Cyber security is the biggest risk any business organisation faces is a reality, the sooner we understand and work accordingly is safer and saner for the business. Indication of the areas in which it is moving is put in the public domain based on trends and immense research which goes behind it. It is mainly done by cyber security companies. Most of it remains in the report itself or at best is discussed in trendy conferences or talked about in the professional media. How much of it is really appreciated by the industry, assimilated and acted upon effectively so as to deliver the desired results is difficult to answer.
More often than not, even if it is attended to, it is not done with precision and impact. CrowdStrike’s 2025 Global Threat Report highlights the escalating risks within the third party ecosystem, and why and how adversaries find this to be an easier route, given the large threat surface. The context is clear. A headline connected to M&S cyber attack reads, “TCS probes role in cyber attack on UK retailer M&S after 300 million pound hit.” In a likely third party ecosystem scenario TCS is investigating if it was the entry point in a cyberattack on UK retailer M&S.
The breach occurred over the busy Easter weekend, led to theft of customer data and caused major disruptions in its operations. The company was forced to shut down its online clothing business for over three weeks. It wiped out 750 million pounds off its market value. Online services can remain impacted till July. A UK police investigation is on. M&S Chief Executive has blamed it on human error. He claims that there was no issue with the retailer’s internal systems or cyber defences. He said, “Staff at a third party-party contractor was tricked.” But he did not confirm whether ransom was paid or if TCS was indeed the entry point used by the hackers.
TCS gained entry into M&S for doing tech jobs in 2010 and by 2023 it was taking care of the entire tech stack of the company. A M&S told Reuters that TCS was a “means of access.” during the cyber attack with at least two TCS employees M&S login credentials being used as a part of the breach. M&S is not the only case. We have Co-op and Harrods also as victims. Despite the link TCS claims that the Co-op hack has no possible connection as the services it provides to the supermarket chain is not related to its technology infrastructure. The M & S attack has brought the risks associated with the third-party IT outsourcing to the fore.
WHATEVER SAID AND DONE, THE THREAT SURFACE HAS BEEN EXPONENTIALLY INCREASING.
Sanjay Sahay
Have a nice evening.