Evening Standard: Why Is It Taking M&S So Long to Recover from a Cyber Attack?

The Evening Standard included comment from Sam Kirkman, Director of Services for EMEA at NetSPI, exploring a breakdown of Marks & Spencer’s ongoing struggle to recover from the recent cyber-attack, which continues to impact both online and in-store services. Read the preview below or view it online.

+++

The damage runs deep.

Regarding “Why is it taking M&S so long to recover from a cyber-attack?” (Evening Standard, Apr. 30): With online orders suspended and impacting in-store stock levels, the situation at Marks & Spencer underscores the lasting effects of a well-executed ransomware attack. Recovery remains elusive more than a week after the incident began, highlighting just how entangled modern digital infrastructure has become.

Though the company has not confirmed specifics, reports suggest a ransomware campaign linked to the group Scattered Spider may be responsible. These attacks don’t just turn off a few systems, they target the foundational infrastructure, creating circular dependencies that require delicate, sequential recovery efforts.

Sam describe the scenario where hackers struck the “roots” rather than the “branches” of M&S’s IT ecosystem. Each move to rebuild systems must be deliberate, tested, and isolated; otherwise, there’s a risk of reinfection. This painstaking process may appear slow from the outside but is the only safe path to restoration. In the meantime, the pressure on internal teams is mounting, and the risk of reputational damage grows daily.

You can read the full article here.