- I recommend the Pixel 9 to most people looking to upgrade - especially while it's $250 off
- Google's viral research assistant just got its own app - here's how it can help you
- Sony will give you a free 55-inch 4K TV right now - but this is the last day to qualify
- I've used virtually every Linux distro, but this one has a fresh perspective
- The 7 gadgets I never travel without (and why they make such a big difference)
UK Retail Hack Was ‘Subtle, Not Complex,’ Says River Island CISO
The recent cyber-attacks on UK retail companies, such as Marks & Spencer, Co-op and Harrods, are a “wake-up call” for the retail sector and beyond, according to Sunil Patel, Information Security Officer at British fashion brand River Island.
Speaking at Infosecurity Europe 2025 on June 3, Patel said the techniques used by the threat group linked to the hacks, Scattered Spider, were “elegant and subtle, but not as complicated as we imagine.”
“A combination of social engineering – potential manipulation of tech staff into giving access – and powerful off-the-shelf ransomware-as-a-service (RaaS) makes it easier to cripple businesses,” he explained.
“Once they gained access, they watched and scoured for weeks, maybe months before acting.”
Patel emphasized how targeted the attacks were: “These weren’t opportunistic attacks, they likely conducted a long reconnaissance work beforehand,” he said.
“And let’s be honest, the UK high street is on its knees at the moment,” Patel added, suggesting that UK retail firms were already vulnerable and that the threat actor likely targeted them, knowing the economic downturn would make them easier prey as the current business focus is returning to profitability.
However, he said he believes such attacks could impact any company in any sector.
“I think it’s just the beginning of these low-friction, operationally smart malicious campaigns,” Patel said.
Empowering Employees on Security Best Practices
When asked about the lessons the retail industry should learn from these cyber-attacks, Patel said security teams should first test the real-life response of people across the organization and provide advice on how to avoid risks.
“We need to keep asking the question: are we empowering our staff to check, verify and challenge? We need to keep asking people how we can help make their life easier while securing their online presence.”
This approach should encompass the whole organization, even the CEO and other board members, Patel argued.
“If an employee wants to go off-grid and use a device or a tool that has not been approved, we need to ask why, what the legitimate reason is. And if there is no viable alternative, then we need to figure out how we can protect it as best as we can,” he explained.
Inventory, Remediation and Business Continuity
Additionally, Patel said organizations should focus on implementing three primary measures to mitigate threats posed by actors like Scattered Spider. These measures include:
- Ensuring they have a comprehensive and up-to-date inventory of assets and identities, as well as necessary security measures (multifactor authentication, least privilege, time-limited access…)
- Having data backup and system remediation processes
- Outlining a clear and easy-to-find incident response (IR) and business continuity plan
