British organisations are being warned to tighten up their cyber defences, after a series of high profile cyberattacks against well known high street retailers.

The warning, from GCHQ’s National Cyber Security Centre (NCSC), says that the disruption caused by the recent incidents in the retail sector must serve as a wake up call to all organisations.

It comes after Marks & Spencer (M&S) was recently hit by a cyberattack, for which it apologised and stopped taking online and app orders.

Retail cyberattacks

Indeed, so severe is the cyberattack impact on M&S, that last week it had instructed agency staff at its central England distribution centre near Derby to stay at home.

Then it emerged that another well known high street chain, the Co-op, also had to shutdown part of its IT systems.

The Co-Op said the measures to protect its systems included the shutdown of some business services for teams running stores and its legal services division.

Then it emerged that Harrods, a globally recognised purveyor of luxury items, has become the third major UK retailer to confirm an attempted cyberattack on its systems in under two weeks.

Harrods confirmed to the Register that it had “experienced attempts to gain unauthorised access to some of our systems,” and its IT security team immediately restricted access to certain systems.

Meanwhile senior threat intel advisor Will Thomas warned UK retailers last week to take proactive measures to fortify their cyber defences.

Thomas tweeted on X (formerly Twitter): “There is an active cybercriminal (Scattered Spider-style) ransomware campaign targeting your sector.”

NCSC warning, recommendations

And now the UK’s cyber guardian, NCSC, confirmed it is working with the organisations affected.

“The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers and the public,” said NCSC CEO Dr Richard Horne.

“The NCSC continues to work closely with organisations that have reported incidents to us to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture,” said Dr Horne.

“These incidents should act as a wake-up call to all organisations,” he said. “I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.”

NCSC also issued the following recommendations for UK retailers impacted by the wave of cyberattacks.