• 27 April 2026, 17:53 PM

Email Support

support@dsmgroup.co.uk

Call Us

03333 22 11 00

Head Office

The Old Hangar, Peterborough PE8 6NE

Category Archives: Cyber Security

  HomeDSM Group   : :   Cyber Security
How to Improve Employee Productivity 31 1024x576 1
Posted on By Author DSM Group Categories Cyber Security, IT Support

Cyber Security Laws Are Changing: What It Means for Your Business

Cyber security is no longer just a technical consideration. It is now a core part of business risk, governance, and compliance. As regulations continue to evolve across the UK and internationally, organisations are expected to take a more structured, accountable, and evidence driven approach to protecting their systems and data.

For many businesses, this is not about starting from scratch. It is about strengthening what is already in place and ensuring it stands up to increasing scrutiny.

A Shift in Expectations

Recent changes in cyber security regulation are shaping how organisations are expected to operate.

There is now greater emphasis on accountability, with leadership teams expected to understand and take ownership of cyber risk. At the same time, expectations around incident detection and response have tightened, with faster reporting requirements becoming standard.

Perhaps the most significant shift is the move towards evidence. It is no longer enough to say that security measures are in place. Businesses must be able to demonstrate what is being monitored, what risks have been identified, and how those risks are being managed.

There is also increasing focus on supply chains. Organisations are expected to understand the security posture of their partners and suppliers, not just their own internal systems.

What This Means in Practice

The practical impact for businesses is a move away from periodic reviews towards continuous oversight.

Organisations need to be able to:

  • Maintain ongoing visibility of vulnerabilities across their environment
  • Prioritise and address risks in a structured way
  • Keep clear records of actions taken
  • Provide evidence quickly and confidently during audits

Many traditional IT support models were not designed with these requirements in mind. As a result, some businesses may find gaps between what they currently have in place and what is now expected.

The Role of Your IT Partner

As requirements evolve, so too must the role of your IT provider.

A modern IT partner should help you stay ahead of risk and maintain compliance, not simply respond to issues as they arise.

Key capabilities to look for include:

  • Continuous visibility of your security position
  • Clear prioritisation and management of vulnerabilities
  • Reporting that supports audits and regulatory requirements
  • Proactive guidance on improving your security posture
  • Alignment with recognised standards such as ISO 27001 and Cyber Essentials

This approach helps ensure that security is not just in place, but also measurable and demonstrable.

Supporting a Structured Approach to Security

At DSM Group, we support businesses in taking a more structured and consistent approach to cyber security.

Our Vulnerability Management as a Service provides continuous scanning and clear insight into potential risks, alongside prioritised guidance on remediation.

Our Security as a Service offering builds on this by delivering ongoing monitoring, threat detection, and support in maintaining a strong overall security posture.

These services are designed to provide clarity and confidence, helping businesses understand their risks and demonstrate how they are being managed.

Preparing for What Comes Next

Regulation will continue to evolve, and expectations around cyber security will only increase.

Organisations that take a proactive approach now will be better positioned to meet future requirements. By putting the right processes, visibility, and support in place, compliance becomes a natural outcome of good practice rather than a reactive exercise.

Final Thoughts

Cyber security today is about more than protection. It is about assurance.

Being able to clearly demonstrate that risks are understood, monitored, and managed is becoming a fundamental requirement for doing business.

With the right approach and the right support, this does not need to be complex. It simply needs to be consistent, visible, and well managed.

Like to know more?

    Please prove you are human by selecting the house.

    mands-hack
    Posted on By Author DSM Group Categories Cyber Security, blog, Security

    A Deep Dive into the M&S Hack: Root Cause, Impacts, and the Path Forward

    In an era where data is as valuable as currency, cyberattacks have grown not only in frequency but in sophistication. The recent breach involving Marks & Spencer (M&S), one of the UK’s most established retail giants, underscores the vulnerabilities that even long-standing and digitally mature organisations can face. At DSM, we take these incidents seriously — not just as cautionary tales, but as learning opportunities to better secure our clients’ infrastructure.

    In this post, we explore the root cause of the M&S hack, its impacts, and the potential remediations and industry best practices that organisations of all sizes should consider.

    What Happened?

    In June 2025, M&S confirmed that customer data had been exposed via a third-party supplier breach. The attack did not directly target M&S’s core systems, but rather leveraged vulnerabilities in MoveIt, a file transfer software widely used by many enterprises — echoing the Clop ransomware gang’s global campaign from 2023 which exploited a zero-day vulnerability in the same software.

    This breach exposed sensitive employee and customer data, including contact details, payroll records, and in some cases, national insurance numbers. Although payment data was reportedly not affected, the breach was serious enough to warrant a coordinated incident response, internal investigations, and involvement from the Information Commissioner’s Office (ICO).

    Root Cause Analysis

    1. Third-Party Vulnerability

    The breach highlights the ever-growing risk associated with supply chain and third-party software. M&S was not directly attacked; instead, its data was compromised via its association with a vulnerable vendor. The MoveIt vulnerability allowed attackers to bypass authentication and gain access to sensitive files through unauthorised transfers.

    2. Inadequate Segmentation and Vendor Management

    While M&S likely had robust cybersecurity protocols in place for its internal systems, the lack of segmentation between internal and vendor systems may have enabled lateral movement of data. Additionally, vendor due diligence and continuous monitoring appear to have been insufficient — a common shortfall even among large organisations.

    3. Delayed Patch Implementation

    Despite alerts being issued about the vulnerability, many organisations — including M&S’s third-party supplier — failed to apply security patches promptly. In high-risk environments, time-to-patch is often the difference between containment and compromise.

    Impacts of the Breach

    1. Customer and Employee Trust

    Perhaps the most intangible yet damaging outcome is the erosion of trust. Customers and employees entrust organisations like M&S with their personal data, and breaches — even when caused by third parties — reflect poorly on data stewardship practices.

    2. Financial and Legal Repercussions

    While M&S has not disclosed the exact cost, historical data suggests large-scale breaches can cost millions in legal fees, compensation, fines (especially under UK GDPR), and increased insurance premiums. The ICO could issue a significant penalty if M&S is found to have failed in its data protection obligations.

    3. Operational Disruption

    Though retail operations continued, IT and legal teams were forced into crisis mode. These disruptions pull resources away from strategic initiatives and can harm internal morale.

    4. Reputational Damage

    The press coverage of the breach was widespread. In a time when ESG and digital trust matter to investors and consumers alike, reputational damage can have long-term commercial effects.

    Lessons Learned and Resolutions

    1. Zero Trust Architecture (ZTA)

    Organisations must adopt a Zero Trust approach — assuming that every device, user, or system could be compromised. This philosophy promotes the idea of least privilege, continuous validation, and strict access controls.

    2. Third-Party Risk Management

    Vendor relationships must go beyond contractual SLAs. This includes:

    • Continuous security assessments
    • Penetration testing
    • Real-time monitoring of vendor risk profiles
    • Contractual obligations for prompt patching and breach reporting

    At DSM, we vet every supplier and partner using a rigorous compliance and risk methodology, including ISO27001-certified processes.

    3. Proactive Threat Detection

    Implementing real-time threat intelligence, SIEM tools, and behaviour-based monitoring is essential. M&S and its vendors might have benefited from anomaly detection systems that flag unusual file transfers or system activity.

    4. Segmentation and Data Minimisation

    Limiting how much data vendors can access, and segregating networks, could have reduced the breach scope. The principle of data minimisation — collecting and retaining only what’s strictly necessary — would have also limited exposure.

    5. Regular Patch Management Protocols

    Having a formalised, time-bound patch management policy — with escalation procedures — is vital. DSM supports customers with automated patching solutions, compliance audits, and vulnerability scanning as part of our managed services offering.

    Looking Ahead

    This breach serves as a stark reminder: cybersecurity is only as strong as the weakest link. Whether you’re a large retailer, a public sector body, or an SME, third-party risk must now be considered a top-tier cyber threat.

    At DSM, our commitment to secure, resilient infrastructure means going beyond traditional boundaries of IT support. We design environments that assume breach, isolate risk, and ensure business continuity through our workplace recovery, DRaaS, and colocation services.

    Final Thoughts

    Cyber resilience isn’t about preventing all breaches — that’s virtually impossible. It’s about detection, response, and minimising the blast radius. If the M&S breach teaches us anything, it’s that resilience is a shared responsibility — between businesses, suppliers, and IT partners.

    If you’re concerned about your own third-party risk exposure or would like a free cybersecurity readiness assessment, contact DSM today. Let’s build a safer, smarter, and more resilient future — together.

    cloud-cybersecurity-insights
    Posted on By Author DSM Group Categories blog, Cyber Security, Security, System Security

    Cloud and Cybersecurity Insights: Trends & Best Practices

    Building a cybersecurity strategy has never been more challenging – the rapidly evolving threat landscape,

    combined with the acceleration of digital transformation and a workforce distributed beyond traditional office networks to the home have radically altered how IT teams defend their network, data, users and applications.

    The astonishing value of the cyber crime industry and move towards cyber crime as-a-service via online dark web marketplaces and commoditisation of malware has not just seen more advanced and complex threats, but an increasingly lower barrier for entry. Anyone can now gain access to the tools needed to deliver ransomware and take payments via anonymous cryptocurrency, while tactics have evolved to include PR and extortion threats that have further muddied the waters of how organisations can respond – further ramping up the potential financial returns.

    The last two years have seen the added complexity of an accelerated shift in the infrastructure and strategy of many organisations, as distributed workforces and working from home became the default. This necessitated migration to the cloud at unprecedented speed and digital transformation that helped keep businesses going, but created new risks and opportunities for threats to exploit.

    As we move into 2022, we’ve commissioned a survey across hundreds of CTO, CIOs, CISOs and industry leaders to get their perspective of this changing threat landscape, how much cloud has become the core of today’s network, and the priorities from the boardroom to the SOC in defending against the next threat.

    To view the full report and results, download your complimentary copy below.

    Bitdefender_Survey_Report-DSM-Group22Download
    Managed Services
    Posted on By Author DSM Group Categories blog, Cloud Backup, Cloud Computing, Cyber Security, Hardware & software, Hosting & Colocation, IT Support

    6 Benefits Of Using Managed IT Services

    “By giving IT staff more time to focus on progression and increasing productivity, a managed IT supplier offers businesses the support and room they need to grow.”

    While new technologies present powerful opportunities for enterprises, they also introduce challenges. The pace of change in IT is unprecedented. IT departments can no longer survive on one or two computer models, a single operating system, and a short list of approved applications. The mobile devices and cloud-based technologies that have brought so much possibility have also introduced a multitude of devices, platforms and apps for IT departments to manage and secure.

    For many organisations those challenges add up to significant expense: the cost of hiring and training qualified workers, purchasing the infrastructure to support emerging technologies, and keeping systems up to date. Rather than struggle to keep pace with technology, many organisations turn to managed IT providers for help. By trusting a third party such as DSM to handle cloud deployments, data center solutions, mobile initiatives, collaboration tools and security, organisations can focus their time and resources on their core business objectives.

    IT service providers take a pragmatic approach to IT solutions resulting in a higher standard than many organisations are able to achieve in-house. Top service providers also offer ongoing management and maintenance of the underlying infrastructure, along with end-user support and service guarantees.

    The benefits of managed IT services are clear: In 2014, only 30 percent of organisations used managed services, but within a year, that figure had nearly doubled. Managed services can cut IT costs by as much as 40 percent while doubling operational efficiency.

    Turning to a trusted IT partner offers several advantages, including:

    1. Freeing up IT staff

    Most internal IT departments are at capacity. Outsourcing back-end functions or complex, rapidly changing technologies to a managed service provider, organisations can dedicate their in-house technology experts to projects that will further their core objectives and promote innovation.

    2. Keeping pace with the demands for IT expertise

    Organisations around the UK are struggling to fill IT positions, particularly in cybersecurity and cloud solutions. Outsourcing these functions to a partner with technically skilled and specialized engineers in new and emerging technologies alleviates these pressures.

    3. Greater scalability

    IT organisations spend weeks, even months, deploying massive systems. Many organisations are finding it more effective to start small, move fast and expand as needed. DSM’s modular approach to managed services makes it easy for enterprises to scale up or down depending on demand, such as a retailer increasing capacity around peak periods or a startup experiencing sudden growth.

    4. 24/7 availability

    The 9-to-5 workday is as outdated today as the phone booth. When users work around the clock, so must the network. With a managed IT provider, help is always available — days, nights, weekends or holidays — to support users.

    5. Shifting the burden of compliance

    In addition to regular audits, many organisations are obligated to meet standards and requirements with their IT initiatives. Reporting and security are imperative in the healthcare, education, financial services and retail industries. DSM understands the regulations that organisations are bound by and can provide the systems, processes and reports to guarantee that organisations meet their requirements — without placing that burden on in-house staff.

    6. Predictable monthly costs

    Every IT investment comes with peripheral costs. Organisations need adequate networks, storage, and security. They must train staff, deploy systems and manage equipment. Unexpected costs arise at any time. By outsourcing initiatives to a managed IT provider, organisations can break down their costs into fixed monthly payments. Instead of the large capital expenditures that come with managing systems in-house.

    To discuss your requirement or book a free IT review please contact us @ support@dsmgroup.co.uk or call 03333 22 11 00

     

    pen testing
    Posted on By Author DSM Group Categories blog, Cyber Security

    A quick guide to effective pen-testing

    Do you want to uncover vulnerabilities before a Cyber hacker exploits them? Maybe you are already aware of your network’s vulnerabilities, but need a third party to argue that your network security needs additional investments? Or does your Business need penetration testing services to comply with a certain security regulations.
    Here is guide that explains the best practices to be used before, during and after network penetration testing.

     1.)  Pre-Test Stage

    This section lists the activities to pay attention to before penetration testing.

    • Define the scope. Regardless of the pen-test type, list the number of networks, the IP address range within one network, subnets and computers to avoid any misunderstanding. Otherwise, pen testers might leave some network systems unattended or worse, hack some third party systems.
    • Define the time frame. Penetration testing shouldn’t disrupt your company’s everyday operations. Imagine if a pen tester used a technique involving heavy network traffic. If used at peak times, it could overload the network and crash it.
    • Decide if you want your IT security and technical information to be in the know. Unannounced penetration testing is good to assess the status of your security team. Yet, it may slow down the process or even block it, for example, by cutting access from internet for pen testers.

    2.)  Test Stage

    This section covers practices followed by pen testers while conducting network penetration testing.

    • Gather as much customer information as possible. Pen testers use the customer’s website, WHOIS databases and web search engines.
    • Conduct a network survey. This process provides pen testers with server names and domains, the range of IP addresses owned by the organisation, information about closed and open network ports, running OS and services.
    • Determine existing vulnerabilities. At this stage, pen testers scan the network looking for vulnerabilities to use for penetration attempt. Vulnerability scanning can be automated and manual. A combination of the two methods will boost the effectiveness of the process considerably.
    • Identify suitable targets. Pen testing will always be conducted within a time frame set by you. So, out of the list of vulnerable targets on your network, it’s essential to choose the proper ones not to waste time and effort doing unnecessary job. It would be sensible to choose the servers, as the primary targets for penetration testing.
    • Attempt penetration. To exploit vulnerabilities, pen testers use specialist, customised tools. These tools categorise vulnerabilities based on the severity. This helps to provide a customer with a report of vulnerabilities that need to be fixed immediately.

    3.) Post-Test Stage

    Network penetration, as such, is over. But the penetration testing procedure isn’t. Two stages are left: cleaning up and report generation.

    • Report generation. A well-structured report is a welcome hand in risk management. It should start with an overview of the penetration testing process followed by the most critical network vulnerabilities that need to be addressed in the first place. Afterwards, fewer critical vulnerabilities should be highlighted.
    • Cleaning up. Pen testers’ code of practice doesn’t allow to leave any surprises in your network. To keep it clean, pen testers should maintain a detailed record of all actions performed throughout the stages of penetration testing.
    1 2