High-profile cyberattacks targeting Qantas in Australia and M&S, Harrods and Co-op in the UK have revealed hard truths about the vulnerabilities built into modern supply chains. These incidents offer vital lessons for supply chain leaders, risk managers, and executives alike.
1. Third-party vendors can be your weakest link
In both the Qantas and M&S cases, attackers infiltrated systems by exploiting weaknesses in external vendors. At Qantas, a call centre provider was used as the entry point through a social engineering scam, while M&S suffered a breach via a contractor involved in user password resets. These examples highlight the need for strict vetting of third parties, regular audits, and contractual clauses that require vendors to report breaches immediately.
2. Humans remain cybersecurity’s biggest vulnerability
Criminal groups used tactics like phishing and vishing—voice-based social engineering—to manipulate staff into granting access. Even systems protected by multi-factor authentication can be bypassed if an employee is tricked. Regular, realistic training for staff is essential, helping employees detect and resist increasingly sophisticated attacks.
Read Also: From hype to reality: Blockchain’s role in modern warehousing
3. Layered defence and segmentation matter
Qantas’ internal system design managed to contain the breach, limiting it to customer-facing platforms. However, M&S experienced significant operational disruption, including impacts on its payment and ordering systems. The difference comes down to network segmentation and access controls. Limiting vendor privileges and separating core systems from customer-facing tools is a critical security practice.
4. Preparation and response can save your reputation
How organisations respond to a breach plays a major role in preserving public trust. M&S reportedly faced significant financial losses from operational downtime, while Qantas moved quickly to acknowledge the breach and communicate with affected customers. Companies that practise regular incident simulations—including legal, communications and insurance teams—respond more effectively under real pressure.
5. Cyber incidents ripple through the entire supply chain
M&S’ outage not only affected its operations—it disrupted suppliers of ambient goods who were suddenly unable to fulfil orders. Similarly, a breach in one part of a logistics network can bring regional operations to a standstill. When one link in the chain breaks, the impact spreads fast and wide.
What organisations can take from this:
- Expand supplier oversight: Insist on robust certifications, regular penetration testing, and breach reporting obligations.
- Train your people: Conduct phishing simulations and awareness training quarterly to build frontline defence.
- Reinforce your architecture: Use layered security, segmented systems, and enforce strict access controls.
- Practice your response: Schedule regular cyber incident rehearsals to prepare for high-pressure decision making.
- Plan beyond your systems: Understand how upstream or downstream failures could disrupt your business.
When the next breach happens—and it will—it’s the level of preparedness that will define whether a company weathers the storm or gets swept away.
Cejay is a Content Producer for Supply Chain Channel, Australia's learning ecosystem created to fill the need for information, networking, case studies and empowerment for everyone in the supply chain sector.
