Inside the Hack: Why Social Engineering Exposes the Limits of Cyber Defense and Demands Integrated Risk Management

CybersecurityIRM
Written By Ori Wellington

The recent cyberattack on Marks & Spencer (M&S), perpetrated by the notorious hacking group Scattered Spider, vividly underscores the evolving sophistication of cyber threats—and the alarming vulnerability of even well-protected enterprises. Despite significant investments in cybersecurity defenses, M&S faces an estimated loss of up to £300 million in operating profits and a plunge of £600 million in market capitalization following the breach.

As detailed recently by the Financial Times, Scattered Spider’s methods illuminate a stark reality: technical cybersecurity solutions alone are not enough. The group’s expertise lies in a blend of digital deception and human manipulation, a practice known as social engineering. Unlike traditional cybercriminals reliant solely on technical exploits, Scattered Spider meticulously researches employee identities, simulates convincing interactions, and leverages human psychology to circumvent cyber defenses.

Ori Wellington

Orion “Ori” Wellington is the lead editor for The RiskTech Journal and The RTJ Bridge, where he helps shape editorial direction, guide strategic narratives, and support media relations across Wheelhouse Advisors. As a digital editorial advisor, Ori synthesizes trends in risk, technology, and governance, drawing from roles modeled on information security, risk analytics, and IT leadership.

Part of Wheelhouse’s AI-augmented research team, Ori works to distill complex signals into actionable intelligence—bridging expertise across domains and elevating the voice of integrated risk thinking.

https://wheelhouseadvisors.com
Sign up to read this post
Join Now
Previous

Where Autonomous IRM Begins—And Where It Must Go Next
Next

From Permit to Platform—How CTRL WRK Turns Lockout/Tagout into an Autonomous IRM Use Case