M&S boss says firms should be legally required to report cyber-attacks
In evidence to MPs about the impact of the massive cyber-attack on M&S that forced it to close down its online store for almost seven weeks, the retailer's chair, Archie Norman, said the business was still in 'rebuild mode'.
He said its key online clothing distribution centre in Castle Donington in Leicestershire still offline, adding 'it would not be an overstatement to describe [the attack] as traumatic' and 'like an out of body experience'.
Norman told parliament's business and trade sub-committee on economic security, arms and export controls that M&S had been quick to report the hack to the UK's cyber watchdog – the National Cyber Security Centre – which had helped others protect themselves about the hackers with other businesses.
He said making such reports mandatory was 'a very interesting idea' as 'it is apparent to us quite a large number of serious cyber-attacks never get reported to the NCSC'.
'We have reason to believe there have two major cyber-attacks on large British companies in the last four months that have gone unreported,' he said.
His claim comes after MP David Davis claimed in parliament that an unnamed British company 'had paid a very large sum to its blackmailer recently'.
Norman would not comment on whether M&S had paid a ransom, saying it was 'a matter of law enforcement' and the business was 'not discussing any of the details of interaction with threat actor'.
However, he said any business paying a ransom might have to ask themselves what they would get in return. 'In our case substantially the damage had been done,' he said.
The attack on M&S which began on 17 April and was spotted by M&S a couple of days later, involved the deployment of ransomware. A hacking collective known as Scattered Spider has been linked to the attack.
Norman said the hack had been sophisticated, involving impersonation and a third-party contractor.
'There have been media reports M&S leaving the back door open. We didn't,' Norman said.
Sign up to Business Today
Get set for the working day – we'll point you to all the business news and analysis you need every morning
after newsletter promotion
He said the group had spent hundreds of millions of pounds on improving its cybersecurity in the year before the attack and tripled its prevention team to 80.
'Anybody that had suffered such a major cyber-attack cannot say thousand things you could have done differently,' he said. However, he suggested it was almost impossible for an organisation with so many workers and contractors to keep out a determined 'threat actor'.
M&S's general council Nick Folland told MPs that M&S would advise other businesses to 'make sure you can run your business on pen and paper because that is what you need to do' when a serious attack hits.
All organisations must already report significant breaches of personal data to the Information Commissioner's Office, the UK's data protection watchdog, within 72 hours.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Independent
13 minutes ago
- The Independent
Officers were ‘covered in blood' after Pc shot with a crossbow
A police officer who was shot by a man with a crossbow said he lost so much blood that his colleagues were 'covered' in it. On Wednesday, a sentencing hearing at Aylesbury Crown Court heard police had been called after Jason King stabbed neighbour Alistair Mahwuto with a 'small knife' during an altercation, arising out of a 'long-standing' dispute. Police attended the scene in School Close in High Wycombe, Buckinghamshire, where King shot repeatedly at them using a crossbow before chasing them with the weapon and shooting officer Pc Curtis Foster, the court was told. The 55-year-old was later shot once by police in the stomach after refusing to put down the weapon when confronted by officers on May 10 last year, the court heard. Footage released by Thames Valley Police shows King, wearing shorts and a T-shirt, running across a road, pursuing the officers while pointing a crossbow. Pc Foster said of the incident: 'My recollection of the early moments when I arrived on scene was the street was empty, it was eerily quiet, no sign of the suspect and we then saw the victim who showed us a stab wound in the abdomen. 'I ascertained King had a crossbow when he removed the upstairs window to his property. He literally took the whole window out of its frame and then he was pointing something out of the window and I could see a red glint and then I realised it was a crossbow and that's when he took two shots at me out the window.' The officer added that he knew something had 'impacted' him but his adrenaline levels were 'so high' that he could not feel much pain. As a result, Pc Foster carried on running and helped clear members of the public away from the scene, despite his injury. Bodyworn camera footage shows the officer saying he thinks he has been shot and telling people to 'get back' into their houses as there is a man armed with a crossbow. Pc Foster said: 'I kind of first realised I was bleeding quite a lot when I could feel it running down my leg, and then I touched my leg above my trousers and my whole palm of my hand was red where it had gone through my trousers already so I thought yeah, I'm losing quite a lot of blood already.' He continued: 'There was a lot of blood. 'My two colleagues that turn up initially on scene were covered in my blood, that's how much blood I'd lost and when we got to the hospital the doctor had a feel of it and said I was really lucky it didn't strike an artery, it was a couple of centimetres away from hitting an artery in my leg.' Another clip shows King being confronted by an armed officer who shouts at him to 'stay still' before the officer fires one shot. The officer then runs over to King while other voices can be heard calling for paramedics. The armed officer, who cannot be named, said shooting King was 'the worst thing I've ever had to do' but that it 'neutralised a threat and kept everyone safe'. Further footage shows a police dog handler shouting to colleagues that King had attempted to shoot police dog Merlyn. Pc Foster has since made a full recovery from his injuries, police have said, while King was taken to hospital and discharged 10 days later. Judge Jonathan Cooper jailed King for nine years with a further three years on extended licence. He previously pleaded guilty to unlawful wounding, having an article with a blade or point, having an offensive weapon, wounding with intent and affray.
Daily Mail
13 minutes ago
- Daily Mail
Met Police's use of live facial recognition is 'unlawful', equality watchdog warns
The use of live facial recognition by Britain's biggest police force is 'unlawful' and not compatible with human rights laws, the equalities watchdog has said. The Equality and Human Rights Commission (EHRC) has claimed Scotland Yard's rules and safeguards fall short of standards and could have a 'chilling effect' on individuals' rights when deployed at protests. Live facial recognition (LFR) is set to be deployed by the force at Notting Hill Carnival over the August bank holiday weekend. More than one million people are expected to converge on the streets of west London for the annual celebration. And Metropolitan Police commissioner Sir Mark Rowley has already sought to reassure campaign groups that the technology will be used without bias. And a spokesman from the force said it believes its use of the tool is 'both lawful and proportionate, playing a key role in keeping Londoners safe.' The EHRC has been given permission to intervene in an upcoming judicial review over LFR, brought by privacy campaigner Big Brother Watch director Silkie Carlo and anti-knife crime community worker Shaun Thompson. They are seeking the legal challenge claiming Mr Thompson was 'grossly mistreated' after LFR wrongly identified him as a criminal last year. EHRC chief executive John Kirkpatrick said the technology, when used responsibly, can help combat serious crime and keep people safe, but the biometric data being processed is 'deeply personal'. 'The law is clear: everyone has the right to privacy, to freedom of expression and to freedom of assembly. These rights are vital for any democratic society,' he said. 'As such, there must be clear rules which guarantee that live facial recognition technology is used only where necessary, proportionate and constrained by appropriate safeguards. 'We believe that the Metropolitan Police's current policy falls short of this standard. The Met, and other forces using this technology, need to ensure they deploy it in ways which are consistent with the law and with human rights.' The watchdog said it believes the Met's policy is 'unlawful' because it is 'incompatible' with Articles 8, right to privacy, 10, freedom of expression, and 11, freedom of assembly and association of the European Convention on Human Rights. Big Brother Watch interim director Rebecca Vincent said the involvement of EHRC in the judicial review was hugely welcome in the 'landmark legal challenge'. 'The rapid proliferation of invasive live facial recognition technology without any legislation governing its use is one of the most pressing human rights concerns in the UK today,' she said. 'Live facial recognition surveillance turns our faces into barcodes and makes us a nation of suspects who, as we've seen in Shaun's case, can be falsely accused, grossly mistreated and forced to prove our innocence to authorities.' 'Given this crucial ongoing legal action, the Home Office and police's investment in this dangerous and discriminatory technology is wholly inappropriate and must stop.' It comes as Home Secretary Yvette Cooper defended plans to expand LFR across the country to catch 'high-harm' offenders last week. Last month, the Metropolitan Police announced plans to expand its use of the technology across the capital. Police bosses said LFR will now be used up to ten times per week across five days, up from the current four times per week across two days. A Met spokesman said the force welcomes the EHRC's recognition of the technology's potential in policing, and that the Court of Appeal has confirmed police can use LFR under common law powers. 'As part of this model, we have strong safeguards in place, with biometric data automatically deleted unless there is a match," they said. 'Independent research from the National Physical Laboratory has also helped us configure the technology in a way that avoids discrimination.'
The Sun
13 minutes ago
- The Sun
Tottenham ‘consider astonishing new Eze transfer bid that would see Richarlison move on and Newcastle MISS OUT on Wissa'
TOTTENHAM are reportedly considering a stunning 11th hour change to their transfer offer for Eberechi Eze, which would allow them to also sign Yoane Wissa. SunSport understand Spurs and Crystal Palace made a breakthrough in talks on Tuesday by agreeing a payment structure for a £60million deal. 2 2 However, reports suggest the North London club have made a late alteration by offering to send Richarlison - who scored twice in the 3-0 win over Burnley at the weekend - in a part-exchange. THIS IS A DEVELOPING STORY..
