• 01 October 2025, 00:07 AM

Opening Hours

Mon-Fri:08:30 AM To 6:00 PM

Email Support

support@dsmgroup.co.uk

Head Office

The Old Hangar, Peterborough PE8 6NE

Tag Archives: cyber security

  HomeDSM Group   : :   cyber security
mands-hack
Posted on By Author DSM Group Categories Cyber Security, blog, Security

A Deep Dive into the M&S Hack: Root Cause, Impacts, and the Path Forward

In an era where data is as valuable as currency, cyberattacks have grown not only in frequency but in sophistication. The recent breach involving Marks & Spencer (M&S), one of the UK’s most established retail giants, underscores the vulnerabilities that even long-standing and digitally mature organisations can face. At DSM, we take these incidents seriously — not just as cautionary tales, but as learning opportunities to better secure our clients’ infrastructure.

In this post, we explore the root cause of the M&S hack, its impacts, and the potential remediations and industry best practices that organisations of all sizes should consider.

What Happened?

In June 2025, M&S confirmed that customer data had been exposed via a third-party supplier breach. The attack did not directly target M&S’s core systems, but rather leveraged vulnerabilities in MoveIt, a file transfer software widely used by many enterprises — echoing the Clop ransomware gang’s global campaign from 2023 which exploited a zero-day vulnerability in the same software.

This breach exposed sensitive employee and customer data, including contact details, payroll records, and in some cases, national insurance numbers. Although payment data was reportedly not affected, the breach was serious enough to warrant a coordinated incident response, internal investigations, and involvement from the Information Commissioner’s Office (ICO).

Root Cause Analysis

1. Third-Party Vulnerability

The breach highlights the ever-growing risk associated with supply chain and third-party software. M&S was not directly attacked; instead, its data was compromised via its association with a vulnerable vendor. The MoveIt vulnerability allowed attackers to bypass authentication and gain access to sensitive files through unauthorised transfers.

2. Inadequate Segmentation and Vendor Management

While M&S likely had robust cybersecurity protocols in place for its internal systems, the lack of segmentation between internal and vendor systems may have enabled lateral movement of data. Additionally, vendor due diligence and continuous monitoring appear to have been insufficient — a common shortfall even among large organisations.

3. Delayed Patch Implementation

Despite alerts being issued about the vulnerability, many organisations — including M&S’s third-party supplier — failed to apply security patches promptly. In high-risk environments, time-to-patch is often the difference between containment and compromise.

Impacts of the Breach

1. Customer and Employee Trust

Perhaps the most intangible yet damaging outcome is the erosion of trust. Customers and employees entrust organisations like M&S with their personal data, and breaches — even when caused by third parties — reflect poorly on data stewardship practices.

2. Financial and Legal Repercussions

While M&S has not disclosed the exact cost, historical data suggests large-scale breaches can cost millions in legal fees, compensation, fines (especially under UK GDPR), and increased insurance premiums. The ICO could issue a significant penalty if M&S is found to have failed in its data protection obligations.

3. Operational Disruption

Though retail operations continued, IT and legal teams were forced into crisis mode. These disruptions pull resources away from strategic initiatives and can harm internal morale.

4. Reputational Damage

The press coverage of the breach was widespread. In a time when ESG and digital trust matter to investors and consumers alike, reputational damage can have long-term commercial effects.

Lessons Learned and Resolutions

1. Zero Trust Architecture (ZTA)

Organisations must adopt a Zero Trust approach — assuming that every device, user, or system could be compromised. This philosophy promotes the idea of least privilege, continuous validation, and strict access controls.

2. Third-Party Risk Management

Vendor relationships must go beyond contractual SLAs. This includes:

  • Continuous security assessments
  • Penetration testing
  • Real-time monitoring of vendor risk profiles
  • Contractual obligations for prompt patching and breach reporting

At DSM, we vet every supplier and partner using a rigorous compliance and risk methodology, including ISO27001-certified processes.

3. Proactive Threat Detection

Implementing real-time threat intelligence, SIEM tools, and behaviour-based monitoring is essential. M&S and its vendors might have benefited from anomaly detection systems that flag unusual file transfers or system activity.

4. Segmentation and Data Minimisation

Limiting how much data vendors can access, and segregating networks, could have reduced the breach scope. The principle of data minimisation — collecting and retaining only what’s strictly necessary — would have also limited exposure.

5. Regular Patch Management Protocols

Having a formalised, time-bound patch management policy — with escalation procedures — is vital. DSM supports customers with automated patching solutions, compliance audits, and vulnerability scanning as part of our managed services offering.

Looking Ahead

This breach serves as a stark reminder: cybersecurity is only as strong as the weakest link. Whether you’re a large retailer, a public sector body, or an SME, third-party risk must now be considered a top-tier cyber threat.

At DSM, our commitment to secure, resilient infrastructure means going beyond traditional boundaries of IT support. We design environments that assume breach, isolate risk, and ensure business continuity through our workplace recovery, DRaaS, and colocation services.

Final Thoughts

Cyber resilience isn’t about preventing all breaches — that’s virtually impossible. It’s about detection, response, and minimising the blast radius. If the M&S breach teaches us anything, it’s that resilience is a shared responsibility — between businesses, suppliers, and IT partners.

If you’re concerned about your own third-party risk exposure or would like a free cybersecurity readiness assessment, contact DSM today. Let’s build a safer, smarter, and more resilient future — together.

cyber-insurance-n365-backup
Posted on By Author DSM Group Categories Uncategorized, Cloud Backup

Cyber Insurance and the Need for Microsoft 365 Backup

Why Backup is Becoming a Policy Requirement — and What That Means for Your Organisation

Cyber insurance has become an essential component of business continuity planning. However, as cyber threats grow more advanced, insurers are tightening their requirements. One of the most significant emerging conditions is the requirement for Microsoft 365 (M365) backup — something many organisations still overlook.

At DSM, we’re seeing this shift first-hand, as clients look to ensure their data protection posture meets evolving cyber insurance standards. In this article, we explain what’s driving this requirement, what constitutes a compliant backup solution, and how businesses can prepare effectively.

Understanding the Change

Microsoft’s Shared Responsibility Model

Many organisations mistakenly believe that Microsoft fully protects M365 data. In fact, Microsoft’s cloud services operate under a shared responsibility model: they maintain the platform’s availability, but customers are responsible for protecting their own data against deletion, corruption, ransomware, and retention misconfiguration.

Native tools such as recycle bins and retention policies offer limited protection, often for short periods (typically 30–90 days), and do not meet insurer expectations for full recoverability.

The Rise of Cloud-Based Threats

Microsoft 365 environments are increasingly being targeted by ransomware, phishing, and Business Email Compromise (BEC) attacks. In these scenarios, data loss is common — and without third-party backup, often irrecoverable.

From an insurer’s perspective, the inability to restore critical business data significantly increases claim risk, operational disruption, and potential reputational harm.

What Are Insurers Looking For?

To reduce their exposure and improve resilience among policyholders, many cyber insurers now require customers to:

  • Demonstrate that M365 data is backed up externally
  • Show evidence of backup schedules and retention policies
  • Confirm that data is restorable in full or in part
  • Prove that storage is secure, monitored, and immutable

Insurers may request this information at the point of application, during renewal, or even during a claim investigation.

What This Means for Your Organisation

1. Backup Is Now Essential for Compliance

Whether you’re a regulated entity or a small business, having a suitable Microsoft 365 backup solution in place may now be a prerequisite for cyber insurance eligibility. Without one, insurers may:

  • Decline coverage
  • Increase premiums
  • Apply exclusions for cloud-related losses

2. Greater Scrutiny During Due Diligence

Expect more technical questions from underwriters, such as:

  • What backup technology do you use?
  • How often is data backed up?
  • What’s your retention period?
  • Is backup data immutable?
  • Have you tested your recovery processes?

3. Operational Benefits Beyond Insurance

Having robust backups of your Microsoft 365 environment doesn’t just satisfy insurers — it also strengthens your business continuity and disaster recovery planning, enhances compliance, and reduces recovery time in the event of an incident.

What Does a Compliant Backup Look Like?

At DSM, we recommend businesses deploy a dedicated backup solution that meets or exceeds the following criteria:

✔️ Comprehensive Coverage

Protection for all core Microsoft 365 workloads:

  • Exchange Online (emails, calendar, contacts)
  • OneDrive for Business
  • SharePoint Online
  • Microsoft Teams (chats, files, meetings)
  • M365 Groups and Public Folders

✔️ Granular Recovery

Ability to restore individual items such as emails, documents, calendar entries, or conversations — not just full mailboxes or accounts.

✔️ Immutable Storage

Backups must be tamper-proof, using WORM (Write Once, Read Many) technology. This prevents attackers or internal users from modifying or deleting backup data — a key insurer requirement.

✔️ Automated Scheduling and Retention

Daily or more frequent backups, with configurable retention periods to align with organisational needs or regulatory obligations.

✔️ Role-Based Access and MFA

Administrator access to the backup platform should be restricted, audited, and protected by multi-factor authentication.

✔️ Data Location and Compliance

Ensure data is stored in a secure UK or EU facility, in accordance with data protection regulations such as GDPR and DPA 2018.

How DSM Can Help

At DSM, we offer fully managed Microsoft 365 backup solutions that align with the expectations of both cyber insurers and regulatory bodies. Our platforms are:

  • Hosted within our UK-based Tier 3 data centre
  • Integrated with secure, immutable backup storage
  • Monitored and maintained by our accredited support team
  • Available with custom retention policies and rapid recovery SLAs

Whether you’re looking to improve resilience, achieve cyber insurance compliance, or simply secure your cloud data, DSM can provide a tailored backup strategy to meet your needs.

Next Steps

If you’re unsure whether your current Microsoft 365 environment is sufficiently protected — or if your insurer has introduced new data protection requirements — we recommend taking the following steps:

  1. Audit your existing M365 backup arrangements
  2. Consult your insurer or broker to confirm their backup requirements
  3. Speak with a DSM advisor to explore compliant backup solutions

Get in touch today to discuss how DSM can help you meet cyber insurance standards with confidence.

key cyber security trends look out for 2021 1024x440 2
Posted on By Author DSM Group Categories blog, System Security

12 Steps To Secure Your IT System

Online criminals are increasingly targeting SME’s instead of large corporate entities, so it’s more important than ever to take steps to protect your IT and data.
Let’s look at how you can do that in 12 easy steps:-

  1. Make IT security a priority. Technology is integral to every small business, even those with just one computer so don’t fall into the trap of ‘it won’t happen to me’!
  2. Make someone responsible for IT security and ensure they have the time and resources to create new security processes. If not, it’s easy for things to get overlooked.
  3. Assess the risks to your IT system. Look at how you and your employees use IT to identify vulnerabilities. For example, your internet connection should be protected by a robust security package that includes virus and malware protection, plus a firewall.
  4. Take care of IT security basics. Simple precautions like not opening email attachments from unknown sources, education on threats like phishing and changing passwords regularly can significantly reduce the risks.
  5. Draw up an IT security plan. Once you have identified the risks your IT system faces, write an IT security plan. This should set out general rules to minimise the threat of hacking, theft and data loss.
  6. Be prepared to invest time and money. Good security software with regular updates usually costs money. It also takes time to identify what precautions you need to take.
  7. Perform regular backups and test that you can restore your data from your backups. At some point, every business will suffer a data loss – perhaps a result of accidental file deletion or a failed hard drive. Having a good backup system enables you to recover important data and carry on working.
  8. Protect lost property. One of the quickest ways for someone to access your data is through lost or stolen laptops, smart phones or USB memory sticks. Mobile equipment should be password protected and encrypted. Implement a remote wipe system so your data does not get into the wrong hands if a device is lost or stolen.
  9. Be aware of staff-owned devices. If employees are using their own smart phones or tablets for work then make sure this doesn’t create additional security risks.
  10. Train your staff. Ensure all employees are familiar with your security plan. Explain security procedures clearly, both during training and in employment contracts. For example, make it compulsory for staff to change their passwords regularly or to encrypt sensitive emails.
  11. Make it easy to be secure. One of the biggest threats to good security is employees who circumvent rules because following them makes their jobs difficult. It’s important your security measures don’t place an unreasonable burden on staff.
  12. Secure your website. Your website could be one of your weakest spots if hackers target you, particularly if it is the main point of contact for customers. In particular, make sure your online shop is secured by an SSL etc.