I’ve been tracking the cyberattacks on Marks & Spencer, Co-op, and Harrods every day via Google News. The updates so far have been vague—“IT systems are not fully functional,” large parts have been taken offline, and recovery is in progress.

But things got real when my colleague sent me this article from The Independent (link). It confirms that Scattered Spider—the same hacker group that hit MGM Resorts—was behind the attacks, and once again, they gained access by social engineering the IT help desk.

As someone who worked on the help desk for 8 years, this hit hard. We used to joke about users falling for phishing emails—but now it’s the tech teams themselves being duped.

And sadly, I can see how it happens:

• Many MSPs and internal help desks have high staff turnover.

• The focus is often on speed and efficiency—not strict identity verification.

• Impersonating a colleague over the phone still isn’t seen as a serious threat by some.

• Outsourced support teams, often in different countries, may not always understand local business culture or the risk of blindly trusting someone who sounds authoritative.

It’s a wake-up call.

I’m now thinking I may need to produce some cybersecurity awareness training tailored specifically for IT help desks—with real-world examples like this. Not just for our own team, but maybe even for our MSP.

In fact, I’m considering reaching out to our MSP directly to ask:

• Do their help desk staff receive monthly cybersecurity training?

• Can they share completion certificates to confirm this?

Because if we don’t challenge and verify this now, we might be the next ones in the headlines.

This is something I’ll be bringing up in our next all-staff meeting.

Has your organisation done enough to protect its help desk?