beebright - stock.adobe.com
High-profile attacks underline ransomware threat
With the headlines dominated by recent incidents that have impacted retailers and the channel, the need remains for partners to continue to support customers
High-profile attacks on Ingram Micro, Marks and Spencer (M&S) and the Co-op have reminded the channel of the need to encourage customers to protect themselves against ransomware.
The past few days have seen Ingram recovering from a ransomware attack that hit the distributor late last week, and the chairman of M&S sharing the impact on the retailer with a Parliamentary committee.
Added to that is the announcement from the National Crime Agency (NCA) that four people – aged between 17 and 19 in London and the West Midlands – were arrested for the attacks on M&S and the Co-op.
Each time there is a development in the story, whether it be a company update or arrests, it puts the topic of ransomware and its impacts back on the agenda.
Spencer Starkey, executive vice-president for EMEA at SonicWall, said there was a need to work with customers to improve their security defences.
“These are significant and disruptive cyber attacks, and while M&S has actively worked to resolve the issue with the assistance of cyber security experts and national authorities, there is still currently no definitive timeline for full recovery,” he said. “We have seen at SonicWall that organisations were under critical attack for an average of 68 days in 2024, highlighting the potential for prolonged recovery periods following sophisticated cyber attacks.
“The recent retail attacks align with trends in Sonicwall’s 2025 Threat report, which shows a sharp rise in sophisticated attacks,” said Starkey. “Threat actors are now exploiting vulnerabilities within 48 hours of disclosure – far faster than most organisations can patch – highlighting a growing gap between threat velocity and enterprise readiness. Retail is one of the key targets for hacker groups and bad actors.”
Security a top customer concern
Starkey added that in light of what has recently happened, the focus on security had to remain a top customer concern.
“It’s vital every single business has a robust roadmap in place to deploy if and when an attack happens,” he said. “The preparation always begins with prevention: layered security systems and updated employee training are basic principles in today’s risky environment.
“Everyone involved should have a well-defined role and key responsibilities before the crisis occurs,” said Starkey. “Customer and employee communication is key, and the company must always strive to keep those channels flowing both ways, to reassure people and organisations who might be affected that they are doing everything possible to recover from and resolve the incident.”
Where the channel has some work to do is not just in delivering security, backup and recovery tools, but in working with customers to improve policies and awareness, and iron out some kinks in that openness between staff and employer.
Research shared from Cohesity has revealed a concerning level of staff would not inform their boss if they fell victim to an attack. The firm found that 79% would not inform superiors for fear of being blamed or causing a fuss.
“Staying silent if they suspect a malicious cyber attack is quite possibly the worst thing an employee could do, particularly when they claim to know the dangers,” said Olivier Savornin, group vice-president for Europe at Cohesity. “This reluctance to speak up leaves organisations in the dark and vulnerable to serious damage to the business.
“We need to create a workplace culture where people feel comfortable raising the alarm, and are properly trained on how to recognise a cyber threat and the correct action to take – no matter how small the issue might seem,” he added.
