Friday, July 17, 2026
  • About
  • Advertise
  • Careers
  • Contact
NewsTrendsKE
  • Business
    • Deals
  • OpEds
  • Sustainability
  • Women in Business
  • Lifestyle
  • Featured
  • Technology
    • Phones
  • Sports
  • World
  • Contact Us
No Result
View All Result
NewsTrendsKE
No Result
View All Result

Home » Technology » From London to Lagos: Why retailers everywhere must prepare for the next wave of cyberattacks

From London to Lagos: Why retailers everywhere must prepare for the next wave of cyberattacks

Queen Amber by Queen Amber
12 months ago
in Technology
Reading Time: 4 mins read
A A
Share on FacebookShare on TwitterShare on WhatsApp
KnowBe4

In April, two of Britain’s biggest retailers got hit by a massive cyberattack by the notorious Scattered Spider group, leading to substantial financial losses, operational disruptions and compromised customer data (http://apo-opa.co/40O1faD). M&S suffered losses of £300 million (http://apo-opa.co/40O1gLJ) (roughly R7.3 billion) due to the attack, with supply chains affected for weeks. On top of the direct losses, over £1 billion was stripped from the organisation’s market value (http://apo-opa.co/4lPmMb3). Similarly, the Co-op experienced data breaches (http://apo-opa.co/4524lud) affecting customers’ personal information, while Harrods reported attempted cyberattacks (http://apo-opa.co/3GIeSl3), but managed to maintain online operations.

Also Read

Spotify’s Karibu Night Brings Kenyan Music and Fashion Together in Nairobi

17 July 2026
spotify logo

Spotify Opens Greasy Tunes Café Kitchen in Nairobi With The BAG

17 July 2026
Load More

“These attacks aren’t just about stolen data,” says Anna Collard, SVP of Content Strategy & Evangelist at KnowBe4 Africa. “They took whole systems offline.

“In retail, downtime is a critical threat – it affects sales, customer trust, and brand loyalty, instantly.”

A new kind of threat actor

Unlike traditional ransomware gangs, Scattered Spider is decentralised, native English-speaking, and highly adaptive. “Scattered Spider aren’t mere opportunistic hackers,” explains Collard. “They operate more like well-funded, well-organised crime syndicates.”

With some members as young as 19, they coordinate their activities on platforms like Discord and Telegram. “They’re agile, patient and disturbingly good at blending in,” she says. Added to this, they have great expertise in human psychology, as showcased during their attacks on Las Vegas casinos in 2023 (http://apo-opa.co/4nPvtnM).

Their primary weapons, therefore, aren’t just digital – they’re human. “They’ve mastered social engineering,” says Collard. “They specialise in exploiting human trust. From vishing (voice phishing) to impersonating internal staff and triggering what’s referred to as ‘MFA fatigue’; they’re skilled manipulators who understand both systems and people.”

MFA fatigue is one of the growing tactics they’re known for which involves triggering repeated multi-factor authentication (MFA) prompts, hoping the bombarded employees eventually click “approve” just to make the interruptions stop.

“Legacy systems, shadow IT, and poorly enforced policies create entry points. Attackers don’t need to break in if they can just log in.”

Another alleged tactic Scattered Spider used in its latest attacks involved calling IT helpdesks to reset credentials, gaining access to their target’s infrastructure and subsequently deploying a ransomware-as-a-service tool. The outcome? Encrypted systems, stalled operations, and a long road to recovery.

Why Africa should be paying close attention

Retailers across Africa – particularly in South Africa, Nigeria, and Kenya – are digitally transforming at a rapid pace. Cloud-based POS systems, centralised inventory platforms, and data-driven loyalty programmes are now standard. But these digital advancements also expand attack surfaces.

High employee turnover, remote workforces, and under-resourced helpdesks can compound exposure. And while business English is common in South Africa, this linguistic advantage also makes local teams more susceptible to social engineering by fluent English-speaking attackers.

“Our local executives aren’t naïve,” Collard notes. “Many are acutely aware of the risks. What’s needed now is clarity on what really matters – and cutting through the noise.”

Pepkor IT’s CISO, Duncan Rae, delivered an insightful talk at the ITWeb Security Summit in May where he warned that cybersecurity teams are often overwhelmed – not just by threats, but by too many competing priorities. Teams are bombarded with shiny, new tools and threat reports spreading fear, uncertainty, and doubt (FUD) which sometimes makes organisations lose sight of the basics, he warned.

“These basics include managing human risk, addressing third-party exposure, and hardening vulnerabilities,” according to Rae.

What needs to change?

Collard points to gaps in access controls, third-party risk management, and cloud security as common weaknesses – not just in the UK, but globally. “Legacy systems, shadow IT, and poorly enforced policies create entry points,” she warns. “Attackers don’t need to break in if they can just log in.”

For African retail leaders, this is a call to fortify the human layer.

“Train your frontline teams, especially in helpdesk and customer support. Teach them to detect manipulation. Make secure behaviour the norm – not the exception.”

Equally important, she says, is embedding cybersecurity into leadership conversations. “Cybersecurity is not just an IT function. It’s a board-level business risk.

“Executives must ask tough questions about readiness, incident response, and accountability.”

From awareness to action

Too often, security training is treated as a box-ticking exercise. Collard urges a more thoughtful approach: “Training must resonate. It should be contextual, culturally relevant, and delivered in local languages where appropriate.”

She challenges business leaders with the following:

  • Could an attacker trick your helpdesk into a password reset?
  • Would your staff recognise a social engineering attempt?
  • Do you test these scenarios regularly?

“If the answer is ‘no’ to any of these, your organisation is vulnerable,” Collard says. “But the good news is that change is possible – and fast – when you start investing in the human element.”

“Cyber resilience is a collective responsibility,” she concludes. “And in an interconnected world, learning from each other’s crises is one of the smartest defences we have.”

Distributed by APO Group on behalf of KnowBe4.

Contact details:
KnowBe4:
Anne Dolinschek 
anned@knowbe4.com

Red Ribbon:
TJ Coenraad 
tayla@redribboncommunications.co.za

Media files
KnowBe4
Download logo
Previous Post

American Tower Corporation (ATC) Nigeria Partners with ProFuturo Foundation to Transform Educational Landscape in Nigeria through Digital Innovation and Technology

Next Post

Kenya Moves Closer to Paperless Governance as KARMA Champions Digitisation Drive

Related Posts

Lifestyle

Spotify’s Karibu Night Brings Kenyan Music and Fashion Together in Nairobi

17 July 2026
spotify logo
Lifestyle

Spotify Opens Greasy Tunes Café Kitchen in Nairobi With The BAG

17 July 2026
Aga Khan University Hospital Nairobi unveils AI-enabled radiotherapy technology to treat Cancer
Health

Aga Khan University’s Brain and Mind Institute Takes Kenya On a Major Pathway Towards Awareness of Neurological Conditions

17 July 2026
Liberty Kenya Holdings Chief Executive, Kieran Godden speaking during the Liberty pension conference held in Nairobi
Health

Liberty Kenya Enhances LifeVest with Built-in Critical Illness and Disability Protection 

17 July 2026
Canon Camera

Choosing the Best Camera for Wedding Photography: Sony a7iv, Canon R6 II, or Nikon Z6III

21 March 2025
Matatu Owners Association President Albert Karagacha, KCB Unit Head, Asset Finance and Insurance, Juliana Kinyua, and ePureMotion CEO Gilbert Saggia demonstrate the EV charging system during the official launch of an EV charging site for Matatu Owners Association vehicles in Buruburu, Nairobi, on July 14, 2026.

Buruburu PSV EV Charging Station Site Marks Major Milestone in Kenya’s Electric Matatu Journey

17 July 2026
President William Ruto flanked by Environment CS Aden Duale. [PCS]

List of President William Ruto’s Advisors

24 March 2026
BLACKISH Icecream

BLACKISH Ice cream: Dairyland Introduces Kenya’s First-Ever Black Ice Cream

17 July 2026
Defence PS Dr Patrick Mariru, Chief of the Defence Forces General Charles Kahariri, Housing PS Charles Hinga, and KCB Bank Kenya MD Annastacia Kimtai display the signed MOU allowing KDF officers to buy units under the Affordable Housing Programme under the Civil servants' mortgage scheme at 4% interest.

KDF Officers to Access Decent Housing After Signing 4pc Mortgage Deal

17 July 2026
Acting Chief Executive and Head of Personal and Private Banking, Stanbic Bank Kenya and South Sudan, Abraham Ongenge (R) with The Deputy Inspector General (DIG), Head of Administration Police Service, Gilbert Masengeli (L), during the ground breaking ceremony for the construction of a guard house at the facility.

Stanbic Bank Kenya expands solutions for National Police Service and institutions serving communities across Kenya

16 July 2026
NewsTrendsKE

NewsTrendsKE

A News Blog For Readers Who Want More

Follow us on social media:

  • About
  • Advertise
  • Careers
  • Contact

©2026 NewsTrendsKE.

No Result
View All Result
  • Business
    • Deals
  • OpEds
  • Sustainability
  • Women in Business
  • Lifestyle
  • Featured
  • Technology
    • Phones
  • Sports
  • World
  • Contact Us

©2026 NewsTrendsKE.

Go to mobile version