Listen here instead:
In recent weeks, three major UK institutions — the NHS, Marks & Spencer, and the Ministry of Justice — have fallen victim to high-profile cyber attacks. The fact that these reputable enterprises were hacked might come as a surprise to you, but to me? Not so much.
As someone working in cyber security day in and day out, my view is simple: these incidents are not just big company problems. In fact, if you run or manage an SMB, these attacks should be setting off alarm bells. This is not about fearmongering, but the sad reality is that SMBs are even more exposed than large corporations in many ways.
Let’s unpack what happened, what it means for SMBs, and more importantly, what actions you should take today.
–
What This Article Covers:
- How the Attacks Happened
- Cyber Resilience Matters
- Start With Your Supply Chain
- Why MFA Alone Won’t Protect You Anymore
- The One Quick Win: Managed Detection & Response (MDR)
- How Babble Helps SMBs Build True Cyber Resilience
How the Attacks Happened: Mobile Entry Points and Supply Chain Weaknesses
Let’s start with the National Health Service (NHS) attack. This was carried out by Scatter Spider, a well-known and highly capable hacking group. In essence, they exploited a vulnerability in Ivanti Endpoint Manager, a piece of software used to manage mobile devices and endpoints. As a result, they accessed sensitive data — including patient records, phone numbers, and critically, authentication tokens. That would lead one to believe that there is potential for follow-on attacks.
The Marks & Spencer breach was quite similar to the NHS breach, as the attackers targeted mobile entry points – via E-SIMs this time – to exploit vulnerabilities in a third-party supplier. The details haven’t all been made public (M&S is a private company), but the pattern is clear.
The original plan was to only discuss those two, but I can’t help but mention the Legal Aid breach because it’s quite related. So, we’ve also seen Legal Aid (a part of the Ministry of Justice) attacked in a similar way. The main difference is that this attack has been linked to Chinese IP addresses, which is quite concerning.
The key point is this: attackers are no longer going straight for the front door. They’re finding weaknesses in:
- Mobile device management
- Third-party suppliers
- Supply chain partners
And they’re exploiting those gaps to devastating effect. Marks & Spencer is facing a £300 million hit to its operating profit this fiscal year purely from not being able to trade due to the attack.
Read more about it here.
Cyber Resilience Matters — No Matter the Size of Your Business
What should SMBs take from this? It doesn’t matter if you’re a global brand or a two-man band, there’s a lesson to be learned for everyone. And that lesson is cyber resilience.
Too many businesses think that having a few good tools in place is enough. It’s not. At the very least, you need:
- Layered defences
- Regular testing
- Vigilance over your entire supply chain
Attackers look for the weakest link (“vulnerabilities” is not just a buzzword). In these incidents, that vulnerability was third-party software and mobile entry points — key areas that many SMBs neglect.
Start With Your Supply Chain: The First Check Every SMB Should Make
Keeping your business safe is a team sport, so taking stock of your vendors is critical. If you only do one thing today, do this: review your suppliers.
- Are they properly accredited (e.g. ISO 27001)?
- Do they have Cyber Essentials?
- Are they regularly tested and patched?
Many SMBs simply assume their suppliers are secure. But as we saw with the NHS and M&S incidents, that can be a costly mistake.
Why MFA Alone Won’t Protect You Anymore
In an earlier article, I mentioned that MFA (Multi-Factor Authentication) is one of the easiest and most effective ways to enhance your security. But it isn’t the “end all be all”. Many of my SMB clients will say, ‘We’ve got MFA, so we’re fine, right?’. Wrong.
In 2025, just having MFA switched on is no longer acceptable (but you should still definitely turn it on). Put simply, if attackers know your defences, they’ll find a way around them.
Attackers are already bypassing MFA through:
- SIM swapping
- Stealing authentication tokens
- Credential fraud
The One Quick Win: Managed Detection & Response (MDR)
Most SMBs don’t have the resources to constantly monitor for unauthorised logins, suspicious behaviours, emerging attack patterns and the like. So what can SMBs do that’s practical and effective?
One of the best quick wins is deploying Managed Detection & Response (MDR). As I mentioned in this article, MDR providers offer continuous threat monitoring, detection, and response, using advanced technologies and expert analysts to identify and neutralise threats before they can cause harm. Think of MDR as your 24/7 expert eyes and ears that spots attacks that basic defences miss.
Beyond MDR, it’s also crucial to:
- Patch and update software
- Harden mobile device security
- Run regular penetration tests to uncover real-world vulnerabilities
How Babble Helps SMBs Build True Cyber Resilience
At Babble, we understand that there is no one-size-fits-all tool. We believe in actionable, real-world security tailored to your SMB’s needs.
Here’s what we offer to safeguard SMBs:
- Penetration testing: We identify all gaps and vulnerabilities in your business.
- Help achieve Cyber Essentials/Cyber Essentials Plus: These are the right foundations for a stable and secure way of working.
- Mobile security expertise: The threat landscape is constantly evolving, and we pride ourselves on staying ahead of the game.
- MDR services: Most importantly, we provide ongoing guidance, in addition to proactive monitoring and threat detection.
Final Thought: The Time to Act Is Now
If large organisations like the NHS and M&S can be breached, SMBs are even more vulnerable.
But the good news is that building resilience isn’t out of reach. With a proactive mindset, reputable partners, and the right layered approach, you can dramatically reduce your risk.
Don’t wait until you’re the next headline. The time to act is today.
