If It Can Happen to Marks & Spencer…
When a household name like Marks & Spencer is victim to a cyberattack, it forces us to confront an uncomfortable truth: no business is immune.
Three of the UK’s most recognisable retailers, M&S, Co-Op, and Harrods, have the kind of resources most organisations can only dream of. Recently, hackers targeted them. Both M&S and Co-Op were taken offline. Cybercrime group Dragonforce, aka Scattered Spider and Octo Tempest, told the BBC they were responsible and suggested that more attacks would follow.
Online orders were suspended. In-store systems faltered. Losses are estimated to be in the millions.
But perhaps the most startling part? The way the hackers got in.
A Modern-Day Con Job
This wasn’t some high-tech Hollywood-style breach. It was social engineering—a fancy term for tricking people.
The attackers pretended to be staff members and called the IT help desk. Using personal information most likely scraped from social media, they convinced support teams to reset passwords and MFA (multi-factor authentication) and hand over access. Once the hackers had access, they used encryption software to encrypt virtual machines.
Even with the best-funded IT systems, breaches can happen when staff aren’t trained or procedures aren’t followed.
No malware, no brute force. Just good old-fashioned manipulation.
If that doesn’t make your stomach turn, it should.
“But It Won’t Happen to Us…”
We still hear this too often.
There’s a lingering belief—particularly among smaller firms—that attacks like this only target large corporations. But attackers see smaller organisations as easier targets. They know many don’t have incident response plans, formal staff training, or dedicated cyber support.
If Marks & Spencer can be brought to its knees by a phone call… what’s protecting your firm?
The Stakes Are Higher for Regulated Industries
Financial services, legal practices, and other regulated sectors are prime targets—not because they’re big, but because the data they hold is valuable. Client records, financial details, legal contracts—these are all gold mines for attackers.
A breach doesn’t just hurt your operations. It impacts your reputation, your regulatory compliance, and ultimately your clients’ trust.
“Criminal activity online – including, but not limited to, ransomware and data extortion – is rampant. Attacks like this are becoming more and more common. And all organisations, of all sizes, need to be prepared”.
National Cyber Security Centre
This Is Why We Exist
FoxTech exists to stop exactly this kind of incident—before it ever happens.
We help firms in regulated industries build cyber resilience from the ground up. That means robust defences, yes—but also practical, human-focused strategies that stop social engineering at the door. We guide your team, audit your risks, and give your board the reassurance it needs.
Cybersecurity isn’t about luck. It’s about readiness.
Let’s Secure Your Business—Before It’s Too Late
Whether you’re a wealth manager juggling FCA obligations or a law firm safeguarding client confidentiality, the time to act is before your name makes the headlines.
👉 Book a free CyberRisk Review with FoxTech
👉 Learn more about FoxTech DEFEND
