Lessons for M&S from different cyber assaults | EUROtoday

As Marks & Spencer – and its clients – proceed to reel from a significant cyber assault, different individuals who have gone via related experiences have been sharing what it’s prefer to be focused by hackers.

“It was an absolute nightmare,” says Sir Dan Moynihan. He runs the Harris Federation, a bunch of 55 faculties within the London and Essex space.

Sir Dan advised the BBC how they had been hacked 4 years in the past by the Russian ransomware crime group REvil.

“Their purpose was to blackmail us into paying $4m (£3m) in cryptocurrency within 10 days,” he stated.

“If we didn’t pay in 10 days, they wanted $8m.”

The hack triggered chaos. The funds of the college group had been hit, with workers and payments left unpaid.

Sir Dan stated the group misplaced educating supplies, lesson plans and registration techniques.

More importantly, in addition they misplaced medical data and even the hearth and cellphone techniques had been affected.

M&S has additionally been focused with ransomware – malicious software program which locks an proprietor out of their laptop or community and scrambles their knowledge.

The criminals then demand a price to unlock it. Sir Dan says it was a requirement he resisted.

Instead, the college group approached a agency of cyber specialists who employed a hostage negotiator. That particular person then took on the function of an inexperienced college bursar – an administrator – who pretended to not know what was occurring.

They took up negotiations with the hackers, with the aim of delaying them for so long as potential so the college group might rebuild its techniques.

Speaking to BBC Radio 4’s Today programme, he stated: “The Russians had stolen data from us – they didn’t tell us what – and they threatened to put this stuff up on the dark web and cause us great embarrassment, and secondly they would lock down our systems.”

Sir Dan, who’s the senior govt principal and chief govt of the Harris Federation, stated it took the group three months to get the whole lot working once more, at the price of £750,000. Among the work was 30,000 gadgets that wanted to be “cleaned” following the hack.

Was there ever a query of giving the criminals what they needed? Never, stated the college group boss.

“The money we have is for disadvantaged young people, and secondly had we paid we would have opened the door for other school groups to be attacked.”

The expertise of being hacked could be a troublesome one for people caught within the disruption.

Wedding costume designer Catherine Deane stated it was “devastating” when her firm’s Instagram account was hacked.

“It felt like the rug had been pulled from under us. Instagram is our primary social platform, and we’ve invested the most amount of time and business resources into it.

“To hold the account present we publish content material each day. Suddenly all this work… it was simply pulled.”

She told the BBC last month of the difficulty of fixing the problem with Meta, the owner of Instagram, describing that experience as “virtually traumatising”.

In June last year, staff at hospitals in London told of how they were left grappling with the aftermath of a cyber attack that led to many hours of extra work for their staff.

A critical incident was declared after the ransomware attack targeted the services provided by pathology firm Synnovis.

Services including blood transfusions were severely disrupted at Guy’s and St Thomas’ Hospital and King’s College Hospital (KCH).

Dr Anneliese Rigby, a consultant anaesthetist at KCH, told the BBC at the time: “So what the labs are having to do is obtain the blood pattern, manually course of that, which is an extended, time-consuming course of requiring plenty of workers which we do not have so we’re having to get further individuals to assist with that.”

M&S has only issued limited information in its official statements, and has not put anyone up for interview.

However, people claiming to work for the retailer have given a sense of the chaos on social media.

On Reddit, users who identified themselves as M&S workers, something the BBC has not verified, described the impact of the cyber attack.

One wrote that most internal systems had been affected and that there had been experiments with “resuming operations manually with paper and pen”.

Another poster said head office staff were working weekends, and that the problems were “like going again in time”.

While some reported shortfalls in goods coming in, others described oversupply of some items, which meant food went to waste.

What is clear is other companies are watching what’s happening closely, even more so since another retailer, the Co-op, shut down some of its IT systems this week in response to a separate cyber attack.

“We’re patching like mad,” is what one retailer told the BBC.

In other words, they are making sure every part of system has the most up-to-date software and protections.

Sir Charlie Mayfield, the former chairman of John Lewis, said other firms understood only too well how vulnerable they were.

“Online purchasing has utterly reworked retail – as know-how turns into extra pervasive, the chance of this sort of assault rises with it,” he told the BBC.

According to the cyber security breaches survey, conducted by the UK government, 74% of large businesses said they were targeted with cyber attacks last year.

It seems likely there will still be many difficult days ahead for M&S.

Additional reporting by Zoe Kleinman, Chris Vallance, Joe Tidy and Tom Gerken