You may have seen recent headlines about a ransomware attack on M&S, where suspicions are pointing to the notorious organised criminal group known as Scattered Spider.
While investigations are ongoing, this incident is another stark reminder that cybercriminals are getting smarter and they’re increasingly targeting people, not just systems.
As an IT support company working with UK businesses every day, we want to help you understand how these types of attacks happen and how you can protect your business.
Who is Scattered Spider?
Scattered Spider is a cybercriminal group that has made a name for itself by using social engineering – in other words, manipulating people – to gain access to sensitive data and internal systems.
Unlike traditional hackers who rely on technical exploits, Scattered Spider is patient, strategic, and disturbingly effective at getting people to unwittingly open the door.
How do they do it?
These attackers don’t start by “hacking in” – they trick their way in. Here are some of the tactics they use:
- Phishing emails – convincing messages that appear to be from trusted sources, asking staff to click links, download files or share login details.
- SIM swapping – gaining control of an employee’s phone number to intercept messages, including MFA codes.
- Pretexting – impersonating IT staff or senior leadership to persuade someone to give up access credentials.
- MFA bombing – flooding users with multiple multi-factor authentication requests in the hope that one gets approved out of frustration.
Why this should matter to your business
These threats aren’t just targeting big corporations. Small and medium-sized businesses are increasingly in the firing line because they often have weaker security and criminals know it.
The reality is that your biggest vulnerability isn’t necessarily your software or your firewall – it’s your people. And that’s exactly what groups like Scattered Spider exploit.
What you can do to protect your business
Fortunately, there are practical steps you can take to make your business a much harder target:
- Employee Training
Keep sessions short, engaging, and relevant.
Run simulated phishing tests to identify and support staff who may be vulnerable.
A recent cyber security training that we carried out reduced the instances of staff clicking on suspicious links by 60%.
Encourage a “no blame” culture so employees feel comfortable reporting mistakes.
- Use Multi-Factor Authentication (MFA) – Properly
MFA adds a critical layer of defence, but it needs to be implemented thoughtfully.
Use app-based MFA (such as Microsoft Authenticator) rather than SMS where possible.
Educate staff on the risks of “MFA fatigue” – never approve a login notification you didn’t initiate.
Monitor for unusual login activity across devices and locations.
- Enforce Strong Password Practices
Weak or reused passwords are still a major security risk.
Require long, unique passwords for all accounts.
Encourage the use of password managers to securely store login credentials.
Consider implementing a password policy that includes regular updates and account lockout after repeated failed login attempts.
- Partner with an Expert IT Support Provider
Cybersecurity isn’t a set-it-and-forget-it exercise. Threats are evolving all the time. We help our clients to stay ahead of the curve with proactive monitoring, employee training, secure configuration of systems, and fast incident response if the worst happens.
Cyber Essentials Assured Service Provider
We recommend gaining Cyber Essentials accreditation. This will help you to safeguard sensitive data and your business reputation. It demonstrates to clients, suppliers and staff that you take their data seriously.
nTrust is a Cyber Essentials Assured Service Provider, meeting the NCSC’s (National Cyber Security Centre) requirements for cyber security experts.
Our qualified IT engineers can help you audit, prepare and attain this highly regarded IT certificate, so you have peace of mind that you’ve taken the necessary steps to implement a robust protection against cyber-attacks.
If you don’t have the in-house knowledge to implement Cyber Essentials, then we’re here to help.
If you’re unsure whether your business has the right protections in place, or you’d like help implementing some of the steps mentioned above, please send us a message or call 03331 50 60 70.
The M&S attack is a wake-up call. If a major retailer can be caught out by social engineering, it highlights just how important it is for every business – regardless of size – to strengthen their cyber resilience.
And just in case…
If you should get any communications from M&S, Co-op or Harrods, or actually any organisation asking you to do mildly suspicious things, do be careful and don’t blindly answer any emails.
