IT Brief Canada - Technology news for CIOs & IT decision-makers
Canada
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
MFA
#
Cybersecurity
#
Contactless payments

Cyberattacks highlight urgent need for Zero Trust security

Today
Author image
By Shannon Williams, Journalist

Cybersecurity experts have raised alarms over the increasing sophistication of cyber threats facing businesses, following recent incidents including the one at Marks & Spencer, in which a cyberattack caused significant disruption to contactless payments and online order collections.

These recent cyber attacks are raising urgent calls for stronger, identity-focused cybersecurity, including implementing Zero Trust principles, with traditional password hygiene no longer sufficient ahead of World Password Day.

The Marks & Spencer incident, which took place during one of the busiest retail periods, temporarily left customers unable to make digital payments or collect their online purchases, generating frustration and impacting consumer trust.

Industry analysts suggest that such attacks underline the fragility of digital operations in the absence of multi-layered and proactive cybersecurity strategies. Gopi Sirineni, CEO and Co-Founder of Axiado, commented on the incident, highlighting the evolving playbook of cybercriminals.

"A payments disruption during a peak retail period breaks customer trust and throws frontline operations into disarray. The language used and the timing suggest this wasn't accidental. It's likely the work of actors who know exactly where to strike and when it will hurt most," Sirineni said, indicating that these attacks often blend into everyday systems with the intention of creating chaos undetected.

Sirineni noted the growing prevalence of threat actors leveraging stolen credentials and identity gaps—rather than traditional malware—as a means to breach defences. He advocated for a Zero Trust security model, explaining, "Most modern attacks don't need to break in. They log in using stolen credentials or gaps in identity checks. That's why a Zero Trust model is crucial." Emphasising the limits of reactive security, he urged for the deployment of preemptive technology: "Today's security approach can't afford to wait for attacks to happen and then respond. Preemptive software that can highlight potential threats before they escalate is a must."

The call for a shift away from legacy, static cyber defences is echoed by other major voices in the cybersecurity field. CrowdStrike's 2025 Global Threat Report found that 79% of initial access attacks in the past year were malware-free, revealing a decisive trend toward identity-based attacks.

Fabio Fratucello, CrowdStrike's Field CTO World Wide, underscored this shift: "Attackers are no longer relying on malware to break through defences. Instead, they're exploiting stolen credentials and trusted identities to quietly slip into organisations and move laterally across cloud, endpoint and identity environments—often undetected."

Fratucello highlighted a 50% increase in access broker activity year over year, revealing a lucrative underground market for stolen credentials.

Experts point out that traditional password hygiene is no longer sufficient in the face of these emerging threats. Fratucello argued that organisations must adopt an identity-first security approach. This includes implementing Zero Trust principles, continuously monitoring users and access, enforcing multi-factor authentication (MFA) and passwordless solutions, and limiting privileges to the bare minimum. "Layering in AI-driven identity threat detection and unifying visibility across endpoint, identity and cloud domains helps close the gaps attackers count on," he stated, reinforcing the need for an integrated approach to cybersecurity.

The scale and sophistication of recent breaches, alongside industry insights, have prompted widespread reassessment of security practices. Axiado and CrowdStrike both advocate for advanced, AI-enabled security technologies capable of real-time threat detection, immediate anomaly isolation, and dynamic data encryption. According to Sirineni, speed is of the essence when responding to cyber incidents: "When things go wrong, the best defence is speed, speed in detection, speed in containment, and speed in recovery."

Both experts agree that complacency is not an option. "No system is too small to be a target, and no company can afford to be caught off guard," Sirineni warned, reflecting a sentiment that is likely to become central to boardroom discussions as cyberattacks continue to evolve in both frequency and complexity. The lessons from incidents such as the recent disruption at Marks & Spencer may ultimately drive greater investment in proactive, integrated, and identity-focused digital defences across the retail sector and beyond.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Weak passwords expose gaps in digital security, experts warn
Cloud Security Alliance report urges new defences for cloud
Black Kite launches tool for third-party vulnerability insight
Experts urge businesses to move beyond passwords for security
Experts warn of AI risks & password sharing on security
Top stories
Cloudflare & Anthropic team up to power secure AI app links
Juniper leads 800GbE data centre market with 44 percent share
IDeaS Cruise RMS wins top TravelTech award for innovation
Genetec plugin boosts vehicle investigation speed & insight
Amperity launches AI agent to unify fragmented customer data