• 05 June 2026, 20:53 PM

Email Support

support@dsmgroup.co.uk

Call Us

03333 22 11 00

Head Office

The Old Hangar, Peterborough PE8 6NE

Category Archives: Cyber Security

  HomeDSM Group   : :   Cyber Security
system hacked
Posted on By Author DSM Group Categories Cyber Security, Disaster Recovery

Cyber Attacks Don’t Shut Down Systems. They Shut Down Businesses.

When most organisations think about cyber attacks, they think about IT systems.

Servers go offline.
Files become inaccessible.
Applications stop working.

But that is only the surface level.

The real impact of a cyber attack is not technical.
It is operational.

Because when your systems go down, your business goes with them.

The Difference Between IT Impact and Business Impact

An IT failure is measurable in systems.

A business failure is measured in consequences.

When a cyber attack hits, the immediate effects are rarely limited to infrastructure. Instead, the disruption spreads quickly across the organisation:

  • Revenue generation stops
  • Staff are unable to perform their roles
  • Customer services become unavailable
  • Internal communication breaks down

What begins as a technical issue rapidly becomes a business-wide crisis.

And the longer systems remain unavailable, the more severe the consequences become.

The Hidden Cost of Downtime

Many organisations underestimate the true cost of a cyber incident because they focus only on recovery of data.

In reality, the most significant losses come from downtime:

  • Financial loss from halted operations
  • Customer attrition due to lack of service
  • Reputational damage that can take years to repair
  • Regulatory exposure in sectors with compliance obligations

In some cases, businesses recover their data but never fully recover their position in the market.

Why Prevention Alone Is Not Enough

Cybersecurity tools are essential.

Firewalls, endpoint protection, monitoring systems, and user training all play a critical role in reducing risk.

However, no environment is completely immune.

Attack methods evolve constantly.
Human error cannot be eliminated.
Supply chain vulnerabilities introduce external risk.

The question is no longer:

“Can we prevent an attack entirely?”

It is:

“What happens when something gets through?”

This is where many organisations fall short.

They invest heavily in prevention but give far less attention to resilience and recovery.

Backup Is Not Business Continuity

A common misconception is that having backups is enough.

Backups protect data.

They do not restore operations.

After a cyber attack, recovery involves far more than retrieving files:

  • Infrastructure may need to be rebuilt
  • Systems must be validated and secured before going live
  • Dependencies between applications must be re-established
  • Users need safe and controlled access

This process can take hours, days, or longer without the right preparation.

During that time, the business remains effectively offline.

The Importance of a Complete Disaster Recovery Strategy

A true disaster recovery approach goes beyond backup.

It ensures that your business can continue operating, even during a major disruption.

This requires:

1. Secure, Replicated Infrastructure

Not just stored data, but ready-to-run environments that can be activated quickly.

2. Defined Recovery Processes

Clear, structured procedures that are understood by both technical teams and business stakeholders.

3. Rapid Failover Capability

The ability to switch operations to a secondary environment with minimal delay.

4. Workplace Recovery

Ensuring staff have access to systems, communication tools, and a place to work if the primary office is unavailable.

5. Regular Testing

Simulating real-world scenarios to validate that recovery works under pressure.

Without these elements, recovery becomes slow, uncertain, and risky.

Why Your IT Partner Matters More Than Ever

One of the most critical decisions an organisation makes is choosing the right IT partner.

Not all providers approach security and disaster recovery in the same way.

Many focus on:

  • Basic backup solutions
  • Reactive support
  • General IT services

But in today’s threat landscape, that is not enough.

You need an IT partner that is:

Security First

Actively focused on protecting your environment, not just maintaining it.

Proactive, Not Reactive

Identifying risks and weaknesses before they become incidents.

Experienced in Real Recovery Scenarios

Understanding what actually happens during a crisis, not just what should happen in theory.

Able to Deliver End-to-End Disaster Recovery

Providing complete solutions that include infrastructure, failover, and workplace recovery, not just data backup.

Because when an incident occurs, your IT provider is not just supporting systems.

They are supporting your ability to operate as a business.

From IT Recovery to Business Continuity

The organisations that recover quickly from cyber attacks are not necessarily those with the most advanced technology.

They are the ones with the most complete strategy.

They understand that:

  • Recovery is about people as well as systems
  • Speed is as important as security
  • Preparation is more valuable than documentation

Most importantly, they treat disaster recovery as a core business function, not an IT afterthought.

Final Thought

Cyber attacks do not just disrupt infrastructure.

They disrupt operations, revenue, and trust.

And in many cases, it is not the attack itself that causes the greatest damage.

It is the inability to recover quickly and effectively.

If your current strategy is focused mainly on backup, it may be worth reassessing your level of risk.

Ask yourself:

If your systems went down today, how much of your business would still be operational?
Speak to us to discuss a complete DR plan today

    Please prove you are human by selecting the star.

    backup
    Posted on By Author DSM Group Categories Cloud Backup, Cyber Security, IT Support

    Your Backup Is Potentially Useless. Here’s Why.

    Most organisations believe they are protected because they have backups in place.

    They tick the box.
    They pass audits.
    They assume they are covered.

    But in reality, backups alone do not protect your business.

    They protect your data.

    And those are not the same thing.

    The Misconception: Backup = Recovery

    A backup strategy answers one question:

    “Can we retrieve our data?”

    But business continuity depends on a completely different question:

    “How quickly can we operate again?”

    That gap between data recovery and operational recovery is where most failures happen.

    What Actually Happens During an Incident

    Let’s take a realistic scenario:

    A ransomware attack encrypts your systems at 09:00.

    You have backups. Good.

    Now what?

    Step 1: Identify the breach

    Hours can pass before the full scope is understood.

    Step 2: Isolate affected systems

    You cannot restore safely until the threat is contained.

    Step 3: Validate backups

    Are they clean? Are they recent? Are they complete?

    Step 4: Begin restoration

    This is where most assumptions break.

    Large datasets take hours or days to restore
    Infrastructure must be rebuilt or reconfigured
    Dependencies between systems cause delays

    Step 5: Test systems

    You cannot bring systems live without validation.

    Step 6: Restore user access

    Staff still need:
    Devices
    Network access
    Applications
    Secure authentication

    At this point, even with good backups, many businesses are still offline for days.

    The Real Problem: Recovery Time

    This is where two critical metrics come into play:

    Recovery Time Objective (RTO)

    How long it takes to restore operations.

    Recovery Point Objective (RPO)

    How much data you can afford to lose.

    Most organisations focus heavily on RPO, which relates to backups.

    But it is RTO that determines whether your business survives.

    Because:

    A 24 hour outage means lost revenue
    A 72 hour outage means lost customers
    A week long outage can mean potential business failure

    Why Backups Fail in Practice

    Backups do not fail because they do not exist.

    They fail because they are incomplete as a strategy.

    1. No Infrastructure to Recover Into

    Backups need a target environment.

    Without:
    Pre configured servers
    Network infrastructure
    Security controls

    You are rebuilding from scratch.

    2. No Defined Failover Process

    Most organisations do not have a clear, tested sequence for switching operations.

    Instead, recovery becomes:
    Reactive
    Manual
    Slow

    3. No Workplace Recovery Plan

    Even if systems are restored:

    Where do staff work?
    How do they access systems?
    What happens if the office is unavailable?

    This is one of the most overlooked risks.

    4. No Testing Under Real Conditions

    A backup that has never been tested is a theoretical solution.

    Under pressure:
    Scripts fail
    Dependencies break
    Teams do not know their roles

    Testing exposes reality.

    Most organisations avoid it.

    What Real Business Continuity Looks Like

    A proper strategy goes far beyond backup.

    It includes:

    1. Replicated Infrastructure

    Not just stored data, but ready to run environments.

    2. Defined Recovery Processes

    Clear, documented, and rehearsed.

    3. Rapid Failover Capability

    The ability to switch operations in minutes, not days.

    4. Workplace Recovery

    Ensuring people, not just systems, can function.

    5. Regular Testing

    Simulating real world failure scenarios.

    Backup Is One Piece of a Larger System

    Backups are still essential.

    But they are just one component in a broader resilience strategy.

    Without the surrounding infrastructure and planning, they create a false sense of security.

    The Question Most Businesses Avoid

    It is easy to ask:

    “Do we have backups?”

    It is much harder, and more important, to ask:

    “How long could we realistically operate without our systems?”

    Because that answer defines your actual level of risk.

    Final Thought

    Technology failures do not usually destroy businesses.

    Downtime does.

    And downtime is not solved by backups alone.

    If you have never tested your recovery under real conditions, you do not truly know your risk.

    It might be worth asking:

    How long could your business actually survive offline?
    Talk to us about real world backup and recovery.

      Please prove you are human by selecting the truck.

      How to Improve Employee Productivity 31 1024x576 1
      Posted on By Author DSM Group Categories Cyber Security, IT Support

      Cyber Security Laws Are Changing: What It Means for Your Business

      Cyber security is no longer just a technical consideration. It is now a core part of business risk, governance, and compliance. As regulations continue to evolve across the UK and internationally, organisations are expected to take a more structured, accountable, and evidence driven approach to protecting their systems and data.

      For many businesses, this is not about starting from scratch. It is about strengthening what is already in place and ensuring it stands up to increasing scrutiny.

      A Shift in Expectations

      Recent changes in cyber security regulation are shaping how organisations are expected to operate.

      There is now greater emphasis on accountability, with leadership teams expected to understand and take ownership of cyber risk. At the same time, expectations around incident detection and response have tightened, with faster reporting requirements becoming standard.

      Perhaps the most significant shift is the move towards evidence. It is no longer enough to say that security measures are in place. Businesses must be able to demonstrate what is being monitored, what risks have been identified, and how those risks are being managed.

      There is also increasing focus on supply chains. Organisations are expected to understand the security posture of their partners and suppliers, not just their own internal systems.

      What This Means in Practice

      The practical impact for businesses is a move away from periodic reviews towards continuous oversight.

      Organisations need to be able to:

      • Maintain ongoing visibility of vulnerabilities across their environment
      • Prioritise and address risks in a structured way
      • Keep clear records of actions taken
      • Provide evidence quickly and confidently during audits

      Many traditional IT support models were not designed with these requirements in mind. As a result, some businesses may find gaps between what they currently have in place and what is now expected.

      The Role of Your IT Partner

      As requirements evolve, so too must the role of your IT provider.

      A modern IT partner should help you stay ahead of risk and maintain compliance, not simply respond to issues as they arise.

      Key capabilities to look for include:

      • Continuous visibility of your security position
      • Clear prioritisation and management of vulnerabilities
      • Reporting that supports audits and regulatory requirements
      • Proactive guidance on improving your security posture
      • Alignment with recognised standards such as ISO 27001 and Cyber Essentials

      This approach helps ensure that security is not just in place, but also measurable and demonstrable.

      Supporting a Structured Approach to Security

      At DSM Group, we support businesses in taking a more structured and consistent approach to cyber security.

      Our Vulnerability Management as a Service provides continuous scanning and clear insight into potential risks, alongside prioritised guidance on remediation.

      Our Security as a Service offering builds on this by delivering ongoing monitoring, threat detection, and support in maintaining a strong overall security posture.

      These services are designed to provide clarity and confidence, helping businesses understand their risks and demonstrate how they are being managed.

      Preparing for What Comes Next

      Regulation will continue to evolve, and expectations around cyber security will only increase.

      Organisations that take a proactive approach now will be better positioned to meet future requirements. By putting the right processes, visibility, and support in place, compliance becomes a natural outcome of good practice rather than a reactive exercise.

      Final Thoughts

      Cyber security today is about more than protection. It is about assurance.

      Being able to clearly demonstrate that risks are understood, monitored, and managed is becoming a fundamental requirement for doing business.

      With the right approach and the right support, this does not need to be complex. It simply needs to be consistent, visible, and well managed.

      Like to know more?

        Please prove you are human by selecting the plane.

        mands-hack
        Posted on By Author DSM Group Categories Cyber Security, blog, Security

        A Deep Dive into the M&S Hack: Root Cause, Impacts, and the Path Forward

        In an era where data is as valuable as currency, cyberattacks have grown not only in frequency but in sophistication. The recent breach involving Marks & Spencer (M&S), one of the UK’s most established retail giants, underscores the vulnerabilities that even long-standing and digitally mature organisations can face. At DSM, we take these incidents seriously — not just as cautionary tales, but as learning opportunities to better secure our clients’ infrastructure.

        In this post, we explore the root cause of the M&S hack, its impacts, and the potential remediations and industry best practices that organisations of all sizes should consider.

        What Happened?

        In June 2025, M&S confirmed that customer data had been exposed via a third-party supplier breach. The attack did not directly target M&S’s core systems, but rather leveraged vulnerabilities in MoveIt, a file transfer software widely used by many enterprises — echoing the Clop ransomware gang’s global campaign from 2023 which exploited a zero-day vulnerability in the same software.

        This breach exposed sensitive employee and customer data, including contact details, payroll records, and in some cases, national insurance numbers. Although payment data was reportedly not affected, the breach was serious enough to warrant a coordinated incident response, internal investigations, and involvement from the Information Commissioner’s Office (ICO).

        Root Cause Analysis

        1. Third-Party Vulnerability

        The breach highlights the ever-growing risk associated with supply chain and third-party software. M&S was not directly attacked; instead, its data was compromised via its association with a vulnerable vendor. The MoveIt vulnerability allowed attackers to bypass authentication and gain access to sensitive files through unauthorised transfers.

        2. Inadequate Segmentation and Vendor Management

        While M&S likely had robust cybersecurity protocols in place for its internal systems, the lack of segmentation between internal and vendor systems may have enabled lateral movement of data. Additionally, vendor due diligence and continuous monitoring appear to have been insufficient — a common shortfall even among large organisations.

        3. Delayed Patch Implementation

        Despite alerts being issued about the vulnerability, many organisations — including M&S’s third-party supplier — failed to apply security patches promptly. In high-risk environments, time-to-patch is often the difference between containment and compromise.

        Impacts of the Breach

        1. Customer and Employee Trust

        Perhaps the most intangible yet damaging outcome is the erosion of trust. Customers and employees entrust organisations like M&S with their personal data, and breaches — even when caused by third parties — reflect poorly on data stewardship practices.

        2. Financial and Legal Repercussions

        While M&S has not disclosed the exact cost, historical data suggests large-scale breaches can cost millions in legal fees, compensation, fines (especially under UK GDPR), and increased insurance premiums. The ICO could issue a significant penalty if M&S is found to have failed in its data protection obligations.

        3. Operational Disruption

        Though retail operations continued, IT and legal teams were forced into crisis mode. These disruptions pull resources away from strategic initiatives and can harm internal morale.

        4. Reputational Damage

        The press coverage of the breach was widespread. In a time when ESG and digital trust matter to investors and consumers alike, reputational damage can have long-term commercial effects.

        Lessons Learned and Resolutions

        1. Zero Trust Architecture (ZTA)

        Organisations must adopt a Zero Trust approach — assuming that every device, user, or system could be compromised. This philosophy promotes the idea of least privilege, continuous validation, and strict access controls.

        2. Third-Party Risk Management

        Vendor relationships must go beyond contractual SLAs. This includes:

        • Continuous security assessments
        • Penetration testing
        • Real-time monitoring of vendor risk profiles
        • Contractual obligations for prompt patching and breach reporting

        At DSM, we vet every supplier and partner using a rigorous compliance and risk methodology, including ISO27001-certified processes.

        3. Proactive Threat Detection

        Implementing real-time threat intelligence, SIEM tools, and behaviour-based monitoring is essential. M&S and its vendors might have benefited from anomaly detection systems that flag unusual file transfers or system activity.

        4. Segmentation and Data Minimisation

        Limiting how much data vendors can access, and segregating networks, could have reduced the breach scope. The principle of data minimisation — collecting and retaining only what’s strictly necessary — would have also limited exposure.

        5. Regular Patch Management Protocols

        Having a formalised, time-bound patch management policy — with escalation procedures — is vital. DSM supports customers with automated patching solutions, compliance audits, and vulnerability scanning as part of our managed services offering.

        Looking Ahead

        This breach serves as a stark reminder: cybersecurity is only as strong as the weakest link. Whether you’re a large retailer, a public sector body, or an SME, third-party risk must now be considered a top-tier cyber threat.

        At DSM, our commitment to secure, resilient infrastructure means going beyond traditional boundaries of IT support. We design environments that assume breach, isolate risk, and ensure business continuity through our workplace recovery, DRaaS, and colocation services.

        Final Thoughts

        Cyber resilience isn’t about preventing all breaches — that’s virtually impossible. It’s about detection, response, and minimising the blast radius. If the M&S breach teaches us anything, it’s that resilience is a shared responsibility — between businesses, suppliers, and IT partners.

        If you’re concerned about your own third-party risk exposure or would like a free cybersecurity readiness assessment, contact DSM today. Let’s build a safer, smarter, and more resilient future — together.

        cloud-cybersecurity-insights
        Posted on By Author DSM Group Categories blog, Cyber Security, Security, System Security

        Cloud and Cybersecurity Insights: Trends & Best Practices

        Building a cybersecurity strategy has never been more challenging – the rapidly evolving threat landscape,

        combined with the acceleration of digital transformation and a workforce distributed beyond traditional office networks to the home have radically altered how IT teams defend their network, data, users and applications.

        The astonishing value of the cyber crime industry and move towards cyber crime as-a-service via online dark web marketplaces and commoditisation of malware has not just seen more advanced and complex threats, but an increasingly lower barrier for entry. Anyone can now gain access to the tools needed to deliver ransomware and take payments via anonymous cryptocurrency, while tactics have evolved to include PR and extortion threats that have further muddied the waters of how organisations can respond – further ramping up the potential financial returns.

        The last two years have seen the added complexity of an accelerated shift in the infrastructure and strategy of many organisations, as distributed workforces and working from home became the default. This necessitated migration to the cloud at unprecedented speed and digital transformation that helped keep businesses going, but created new risks and opportunities for threats to exploit.

        As we move into 2022, we’ve commissioned a survey across hundreds of CTO, CIOs, CISOs and industry leaders to get their perspective of this changing threat landscape, how much cloud has become the core of today’s network, and the priorities from the boardroom to the SOC in defending against the next threat.

        To view the full report and results, download your complimentary copy below.

        Bitdefender_Survey_Report-DSM-Group22Download
        1 2