• 27 October 2025, 04:48 AM

Opening Hours

Mon-Fri:08:30 AM To 6:00 PM

Email Support

support@dsmgroup.co.uk

Head Office

The Old Hangar, Peterborough PE8 6NE

Category Archives: Security

  HomeDSM Group   : :   Security
mands-hack
Posted on By Author DSM Group Categories Cyber Security, blog, Security

A Deep Dive into the M&S Hack: Root Cause, Impacts, and the Path Forward

In an era where data is as valuable as currency, cyberattacks have grown not only in frequency but in sophistication. The recent breach involving Marks & Spencer (M&S), one of the UK’s most established retail giants, underscores the vulnerabilities that even long-standing and digitally mature organisations can face. At DSM, we take these incidents seriously — not just as cautionary tales, but as learning opportunities to better secure our clients’ infrastructure.

In this post, we explore the root cause of the M&S hack, its impacts, and the potential remediations and industry best practices that organisations of all sizes should consider.

What Happened?

In June 2025, M&S confirmed that customer data had been exposed via a third-party supplier breach. The attack did not directly target M&S’s core systems, but rather leveraged vulnerabilities in MoveIt, a file transfer software widely used by many enterprises — echoing the Clop ransomware gang’s global campaign from 2023 which exploited a zero-day vulnerability in the same software.

This breach exposed sensitive employee and customer data, including contact details, payroll records, and in some cases, national insurance numbers. Although payment data was reportedly not affected, the breach was serious enough to warrant a coordinated incident response, internal investigations, and involvement from the Information Commissioner’s Office (ICO).

Root Cause Analysis

1. Third-Party Vulnerability

The breach highlights the ever-growing risk associated with supply chain and third-party software. M&S was not directly attacked; instead, its data was compromised via its association with a vulnerable vendor. The MoveIt vulnerability allowed attackers to bypass authentication and gain access to sensitive files through unauthorised transfers.

2. Inadequate Segmentation and Vendor Management

While M&S likely had robust cybersecurity protocols in place for its internal systems, the lack of segmentation between internal and vendor systems may have enabled lateral movement of data. Additionally, vendor due diligence and continuous monitoring appear to have been insufficient — a common shortfall even among large organisations.

3. Delayed Patch Implementation

Despite alerts being issued about the vulnerability, many organisations — including M&S’s third-party supplier — failed to apply security patches promptly. In high-risk environments, time-to-patch is often the difference between containment and compromise.

Impacts of the Breach

1. Customer and Employee Trust

Perhaps the most intangible yet damaging outcome is the erosion of trust. Customers and employees entrust organisations like M&S with their personal data, and breaches — even when caused by third parties — reflect poorly on data stewardship practices.

2. Financial and Legal Repercussions

While M&S has not disclosed the exact cost, historical data suggests large-scale breaches can cost millions in legal fees, compensation, fines (especially under UK GDPR), and increased insurance premiums. The ICO could issue a significant penalty if M&S is found to have failed in its data protection obligations.

3. Operational Disruption

Though retail operations continued, IT and legal teams were forced into crisis mode. These disruptions pull resources away from strategic initiatives and can harm internal morale.

4. Reputational Damage

The press coverage of the breach was widespread. In a time when ESG and digital trust matter to investors and consumers alike, reputational damage can have long-term commercial effects.

Lessons Learned and Resolutions

1. Zero Trust Architecture (ZTA)

Organisations must adopt a Zero Trust approach — assuming that every device, user, or system could be compromised. This philosophy promotes the idea of least privilege, continuous validation, and strict access controls.

2. Third-Party Risk Management

Vendor relationships must go beyond contractual SLAs. This includes:

  • Continuous security assessments
  • Penetration testing
  • Real-time monitoring of vendor risk profiles
  • Contractual obligations for prompt patching and breach reporting

At DSM, we vet every supplier and partner using a rigorous compliance and risk methodology, including ISO27001-certified processes.

3. Proactive Threat Detection

Implementing real-time threat intelligence, SIEM tools, and behaviour-based monitoring is essential. M&S and its vendors might have benefited from anomaly detection systems that flag unusual file transfers or system activity.

4. Segmentation and Data Minimisation

Limiting how much data vendors can access, and segregating networks, could have reduced the breach scope. The principle of data minimisation — collecting and retaining only what’s strictly necessary — would have also limited exposure.

5. Regular Patch Management Protocols

Having a formalised, time-bound patch management policy — with escalation procedures — is vital. DSM supports customers with automated patching solutions, compliance audits, and vulnerability scanning as part of our managed services offering.

Looking Ahead

This breach serves as a stark reminder: cybersecurity is only as strong as the weakest link. Whether you’re a large retailer, a public sector body, or an SME, third-party risk must now be considered a top-tier cyber threat.

At DSM, our commitment to secure, resilient infrastructure means going beyond traditional boundaries of IT support. We design environments that assume breach, isolate risk, and ensure business continuity through our workplace recovery, DRaaS, and colocation services.

Final Thoughts

Cyber resilience isn’t about preventing all breaches — that’s virtually impossible. It’s about detection, response, and minimising the blast radius. If the M&S breach teaches us anything, it’s that resilience is a shared responsibility — between businesses, suppliers, and IT partners.

If you’re concerned about your own third-party risk exposure or would like a free cybersecurity readiness assessment, contact DSM today. Let’s build a safer, smarter, and more resilient future — together.

Blog banners
Posted on By Author DSM Group Categories Security, News, System Security

DSM Group Achieves ISO27001:2022 Certification

We are proud to announce that DSM Group has been recommended for recertification by the British Standards Institution (BSI) for the prestigious ISO27001:2022 standard—an entire year ahead of schedule. This significant achievement underscores our continued commitment to maintaining the highest standards in information security management.

ISO27001 is an internationally recognised standard, and certification from BSI, a globally renowned certification body, further highlights our dedication to protecting sensitive company and customer information. BSI certification is a mark of trust and excellence, ensuring that our systems and processes are secure, robust, and meet the latest global standards in managing information security risks.

At DSM Group, we are dedicated to consistently improving our security measures. Our early recertification demonstrates the success of our proactive approach to safeguarding the confidentiality, integrity, and availability of information. We pride ourselves on delivering reliable and secure services, helping our clients rest assured that their data is in safe hands.

What Does This Mean for Our Clients?

For our clients, this BSI recertification reinforces DSM Group’s commitment to protecting their most critical assets. With stringent security protocols in place, clients can have full confidence that their data is managed in line with the highest industry standards.

ISO27001 also supports our dedication to continuous improvement, as we regularly assess and refine our processes to meet evolving security challenges. This not only reduces risk but also boosts operational efficiency, allowing us to provide even more reliable and high-quality services.

Thank you to everyone involved in helping us achieve this important milestone. Together, we continue to set the standard for excellence in information security, keeping our clients’ trust at the heart of everything we do.

immutable and mutable backup
Posted on By Author DSM Group Categories Cloud Backup, Security

Offering Immutable Data Backup as Standard: A Game-Changer in Data Security by DSM Group

In today’s fast-paced digital landscape, data is the lifeblood of businesses. From financial records and customer information to intellectual property and operational data, companies rely heavily on their digital assets. With the ever-increasing frequency and sophistication of cyber threats and the potential for accidental data loss, having a robust backup strategy is essential for any organisation.

One innovative approach to data backup that has gained traction but is still far from the industry standard is “Immutable Data Backup.” Immutable data backups offer a level of data protection that goes beyond traditional backup methods, providing an added layer of security against ransomware attacks, human errors, and data corruption. While very few companies currently offer this service due to the associated infrastructure and costs, some forward-thinking organisations are breaking new ground.

One such company is DSM Group, which has made it their mission to prioritise data security and offer immutable data backup as a standard service. Their investment in cutting-edge infrastructure, including a solar farm and a water-cooled data centre, has allowed them to provide this game-changing service to their clients without breaking the bank.

Understanding Immutable Data Backup

Before delving into the benefits of immutable data backup, it’s essential to understand what it entails. Immutable data backup refers to a backup method where once data is stored, it cannot be altered, overwritten, or deleted until a predefined retention period expires. In other words, it guarantees the immutability and integrity of your backup data, making it impervious to external threats or accidental data modifications.

The Advantages of Immutable Data Backup

  1. Ransomware Resilience: Ransomware attacks have become increasingly prevalent and sophisticated. Attackers often target backups, rendering them useless and leaving victims with no option but to pay a ransom. Immutable data backups are immune to such attacks, as the data remains unalterable, regardless of external interference.
  2. Data Integrity: In a world where data integrity is paramount, immutable backups provide assurance that your data will remain unchanged, ensuring its accuracy and reliability for compliance and auditing purposes.
  3. Protection Against Human Errors: Accidental data deletion or modification is a common cause of data loss. Immutable backups safeguard against these mistakes, guaranteeing the ability to restore your data to its original state.
  4. Historical Data Retrieval: Immutable backups preserve historical versions of data, enabling organisations to recover files or records from any point in time. This can be invaluable for investigating incidents or tracking changes over time.
  5. Peace of Mind: Knowing that your critical data is secure and immutable can offer peace of mind to business owners and IT professionals, allowing them to focus on strategic initiatives rather than worrying about data loss.

The Slight Space Requirement and Cost

One consideration to keep in mind when adopting immutable data backup

is that it typically requires approximately 20% more storage space compared to traditional backup methods. While this might lead to concerns about increased costs, it’s essential to emphasise that the additional storage cost is minimal when weighed against the substantial benefits of data security and protection against potential data breaches or loss.

The investment in the extra storage space for immutable backups is a proactive measure that ensures the integrity and availability of your critical data. In the grand scheme of data security, this added expense is a small price to pay for the peace of mind and resilience it offers against cyber threats and data disasters.

Overcoming the Cost and Infrastructure Challenge

The primary reason many companies have yet to adopt immutable data backup as a standard service is the perceived cost and infrastructure required. However, forward-thinking organisations like DSM Group have found innovative solutions to overcome these challenges.

By investing in renewable energy sources, such as a solar farm, and developing an efficient water-cooled data centre, DSM Group has managed to significantly reduce operational costs. These investments not only make their data centre environmentally friendly but also allow them to pass on cost savings to their clients, making immutable data backup an affordable option.

Making Immutable Data Backup Accessible to All

The move toward offering immutable data backup as a standard service is a significant step in enhancing data security for businesses of all sizes. While the infrastructure and costs may have been barriers in the past, companies like DSM Group are demonstrating that it’s possible to overcome these challenges.

In an era when data breaches and cyber threats are a constant concern, investing in immutable data backup is a proactive approach that can protect your organisation’s most valuable asset: its data. As more companies recognise the importance of this service, it may become an industry standard, ensuring that businesses are better equipped to safeguard their digital assets in an increasingly volatile digital landscape.

In conclusion, immutable data backup is a game-changer in data security, and DSM Group is leading the way by making it accessible and affordable to their clients. As businesses continue to prioritise data protection, immutable backups may soon become the gold standard for safeguarding critical digital assets. The minimal cost of additional storage space pales in comparison to the invaluable protection it provides for your data.

If you would like to know more or get a quote please call us or fill in the form below.

    cloud-cybersecurity-insights
    Posted on By Author DSM Group Categories blog, Cyber Security, Security, System Security

    Cloud and Cybersecurity Insights: Trends & Best Practices

    Building a cybersecurity strategy has never been more challenging – the rapidly evolving threat landscape,

    combined with the acceleration of digital transformation and a workforce distributed beyond traditional office networks to the home have radically altered how IT teams defend their network, data, users and applications.

    The astonishing value of the cyber crime industry and move towards cyber crime as-a-service via online dark web marketplaces and commoditisation of malware has not just seen more advanced and complex threats, but an increasingly lower barrier for entry. Anyone can now gain access to the tools needed to deliver ransomware and take payments via anonymous cryptocurrency, while tactics have evolved to include PR and extortion threats that have further muddied the waters of how organisations can respond – further ramping up the potential financial returns.

    The last two years have seen the added complexity of an accelerated shift in the infrastructure and strategy of many organisations, as distributed workforces and working from home became the default. This necessitated migration to the cloud at unprecedented speed and digital transformation that helped keep businesses going, but created new risks and opportunities for threats to exploit.

    As we move into 2022, we’ve commissioned a survey across hundreds of CTO, CIOs, CISOs and industry leaders to get their perspective of this changing threat landscape, how much cloud has become the core of today’s network, and the priorities from the boardroom to the SOC in defending against the next threat.

    To view the full report and results, download your complimentary copy below.

    Bitdefender_Survey_Report-DSM-Group22Download