Latest news with #RichardHorne
Epoch Times
21-05-2025
- Business
- Epoch Times
UK Businesses Lag on Cybersecurity After £300 Million M&S Hack: NCSC
The head of the National Cyber Security Centre (NCSC) has warned that businesses are not doing 'nearly enough' to protect themselves from cyber threats, following a major cyberattack on retailer Marks & Spencer. Richard Horne, chief executive of the NCSC, said there is a 'widening gap' between the rising threat of cyberattacks and organisations' readiness to defend against them. Writing in The Times of London, Horne urged businesses to act immediately on the NCSC's publicly available security advice. 'This is effective risk management, and any business leader who thinks they may be exempt from cyber risks should think again — and implement our advice immediately,' he said. The warning comes as Marks & Spencer confirmed that the expected cost of the cyberattack, which took place around the Easter weekend, is around £300 million. The breach forced the retailer to suspend online orders and led to the loss of customer data. Related Stories 7/18/2024 5/9/2025 Speaking to reporters on Wednesday, Marks & Spencer Chief Executive Stuart Machin said hackers had exploited a third-party vendor after a case of 'human error.' 'We didn't leave the door open, this wasn't anything to do with under-investment. Everyone is vulnerable. For us, we were unlucky on this particular day through some human error,' he said. The high street retail giant said disruption to online shopping could continue into July, adding it is taking proactive measures to minimise the disruption for customers. The attack is the latest in a wave of cyber incidents affecting major UK retailers. The Co-op and Harrods have also been targeted in recent weeks. The Co-op confirmed last week that it is now 'in the recovery phase' and gradually bringing systems back online. Breaches Surge, Call Centres Vulnerable Official figures reveal that half of all businesses and 66 percent of high-income charities reported experiencing a cybersecurity breach or attack in the past 12 months. The rate is even higher among medium-sized businesses (70 percent) and large businesses (74 percent). Daniel Teacher, CEO of accounting and finance IT security firm T-Tech, has noted that organisations with extensive customer service operations are especially susceptible to fraudulent phone calls. This vulnerability arises because call handlers, trained to be helpful, can be manipulated by attackers using targeted tactics to reset multifactor authentication for impersonated individuals. Teacher also stressed the need for managed security, where organisations can quickly spot and respond to breaches. 'With M&S, they were in the system for days before it was detected,' he said. A logo is displayed on a television screen in the National Cyber Security Centre in London, on Feb. 14, Essentials and Business Resilience The NCSC has stressed that the cyberattacks on retailers 'should act as a wake-up call to all organisations.' The NCSC is urging companies to adopt its Cyber Essentials programme, a government-backed certification scheme designed to help companies guard against common threats such as malware, phishing, and hacking. The scheme is meant for any organisation regardless of size or sector, but the NCSC particularly recommends it to small- and medium-sized enterprises, many of which may lack in-house cyber expertise but remain vulnerable to attacks. For medium and large organisations, the government has designed the Lindsay Hill, CEO of Manchester-based cybersecurity firm Mitigo, said the code isn't a legal requirement yet, but the government may make it mandatory later if not enough businesses follow it. Other measures to strengthen the UK's cyber defences will be laid out in the Cyber Security and Resilience Bill. The bill, to be introduced in Parliament this year, aims to strengthen the nation's cyber defences by expanding current regulations and mandating more detailed reporting of incidents, including ransomware attacks. This comes as A recent report by the Public Accounts Committee said that government resilience is 'substantially lower than the Cabinet Office expected,' with departments having 'multiple fundamental control failures, including risk management and response planning.' M&S Profits Rise Despite Breach Marks & Spencer is still struggling with the impact of the cyberattack. The retailer expects increased stock management costs in the second quarter. The retailer reported a stronger-than-expected performance for the year ending in March, posting an adjusted pre-tax profit of £875.5 million, up 22.2 percent on the previous year. Group revenues rose by 6 percent to £13.8 billion, driven by an 8.7 percent increase in food sales and a 3.5 percent rise in fashion, home, and beauty sales. PA Media contributed to this report.
Times
21-05-2025
- Business
- Times
Businesses ignore advice on preventing cyberattacks, says GCHQ
GCHQ's cybersecurity chief has expressed his frustration that British organisations are not following 'freely available' advice to thwart hackers. In a letter to The Times, Richard Horne, the chief executive of the National Cyber Security Centre, said that the recent spate of attacks on the retail sector 'must give us pause … not because they are unique, but because they are not.' He said that businesses 'must operate in a way that minimises the risks', adding that even though NCSC security guidance is freely available on its website, 'it is not being followed nearly enough across the UK'. Horne said: 'There is a widening gap between the increasing cyber risks we face and our ability to defend ourselves against them.' He added: 'Any business
Yahoo
13-05-2025
- Business
- Yahoo
M&S says hackers gained access to customer data in April cyberattack
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Marks and Spencer Group has begun notifying customers that hackers accessed some of their data in an April cyberattack, according to a trading update released Tuesday. The British retailer said the information does not include 'usable payment or card details,' which it does not store on its own systems, nor any password information. However, customers will be prompted to reset their passwords the next time they visit M&S online or attempt to log in to their accounts, according to the update from CEO Stuart Machin. The company has shared information about how to remain safe online, according to the update. M&S is one of three major U.K. retailers — along with the famed Harrods department store and the supermarket chain Co-op — to be targeted in a recent cyberattack spree by highly skilled hackers. The notorious cybercrime group Scattered Spider has been linked to the attack, although a separate group called DragonForce has claimed credit for the intrusions. The attacks disrupted online purchases and impacted some store inventories. The U.K.'s National Cyber Security Centre issued a statement earlier this month confirming that it was working with the retailers to get a better understanding of the attacks. NCSC CEO Richard Horne described the incidents as a wakeup call, and officials released guidance for how to mitigate future ransomware attacks. In a note to customers from Jayne Wall, M&S's operations director, the company said the stolen customer information could include basic contact details, dates of birth and online order histories. Payment information might have been stolen, the company said, but detailed payment card data would be masked and would, therefore, be unusable. The stolen information could also include customer reference numbers for M&S credit card or Sparks Pay holders, according to a frequently asked questions page. Customers were warned to be on alert for fraudulent calls, emails or text messages claiming to be from the retailer. Despite the lack of actionable payments information, customers should remain vigilant about hackers potentially abusing the additional personal details, according to Matt Hull, head of threat intelligence at NCC Group. 'Despite the absence of financial data or passwords, threat actors could potentially use the stolen information to launch targeted social engineering attacks,' Hull said. 'Stay vigilant for phishing messages pretending to be from M&S or other companies you've dealt with.'
New York Times
13-05-2025
- Business
- New York Times
U.K. Retail Giant M&S Says Customer Data Was Compromised in Cyberattack
Marks & Spencer, the large British retailer, said on Tuesday that some customer data had been stolen in a cyberattack last month, an incident that has left the company unable to process online orders for weeks. In an email to customers, M&S said that while some personal data, potentially including contact details and dates of birth, may have been accessed during the attack, there was no evidence that it had been shared. No card or payment details nor account passwords were compromised, the email said. M&S, which reported more than 13 billion British pounds (roughly $17.2 billion) in annual revenue in the year ending in March 2024, reported the incident to government and law enforcement officials. The disclosure followed recent attacks on other British retailers. In late April, Harrods experienced brief disruptions, restricting internet access at its sites as a security measure. Co-op, another British retailer, reported that a cyberattack last month caused limited impact to some back office and call center services. Ransom attacks, which sometimes aim to disrupt services in addition to stealing customer data, have been increasing in frequency and severity. In recent years, hospitals have been crippled by attacks, including in Britain last year, when hospitals had to cancel more than 800 planned operations, and 700 outpatient appointments needed to be rescheduled, including 97 cancer treatments, in the first week after the incident. It remained unclear who perpetrated the attacks and if they were connected. Britain's National Cyber Security Center said in a statement this month that it was working with the affected companies. 'These incidents should act as a wake-up call to all organizations,' said Richard Horne, the agency's chief executive. He urged companies to ensure they had appropriate measures in place to prevent future attacks. The National Cyber Security Center was working to understand the nature of the attacks and to provide counsel to the sector.
Times
08-05-2025
- Business
- Times
UK under assault as number of ‘significant' cyberattacks doubles
Britain has suffered double the number of 'nationally significant' cyberattacks in recent months compared with the year before, according to GCHQ. Richard Horne, chief executive of the National Cyber Security Centre (NCSC), said that the GCHQ unit has managed 200 cyberattacks since September, which includes 'twice as many nationally significant incidents as the same period last year'. In the year to September 2024 the NCSC said that there were 89 nationally significant incidents, '12 of which were at the top end of the scale and more severe in nature'. Referencing the recent attacks on Marks & Spencer, Co-op and Harrods, Horne told the CyberUK conference in Manchester that 'the threat picture is diverse and dramatic' and called ransomware 'a persistent threat'. Ransomware describes a form
