The recent cyber attacks on the Co-Op, M&S, and Harrods have once again highlighted just how vulnerable even the biggest brands can be. And while large corporations are often targeted due to the scale of data and infrastructure they manage, they’re far from alone.

According to the UK Government’s 2025 Cyber Security Breaches Survey, one in five businesses experienced at least one cyber attack in the past year. While larger organisations are usually the primary targets, 25% of small businesses also reported dealing with cybersecurity threats – suggesting that no one is immune.

In the case of the Co-Op and M&S, early reports indicate that attackers used a combination of social engineering and SIM swapping to bypass existing security measures. The method was deceptively simple: impersonate internal IT support to reset employee passwords, intercept two-factor authentication codes using a method known as SIM swapping, and then access and crack a database of hashed credentials. As for Harrods, details are scarce, but the fact that they were also compromised speaks to a broader industry vulnerability.

To say that the impact on all three businesses has been significant would be an understatement – employees are unable to work, supply chain issues are rife, and share prices are down by as much as 7.2%, wiping out half a billion pounds in market value almost overnight for just one of these companies.

It’s a common misconception that cybersecurity is a cost, but making the investment now can save you a lot of pain in the long-term.

So, what can we learn from these breaches?

Multi-Factor Authentication: Not All Authentication is Created Equal

SIM-swapping played a vital role in the attacks on the Co-Op and M&S. This type of fraud allows attackers to take control of a victim’s phone number – and with it, any two-factor authentication codes sent via text or call.

The takeaway here is simple: a single text message or email is no longer sufficient for secure verification. For businesses, the solution is to adopt stronger forms of multi-factor authentication (MFA) using end-to-end encrypted (E2EE) authenticator apps. Tools such as Microsoft Authenticator, Duo, and Authy provide a much more secure alternative that’s harder to intercept or replicate than a single text or email, both of which are inherently insecure forms of communication.

You can’t avoid SIM swapping – but you can mitigate its risk by using more secure authentication methods.

Staff Training: Your First Line of Defence

The initial breach relied heavily on tricking service desk staff into believing the caller was a trusted internal engineer. This type of attack – known as social engineering – is worryingly effective, especially when staff haven’t been trained to spot the red flags. Even the most seemingly-innocuous questions and actions can have huge ramifications.

Regular, scenario-based training sessions on phishing, impersonation, and escalation protocols are essential. Just as important is making sure staff feel empowered to question anything that seems off – even if it comes from someone claiming to be “from IT”. These regular sessions should also change with the times – as companies improve their security methods, bad actors will adopt new methods of social engineering, and your training itinerary should reflect this.

Encryption: Your Last Line of Defence

Once attackers gained access to the credentials database at the Co-Op and M&S, they were reportedly able to crack the stored hashes offline with relative ease. This strongly suggests that outdated or weak encryption algorithms were in use.

Modern businesses should be using robust, enterprise-grade encryption algorithms such as AES-256 or Argon2 for sensitive data. It’s not just about compliance – it’s about ensuring that even if data is accessed, it can’t be used.

Real-Time Monitoring and Alerting: Spot Threats Before They Snowball

Another issue highlighted by the attacks is the time it took to detect them. If real-time monitoring and alerting systems had been in place, suspicious activity might have been caught before it escalated.

There are a range of powerful solutions available to businesses of all sizes. Services like AWS GuardDuty, Azure Sentinel, Datadog Security Monitoring, and Splunk can all help organisations detect unusual behaviour in real time – from unauthorised logins to unexpected data access patterns. These tools don’t just flag potential issues – they allow teams to act on them quickly, potentially saving millions in damage and downtime.

Conclusion: Get Ahead of the Problem

No security solution is perfect. But being proactive rather than reactive is the key to reducing both risk and impact. The recent attacks on major retailers show that vulnerabilities often begin with seemingly minor gaps: an untrained employee, a weak authentication method, or a monitoring system that’s not quite up to scratch.

If you’re unsure whether your systems would stand up to a similar attack, it’s worth bringing in experts who can evaluate your current setup and help you secure the gaps before they’re exploited.

At Vertex Agility, we’ve helped organisations around the world transform their security posture. One of our proudest projects involved resolving a multi-day attack on one of the world’s largest consumer electronics providers. Their initial breach resulted in over 80 million compromised accounts and more than 20 days of disrupted service. We were brought in to assess and optimise the security of their cloud-based network and connected devices.

We built and implemented a clear, future-proof strategy – enabling the organisation to rebuild trust and dramatically improve their resilience going forwards. While we were initially brought onboard temporarily in order to provide one-off guidance, our response speed and subject-specific expertise led to the client retaining our team on an ongoing basis.

📧 Want to find out how we can help you secure your company's systems? Get in touch now