Company News
28 Mar, 2022
We have moved!
Redloft Technology are excited to announce that our head office has moved to a new location to support our ever growing highly-skilled team.
Why Do Businesses Keep Getting Hacked?
Author
Tim Mansell
Why Do Businesses Keep Getting Hacked and How to Ensure You Don’t
In today’s digital world, no business is too big or too small to be targeted by hackers. Attack vectors multiply, threats evolve and the consequences of a breach can be severe. Here’s a look at why companies keep getting hacked, some recent examples of high‑profile attacks, what happens when things go wrong and a detailed checklist of what businesses can do to protect themselves.
Why Businesses Get Hacked
Several factors contribute to recurring cyberattacks:
• Human error and social engineering: Phishing, impersonation, credential reuse, weak passwords or falling for scams are among the most common entry points.
• Supply chain and third‑party vulnerabilities: Even if your own systems are tight, a vendor or partner with poor security can be the weak link.
• Outdated software & unpatched systems: Vulnerabilities in software are constantly discovered; if patches aren’t applied quickly, attackers exploit them.
• Poor configuration & default settings: Misconfigured cloud storage, default admin accounts, weak firewall/permissions settings often leave doors open.
• Insufficient monitoring, detection & response: Delays in detecting a breach or lacking plans to respond worsen the impact.
• Resource constraints: Some smaller businesses or ones that don’t prioritise cybersecurity underinvest in personnel, training, tools.
• Growing sophistication of attackers: Ransomware gangs, nation‑state actors or criminal groups are more organised, using automation, AI, zero‑days, etc.
Recent High‑Profile Examples
Here are a few recent hacks to illustrate how attacks occur and the damage they cause:
Marks & Spencer (M&S), Co‑op, Harrods
In spring 2025, several retailers were targeted by cyber groups exploiting service desks and systems through social engineering and credential attacks (e.g. impersonating employees to reset credentials, disable MFA).
These retailers suffered disruption to online sales and app orders, stock shortages, loss of revenue and erosion of customer confidence. M&S as an example, estimated it took a £300 million hit in operating profits
Jaguar Land Rover (JLR)
At the beginning of September 2025 a cyberattack (attributed to groups like Scattered Spider) forced JLR to shut down global manufacturing sites (excluding China) due to system outages, impacting operations and supply chain.
The effects on the business were widespread. Lost production, supply chain disruption, financial losses in the tens of millions and global reputational damage.
Heathrow Airport & Collins Aerospace
Also in September 2025, Heathrow Airport was one of several major European airports affected by a cyberattack that targeted a third‑party systems provider, Collins Aerospace, whose software (MUSE) is used for check‑in and boarding operations.
The attack disrupted digital check‑in and boarding services, meaning staff had to fall back to manual procedures with passengers experiencing long queues, delays and confusion. Other European airports (Berlin, Brussels, Dublin) were also affected by the same third‑party outage, demonstrating the ripple effect when dependencies fail.
Effects of a Hack on a Business
When a breach occurs, the consequences go beyond immediate technical damage. Here are some of the effects organisations tend to face:
• Financial loss: direct (ransom, remediation, legal fees) plus indirect (lost revenue, downtime, supply chain delays)
• Reputational damage: customers lose trust and brand image can be tarnished long‑term
• Regulatory penalties and legal exposure: data protection laws (GDPR, etc.) impose obligations; breach of these can lead to fines
• Customer churn and loss: people stop doing business with companies that don’t protect their data
• Operational disruption: systems offline, employees unable to work, logistics/supply chain breakdowns
• Increased insurance premiums: cyber‑insurance tends to reflect risk and prior breaches often raise costs
• Strategic setbacks: delays in product launches, lost market opportunity, sometimes even exit of partners/shareholders
How to Secure Your Business & Prevent Hacking: A Detailed Checklist
Here are our recommended proactive steps to reduce risk and build resilience. Some are foundational; others more advanced, but all worthwhile.
• Inventory & risk assessment
• Know every system, application, device, vendor and third‑party connected to your network
• Identify which data/assets are most valuable and what you’d lose if they were exposed or unavailable
• Conduct regular vulnerability assessments and penetration tests
• Access control & identity management
• Enforce least privilege: only give people/systems the permissions they need
• Use strong authentication: strong, unique passwords and Multi‑Factor Authentication (MFA) everywhere
• Regularly review, revoke or adjust access rights (especially when people change roles or leave)
• Apply IAM (Identity & Access Management) tools and zero‑trust principles
• Software hygiene & patch management
• Keep all software, firmware and operating systems up‑to‑date with security patches
• Monitor for zero‑day vulnerabilities and respond quickly
• Avoid using unsupported or end‑of‑life software
• Network security & segmentation
• Segment networks so that a breach in one part doesn’t allow free movement across everything
• Use firewalls, intrusion detection / prevention systems, VPNs for remote access
• Secure cloud configurations / storage buckets / APIs - misconfigured cloud is a frequent source of breaches
• Backup & business continuity planning
• Maintain reliable, tested backups of critical data (offline or immutable where possible)
• Have a disaster recovery / incident response plan: who does what, communication flow, roles identified
• Train and run simulations / drills: know how you’d respond under pressure
• Monitoring, detection & response
• Set up logging, alerting and continuous monitoring; look for unusual activity
• Use SIEM (Security Information and Event Management) or similar tools to aggregate and analyse events
• Have a dedicated security team or external experts and a clear chain of escalation
• Employee training & culture
• Regular training on phishing, social engineering, impersonation attacks
• Test employees (e.g. phishing simulation) to reinforce good habits
• Build culture where security is everyone’s responsibility; encourage reporting of suspicious activity
• Vendor & third‑party management
• Assess and monitor the security posture of all vendors/partners who have access or connect to your systems
• Include cybersecurity clauses in contracts; ensure compliance with standards
• Limit vendor access using segmentation; ensure their credentials and practices are audited
• Encryption & data protection
• Encrypt sensitive data at rest and in transit
• Use secure protocols (TLS, Encryption, etc.)
• Mask or anonymise data where possible and minimise how much sensitive data you store
• Regulatory compliance & insurance, such as Cyber Essentials, Cyber Essentials Plus and ISO 27001.
• Stay aware of laws/regulations that apply (e.g. GDPR, UK Data Protection Act, sector‑specific rules)
• Ensure policies, processes and documentation is in place for data privacy/security compliance
• Review your cyber‑insurance coverage to ensure it covers relevant risks and incident response costs
• Advanced / forward‑looking measures
• Threat intelligence: monitor what kinds of attacks are happening in your sector and region
• Use technologies like Endpoint Detection & Response (EDR), Network Detection & Response (NDR)
• Explore “zero‑trust” and “just‑in‑time” access models
• Use AI/ML‑based anomaly detection if feasible
• Regular strategy reviews: attack surface changes with new tech, remote work, IoT, etc.
Cyberattacks are no longer an “if” but “when” for many businesses. The frequency, sophistication and damage of breaches has been increasing. But with the right planning, investment and culture, businesses can reduce the likelihood of being hacked and dramatically limit the damage when they are.
Security isn’t a one‑off project, it’s ongoing. The moment you relax, the attackers are finding the next gap.
To discuss how Redloft Technology can help with cyber security for your business, contact us today. Your action today can secure your organisation’s future.
Tags
Related Posts
All posts
Business and Industry
15 Mar, 2023
What does the Spring Budget 2023 mean for UK business
Businesses can benefit from grants to purchase new IT equipment, as well as tax credits for research and development.
Software
23 Mar, 2023
Microsoft Office 2013 End of Support
Support for Microsoft Office 2013 will cease on 11th April 2023.
Software
8 Mar, 2024
3CX have launched V20
Two years in the making, 3CX Version 20 Final is heralded as the future of business telephony.
Security
30 Mar, 2024
World Backup Day - 31st March
World Backup Day, observed annually on 31st March, serves as a reminder of the critical importance of data backup in our digital age
Business and Industry
25 Oct, 2024
AI in Business: Unleashing the Power of Copilot and ChatGPT
Artificial Intelligence (AI) has become a transformative force in the business world, offering tools that enhance efficiency, decision-making, and productivity. Among the growing suite of AI-driven technologies, Copilot and ChatGPT stand out as game-changers. These tools, designed to streamline workflows and augment human capabilities, have sparked both excitement and debate. Here’s a balanced look at the potential of these AI tools, the data privacy concerns they raise, and the considerations businesses need to keep in mind.
Business and Industry
6 Nov, 2024
Managed IT Support in Coleshill
Empowering Small Businesses with Redloft Technology
Cloud Services
9 Dec, 2024
Understanding Microsoft 365 – Part 4: Microsoft Planner
In our previous posts, we explored Microsoft 365’s cloud storage, Microsoft Teams, and how they streamline collaboration. Now, in Part 4, we’ll dive into Microsoft Planner, a flexible and easy-to-use project management tool that integrates directly with Microsoft 365. Planner is ideal for tracking tasks, managing projects, and keeping teams aligned, making it a valuable addition to any modern workplace.
Security
5 Aug, 2025
Why Managed IT is essential for your business
The alarming impact of recent Cyber‑Attacks on UK retail – and why Managed IT is no longer optional
Cloud Services
16 Jul, 2021
Microsoft Windows 365 launched
Microsoft has launched a new cloud service, we look into what this service looks like, what it can do, and why you might use it.
Business and Industry
17 Mar, 2023
Microsoft announce Microsoft 365 Copilot
Microsoft announced it’s next-generation AI tool - Microsoft 365 Copilot.
Cloud Services
18 Nov, 2024
Understanding Microsoft 365 – Part 1: What is Microsoft 365?
Microsoft 365 is packed with powerful tools for modern businesses, but it’s often underutilized or misunderstood—a challenge we encounter frequently when working with new clients. In this series, we’ll demystify Microsoft 365, clear up misconceptions, and share tips to help you maximise your subscription. Let’s start by exploring what Microsoft 365 is, where it came from, and what it includes today.
Cloud Services
25 Nov, 2024
Understanding Microsoft 365 – Part 2: Cloud Storage
In Part 1 of this series, we explored the evolution and scope of Microsoft 365. Today, we’re diving into one of the most crucial components for modern businesses: cloud storage. Microsoft 365 offers two powerful storage solutions—OneDrive and SharePoint—designed to make file storage, sharing, and collaboration seamless. In this post, we’ll cover what each tool offers, their key differences, and practical advice on using them to enhance productivity and data security.
Cloud Services
2 Dec, 2024
Understanding Microsoft 365 – Part 3: Microsoft Teams
In Parts 1 and 2 of this series, we covered the origins of Microsoft 365 and explored its cloud storage solutions, OneDrive and SharePoint. In Part 3, we’ll look at Microsoft Teams, the collaboration hub that brings communication, file sharing, and productivity tools together in one place. Since its launch, Teams has transformed how businesses communicate, making it a powerful asset for remote and in-office work alike.
Cloud Services
16 Dec, 2024
Understanding Microsoft 365 – Part 5: Security and Policy
Throughout this series, we’ve explored Microsoft 365’s productivity tools, from cloud storage and collaboration with Teams to task management with Planner. Now, in our final post, we’ll examine the robust security and device management tools in Microsoft 365. In a world where cyber threats are constantly evolving, securing data and managing devices are critical to maintaining a safe, efficient workplace. Microsoft 365 provides a range of security and device management solutions designed to protect businesses from data breaches, cyber-attacks, and other security risks.
Security
13 Nov, 2024
Shadow IT: Is Your Data Going Rogue?
With countless apps and tools at our fingertips, it’s easy for data to end up in unexpected places. Shadow IT—unapproved tools and software used by employees—can make it harder than ever to keep track of your business information. So, do you really know where all your data is right now? If you’re not sure, it might be time to shine a light on Shadow IT.
Security
9 Sep, 2021
Are passwords still secure?
With multi factor authentication upping the anti of application security, in isolation passwords are now seen as a somewhat basic security feature. However they are still an important aspect of your data protection. After all, what’s the benefit of two-factor authentication if one level is overly simple to override.
Cloud Services
28 Feb, 2023
Understanding the benefits of private cloud
We discuss the trend of moving to and the benefits of private cloud.