Protecting Your Website with ClerksWell's Security Solutions
Businesses are spending a lot of money on cyber resilience – this is a cost to businesses that everybody is incurring. This kind of incident will simply reinforce the importance of that kind of investment.
Sir Charlie Mayfield, Former Chair of John Lewis, Today 1 May 2025
These incidents should act as a wake-up call to all organisations. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.
National Cyber Security Centre (NCSC) CEO Dr Richard Horne
Ransomware attacks, cybersecurity breaches, and denial-of-service attacks may sound like daunting technical challenges. However, the reality is that the criminality behind the technology has not changed with the times. These cybercrimes are crafty, often opportunistic and exploit vulnerabilities just like other thieves and fraudsters do. Whether stealing your data or picking your pocket, the principles of staying secure and vigilant remain the same.
Recently, M&S faced a significant cyberattack by a notorious group known as Scattered Spider, believed to include teenagers. This attack left the British retailer unable to accept contactless payments and disrupted online shopping for over a week. The impact was felt nationwide, with empty shelves and hundreds of agency workers at the main distribution centre told to stay home.
Who Are Scattered Spider?
Scattered Spider is one of the most dangerous and active hacking groups, linked to over 100 targeted attacks across various industries, including telecoms, finance, retail, and gaming. Their infamous hacks include locking up the networks of casino operators Caesars Entertainment and MGM Resorts International, demanding hefty ransoms.
The group comprises young, English-speaking individuals, mainly based in the UK and the US, some as young as 16. They operate like an organised criminal network, decentralised and adaptive, making it challenging for authorities to catch them.
How Do They Work?
Scattered Spider often targets human vulnerabilities rather than system flaws. They use tactics like social engineering, where hackers trick people into granting system access, impersonating IT staff, or SIM swapping. In this type of attack, hackers trick phone providers into transferring a victim's phone service to a SIM card under the hacker's control. This allows the hacker to approve two-factor authentication requests and gain access to the victim's private accounts. In a phishing attack, cyber criminals send fake emails, messages, or links that appear to be from legitimate sources, such as banks, colleagues, or well-known companies. The goal is to trick individuals into clicking on malicious links, downloading infected files, or revealing personal information like passwords or account numbers.
The Impact on M&S
The attack on M&S appears to be financially motivated, aiming to extract as much money as possible. The brand's prominence in British culture and history adds pressure on M&S to meet the hackers' demands. In response, M&S paused orders via its websites and apps, although the product range remains available to browse online. They assured customers that no action was needed on their part and promised to keep them informed of any changes.
Effective cyber governance
The NCSC publishes a broad range of advice and guidance particularly for large organisations who should consider cyber security a priority. - Large organisations - NCSC.GOV.UK
ClerksWell's Perspective
At ClerksWell, we understand the importance of robust cybersecurity measures to protect your website from such threats. Our comprehensive security offering includes:
- Multi-Factor Authentication (MFA): Ensuring all users have MFA enabled provides an additional layer of protection against password attacks, making it harder for unauthorised access to your website's backend.
- Regular Cybersecurity Training: We emphasise the importance of cybersecurity awareness and ensure all users are regularly trained to recognise and respond to potential threats.
- Timely Security Updates: Applying all required security updates promptly helps protect your website from known vulnerabilities.
- Regular Security Scans: We conduct regular scans of your website to identify and address possible security vulnerabilities proactively.
What We Offer Our Clients
ClerksWell is proud to be ISO 27001 certified, a globally recognised standard for information security management. This certification demonstrates our commitment to maintaining the highest levels of data security and protecting sensitive information. For our team, it means adhering to rigorous security protocols and continuously improving our security practices, ensuring that we are well-equipped to handle any potential threats. For our clients, working with an ISO 27001 certified agency like ClerksWell provides peace of mind, knowing that their data is managed with the utmost care and in compliance with international best practices. The benefits include enhanced trust and credibility, reduced risk of data breaches, and assurance that we are dedicated to safeguarding their information. This certification not only strengthens our security posture but also positions us as a reliable partner in the ever-evolving landscape of cybersecurity.
Schedule a health check
Don't wait for a cyberattack to expose vulnerabilities in your digital estate. Speak to ClerksWell today about a comprehensive security health check for your website and digital assets. Our expert team will help you identify potential risks and implement robust security measures to protect your business. Contact us now to ensure your digital presence is secure and resilient against cyber threats.
Stay vigilant, stay secure, and let ClerksWell be your trusted partner.