The recent wave of cyberattacks targeting major UK retailers has highlighted the growing security risks associated with organisations running outdated systems and applications and maintaining weak identity verification protocols.
These incidents—particularly the Marks & Spencer and the Co-Op—have starkly exposed how vulnerable legacy infrastructure and insufficient access controls can be.
In each case, attackers successfully used social engineering or posed as legitimate employees and manipulated IT help desks into resetting internal passwords, ultimately gaining access to critical systems.
The breaches led to serious operational disruption and substantial financial consequences, underscoring the urgent need for organisations toeliminate all areas of potential risks in line with today’s threat landscape.
With the end of Windows 10 support fast approaching, on 14th October 2025, these events serve as a timely warning: continuing to rely on unsupported operating systems not only increases exposure to such attacks but also reflects a broader gap in cyber resilience that organisations must urgently address.
“These attacks are a stark reminder that security breaches often begin with people and their lack of regular training’,” said Roy Charman, CTO Infrastructure at Espria. “When outdated systems are involved, it compounds the problem. Without security updates, patches and support, any known vulnerabilities remain wide open to exploitation.”
Recent data shows that 52% of UK businesses are still operating on Windows 10. After Microsoft withdraws all support in October, these systems will no longer receive security updates or patches—leaving organisations increasingly vulnerable to threats and long-term cyber risk.
“The real concern is not just the deadline—it’s the lack of preparedness,” continued Charman. “Many organisations have yet to assess which of their devices can be upgraded, which need replacing, and what the rollout timeline should look like. Delaying that process leaves very little room to act effectively later.”
“We’re not just talking about technology upgrades; we’re talking about safeguarding day-to-day operations, customer data, and organisational resilience,” he added. “This is a window of opportunity to strengthen security across the board—not just by moving to a supported OS, but by re-evaluating the basics, like password policies, help desk verification protocols, and device hygiene.”
Security experts at Espria advise organisations to take the following steps without delay:
- Audit all devices still running Windows 10 to assess compatibility for upgrade
- Develop a structured migration plan to Windows 11, prioritising systems that handle sensitive data or critical operations
- Strengthen help desk protocols and identity verification processes to reduce the risk of social engineering attacks
- Ensure endpoint protection tools are fully deployed, updated, and aligned with current threat landscapes
With Microsoft’s support deadline now just five months away, organisations are being urged to make the transition a strategic priority.
Charman concluded: “These incidents make one thing clear: attackers aren’t relying on sophisticated hacks—they’re exploiting basic oversights in process and system maintenance, continuing to run Windows 10 past its support deadline isn’t just a technical risk—it’s an open invitation to be targeted next.”
Leave a Comment