.increased by 62% in 2024 compared to the previous year, with businesses of all sizes being targeted.

The retail sector is notably vulnerable, given the large volumes of customer data they handle, including personal information and financial details. A recent report by Verizon found that 89% of breaches had a financial or espionage motive. Protecting this data requires robust cybersecurity measures, including regular security audits, employee training, and incident response planning.

Counterargument: Balancing Security and Accessibility

While restricting remote access is a common security measure, some argue that it can substantially hinder business operations and employee productivity. The counterargument suggests that companies should invest in more complex security solutions that allow for secure remote access without completely shutting down essential systems. This approach involves implementing multi-factor authentication, endpoint detection and response (EDR) tools, and zero-trust network access (ZTNA) architectures.

Though, in the immediate aftermath of a cyberattack, the priority is containment. “Sometimes, you have to make tough choices to prioritize security over convenience,” says cybersecurity consultant Sarah Jenkins. “the goal is to minimize the long-term damage and protect critical data.”

FAQ: Cyberattacks and Business Continuity

What should a business do immediately after discovering a cyberattack?

Isolate affected systems, activate your incident response plan, notify your cybersecurity team, and report the incident to relevant authorities. Also, preserve any evidence for forensic analysis.

How can businesses protect themselves from cyberattacks?

Implement strong passwords and multi-factor authentication, regularly update software, train employees on cybersecurity best practices, conduct regular security audits, and invest in cybersecurity solutions like firewalls and intrusion detection systems.

What is a VPN and why would a company disable it during a cyberattack?

A VPN (Virtual Private Network) creates a secure connection over a public network.A company might disable it during a cyberattack to prevent the attack from spreading through the VPN connection to other parts of the network.

What are the potential consequences of a cyberattack on a business?

Financial losses, reputational damage, legal liabilities, disruption of operations, loss of customer trust, and theft of sensitive data.

How long does it typically take for a business to recover from a cyberattack?

Recovery time varies depending on the severity of the attack,the size of the organization,and the effectiveness of the incident response plan. It can range from a few days to several weeks or even months.