UK Cyberattacks: Firms are Not Equipped to Defend Against Modern Cyberattacks

Recent cyber-attacks should be a “wake-up call”, Cabinet Minister Pat McFadden has warned.

More than ever, we are seeing an increasing number of scams, phishing attacks, data breaches and cybersecurity threats across the UK.

With large corporations such as M&S, Co-op and Harrods among some of the latest targets of recent cyberattacks, businesses of any industry or size should be taking precautions against attacks and scams.

The latest hit of Cybersecurity scams have caused serious issues for the retailers, from supply chain and delivery issues, to M&S recently confirming that customer data has been stolen.

Cisco’s latest Index, reveals that as little as 4% of UK firms are fully equipped to defend against today’s sophisticated cyber threats.

While it’s yet to be confirmed, many of the recent high-profile UK businesses, such as Harrods, M&S and Co-op are thought to have been attributed to a hacking group known as Scattered Spider.

There are a variety of methods of attacks this group and other hacking groups follow in order to gain access to business systems and cause damage.

A favoured attack technique for this group is ‘SIM Swapping’. A SIM swapping attack occurs when a fraudster convinces a mobile network provider to transfer a victim’s phone number to their own SIM card, or convinces a mobile phone carrier to switch mobile numbers to a SIM in the hacker’s possession.

Once this has been done, fraudsters can intercept phone calls, text messages and gain access to two-factor or multifactor verification.

After gaining control of the phone number, the hacker can change the passwords to all the accounts that use that number for two-factor or multifactor verification, which allows them easy access to all the victims’ accounts and sensitive information.

These hackers might use phishing emails, data breaches or social media profiles to collect personal data on you, and with enough information, they can often convince victims to change their SIM card by convincing them there is an issue with their current SIM.

A Malware based cyber attack involves using malicious software to get into business systems and cause damage to business, or steal data.

Malware attacks can come in various forms, these might include:

• Viruses – Malware that replicates itself and spreads to other files or systems.
• Spyware – Malware that tracks and collects information about a user’s activities without their knowledge.

Phishing attacks are a type of social engineering attack which involves fraudsters impersonating legitimate entities and trick users into opening malicious attachments or clicking on links that lead to compromised websites.

Fraudsters might pose as a large corporation, bank, or government agency and trick victims into giving away sensitive information.

Phishing attacks are often done through fake emails, texts, or websites that look genuine.

The websites may contain malware (such as ransomware) which can sabotage systems and organisations.

With the rapid speed of development in Artificial Intelligence (AI) and Machine Learning (ML) technologies, the number of AI-powered attacks has also increased. Cybersecurity professionals leverage AI and machine learning to protect online environments, however attacks also leverage these tools to steal personal and sensitive information.

AI Attacks can come in many forms, some include:

• Deepfakes – Deepfakes are AI-generated forgeries but appear very real, Deepfakes have the potential to shape people’s opinions, damage reputations, persuade others to provide sensitive information, and much more. This could come in the form of images, video, audio, etc.
• Adversarial AI and ML – Adversarial AI and ML are techniques where hackers intentionally find and exploit vulnerabilities in AI and ML systems used by businesses, causing the systems to make mistakes.
• AI-based Social Engineering – This involves fake chatbots, virtual assistants or other AI-based technologies that are capable of having human-like interactions and engaging with businesses or their customers, as victims think they are talking to a legitimate person, they can be manipulated into passing over sensitive information to hackers.

The attacks on both Marks & Spencer and Co-op started with threat actors impersonating employees while contacting the company’s IT help desk staff. They then used social engineering to convince the help desk to reset the impersonated employee’s credentials so they could gain access to the network.

The National Cyber Security Centre (NCSC) has issued a list of security recommendations for UK businesses to follow, this includes:

• Deploy multi-factor authentication (MFA) comprehensively across all systems.
• Monitor for unauthorised account use, especially risky logins flagged in Microsoft Entra ID Protection.
• Regularly audit Domain, Enterprise, and Cloud Admin accounts to verify legitimate access.
• Review helpdesk procedures to ensure strong identity verification before password resets.
• Enable your security team to detect logins from unusual sources like residential VPNs.

Demand for Cybersecurity Jobs Continues to Grows

While the risk of Cybersecurity attacks remains a threat for the UK and worldwide, the good news is that Cybersecurity has presented a huge economic opportunity.

While it might seem ironic given the current cybersecurity attacks happening, the UK is recognised as a global leader in cybersecurity innovation and commerce.

The number of Cybersecurity professionals globally stood at 5.46 million in 2024, and the UK has the largest cybersecurity market in Europe. There are about 67,300 cyber jobs in the UK, which is up 6,600 from the previous year. Cybersecurity generated revenue of £13.2 billion, which was up by 12% year-on-year.

While London remains widely considered the most popular area in the UK for cybersecurity, the Northwest of England has become a Cybersecurity hub, it’s reported that the average salary in this area for Cyber-related jobs is about £54,600 – but this can fluctuate depending on the type of Cyber career you’re working in.