Written by Travis DeForge, Director of Offensive Cybersecurity at Abacus Group.
In recent weeks, the UK retail sector has been rocked by a series of high-profile cyber-attacks, targeting prominent retailers such as Marks & Spencer (M&S), the Co-operative Group (Co-op), and Harrods. These incidents have exposed some novel vulnerabilities in technology, but more predominantly underscore the importance of remaining vigilant against the increasingly aggressive nature of cyber criminals.
These incidents, attributed to the hacking group known as Scattered Spider, also referred to as Octo Tempest, involved sophisticated techniques leveraged to gain unauthorized access to sensitive customer and financial data. The attackers reportedly gained access to M&S systems as early as February 2025, stealing sensitive data, including the NTDS.dit file, which contains user credentials. They then deployed "DragonForce" ransomware to encrypt the company's servers. These breaches have not only compromised sensitive information but also shaken consumer confidence and highlighted the potential financial repercussions for affected companies. While details continue to emerge, initial reports suggest that social engineering played a significant role in the malicious actors obtaining initial access.
At Social engineering is a manipulation technique that exploits human psychology to gain access to confidential information or systems. Traditionally, it involved simple tactics like phishing emails, where attackers trick individuals into revealing sensitive data by posing as legitimate entities. However, over the last few years, and accelerated by the expanded use of Large Language Models (LLMs), social engineering has evolved significantly, now encompassing a sophisticated array of methods that leverage artificial intelligence (AI).
Modern attackers use AI to craft highly personalized and convincing messages, automate large-scale phishing campaigns, and even simulate human interactions in real-time, utilizing deep fake technology. This evolution has made social engineering attacks more effective and challenging to detect, emphasizing the need for advanced security measures and continuous awareness training.
While it is challenging to remain fully protected against an ever-changing cacophony of adversarial tactics, techniques, and procedures (TTPs), there are proactive measures that firms can take to ensure their defense-in-depth strategy remains robust. Our clients across the financial sector have found the best success by combining a thorough, holistic assessment of existing security controls with highly sophisticated threat emulation simulations like Social Engineering Testing.
Beyond ensuring the organizational risks are understood at the business level, additional best practices can be implemented in parallel to ensure users are best protected against threats.
As firms increasingly rely on various Software as a Service (SaaS) platforms, the complexity of their attack surface grows, introducing additional third-party risks. A comprehensive cybersecurity risk assessment is essential to understand how these third parties integrate and contribute to the overall risk posture. This process should extend beyond traditional questionnaires or interview-based assessments to include hands-on technical analysis of configurations within business operations.
A thorough cybersecurity risk assessment involves several key steps:
By conducting a detailed risk assessment, organizations can identify specific areas for improvement and make informed decisions about where to invest in security measures. As best practice, these assessments should be conducted annually, or when a significant change to the organization occurs, such as through mergers or acquisitions. This proactive approach not only helps mitigate risks but ensures compliance with industry regulations and standards.
Social engineering testing involves simulating real-world attacks to assess the human element of security within an organization. This goes far beyond traditional awareness training and seeks to leverage the most advanced adversarial tactics such as bypassing multi-factor authentication (MFA) and leveraging AI to conduct real time deep fakes. This approach helps identify vulnerabilities from human behavior, such as susceptibility to phishing attacks or manipulation. By performing regular social engineering tests, organizations can:
These attacks have also demonstrated that while many firms have Business Continuity and Disaster Recovery (BCDR) and Incident Response plans in place, they are often not fully understood by the key stakeholders and have gaps which can add to confusion. By conducting regular tabletop testing of the incident response plan firms can think through realistic scenarios and identify any shortcomings in the plan, before having to put it into action.
The FCA and the SEC have specific requirements for testing incident response plans, but these tests can sometimes be seen as a regulatory “check the box”. Rather, ensuring robust, engaging and realistic scenarios can quickly identify fundamental shortcomings and lead to a prudent roadmap to effectively manage and mitigate the impact of security incidents.
The recent cyber-attacks on UK retailers serve as a stark reminder of the evolving threat landscape. For financial sector leaders, adopting proactive measures is crucial to staying protected. By prioritizing these strategies, organizations can fortify their defenses, safeguard sensitive information, and maintain consumer trust.
These Stories on Blog