The Independent: Why Marks & Spencer Is Still Affected by Cyber Attack and When It Might Recover

The Independent included extensive comment from Sam Kirkman, Director of Services for EMEA at NetSPI, exploring the ongoing fallout from the cyber-attack on Marks & Spencer, which continues to disrupt operations, affect customers and prompt a high-level response from law enforcement and cybersecurity experts. Read the preview below or view it online.

+++

The recovery is complex and slow.

Regarding “Why Marks and Spencer is still affected by cyber-attack and when will retailer recover” (The Independent, Apr. 30): The continuing disruption to M&S’s systems over a week after the cyber incident began highlights the formidable challenge of recovering from a major ransomware attack. With online orders suspended, shelves empty in some stores, and systems still offline, M&S is now facing scrutiny from customers and national law enforcement and cybercrime specialists.

According to reports, ransomware is the likely culprit, an attack style designed to be as destructive and paralysing as possible. Hackers have created cascading effects across operations by targeting the very roots of M&S’s IT infrastructure. Recovery demands not just system reboots, but total rebuilds, which cannot be rushed without risking further compromise.

Sam says the complexity of such an attack means apparent delays in progress are often deceptive. What’s happening behind the scenes is painstaking forensic work, system-by-system restoration, and constant testing to prevent reinfection. With circular dependencies in modern IT, restoring one function often depends on many others.

You can read the full article here.