What UK businesses must do now to strengthen cyber defences

A spate of recent cyberattacks targeting UK retailers has revealed a stark reality.

Threat actors and their methods are evolving faster than businesses are strengthening their cyber security defences.

These breaches, linked to the hacking group known as Scattered Spider, have exposed a worrying level of vulnerability, particularly the retail sector’s security infrastructure.

Rather than simple brute-force smash-and-grabs, these attacks demonstrated a high degree of sophistication.

If your systems aren’t adequately secure and your staff insufficiently vigilant, your business could be the next victim.

Six areas of focus for preventing a breach

Here are eight urgent, actionable steps businesses should be taking in response to the recent wave of cyberattacks.

1.     Audit how you reset and grant access to team members.


At Solsoft, we will never ask you for your password and if you ask us, we have security processes in place to verify genuine requests.

Review how your staff request and process password resets, for not just Microsoft 365 but also any independent, such as web apps or internal line of business systems.

If these procedures rely solely on e-mail or helpdesk ticketing without external verification, they are likely to be vulnerable.

Trust but verify. Always.

Recommended actions:

  • Require verbal verification or multi-channel confirmation before processing password changes.
  • Limit who can reset privileged accounts.
  • Keep a record of all reset requests and approvals.

2.     Verify multi-factor authentication (MFA) and conditional access settings

Having MFA in place on its own isn’t enough. Using conditional access policies available on certain license types with Microsoft 365, you can reliably enforce these settings for all users so there are no exceptions.

Recommended actions:

  • Apply MFA to all user accounts by using conditional access, so users are automatically opted in.
  • Do not allow any exceptions, preventing attackers from using your internal network to bypass MFA.
  • Consider password-less (FIDO-2 based passkeys) for high risk users.
  • Implement restrictions for non-compliant devices and block logins from unfamiliar IP ranges or unmanaged devices.
  • Disable legacy authentication protocols that bypass MFA enforcement.

3.     Enable and monitor ‘risky sign-in’ alerts

Many modern platforms such as Microsoft 365 and Azure AD offer risk-based conditional access and login monitoring for an additional license fee. These tools flag unusual behaviour, such as sign-ins from new locations or suspicious devices.

Recommended actions:

  • Deploy Microsoft Entra ID P2 licenses to all users and enable Identity Protection features.
  • Configure policies that block risky sign ins and report them to IT.

4.     Carry out regular remediation of outstanding vulnerabilities

Many organisations perform vulnerability scans only annually, often to meet compliance requirements such as Cyber Essentials Plus.

Long gaps between scans and the actual remediation of identified issues leave systems exposed. This delay provides attackers with ample opportunity to exploit unpatched vulnerabilities in your IT infrastructure.

To reduce risk, ensure that remediation is treated as a continuous process, not just a compliance checkbox, by arranging for more frequent scans or implementing a managed security agreement.

Recommended actions:

  • Increase the frequency of vulnerability scans beyond annual compliance checks to proactively identify new risks as they emerge. Quarterly or monthly scans are often more effective.
  • Establish a structured remediation workflow to ensure identified vulnerabilities are prioritised and resolved within defined timeframes based on risk level.
  • Consider a managed security agreement to provide continuous monitoring, scanning, and remediation support, helping maintain security posture between formal assessments.

5.     Limit Access to Files and Systems on a Need-to-Know Basis

Not every user needs access to every file, system, or tool all the time.

By limiting access to only what’s necessary for someone to do their job, you reduce the damage that can be done if an account is compromised.

This is part of an “assume breach” mindset. Plan as if attackers will get in, and make sure they can’t go far if they do.

Striking a balance between security and productivity is key, smart access control should protect the business without slowing people down from working effectively.

It’s a difficult balance, but one that is key to a good strategy.

Recommended actions:

  • Restrict access to sensitive files and systems based on job roles, only give users what they need to do their work.
  • Use approval-based, time-limited access (Just-In-Time access) for higher-risk permissions, so elevated access is only granted when it’s truly needed.
  • Review user access regularly to keep permissions up to date and remove access that’s no longer necessary.

6.     Create a cyber response plan

No matter how strong your defences are, incidents can and do happen.

A cyber response plan helps your organisation react quickly and effectively when something goes wrong.

Whether it’s a ransomware attack, data breach, or suspicious activity, knowing in advance who does what and how to communicate both internally and externally, can make the difference between a controlled incident and a full-blown crisis.

Recommended actions:

  • Develop and document a step-by-step incident response plan covering detection, containment, communication, and recovery.
  • Assign clear roles and responsibilities to team members, including IT, legal, communications, and executive stakeholders.

Test the plan through tabletop exercises to ensure everyone knows their role and your response is fast, coordinated, and effective.

RELATED RESOURCES