From London to Lagos: Why African retailers must brace for the next cyber onslaught

The Scattered Spider hacking group’s recent UK attacks highlight a chilling truth—Africa’s fast-growing retail sector is equally exposed. Experts urge a shift from reactive tech tools to proactive human-focused cybersecurity.

By Nhlanhla Muthe

As cybercriminals evolve, the retail industry is facing a new era of threats and Africa is not immune. Following devastating cyberattacks on UK retail giants Marks & Spencer and the Co-op earlier this year, security experts are warning African retailers to prepare for a new breed of attacker who doesn't just steal data but shuts down entire systems.

KnowBe4, the world’s first and largest New-school Security Awareness Training and simulated phishing platform that helps you manage the ongoing problem of social engineering, issued the warning this week.

In April, the notorious “Scattered Spider” hacking group inflicted over $390 million in losses on Marks & Spencer alone, with long-term disruptions to supply chains and over $1.3 billion stripped from its market value. Anna Collard, SVP of Content Strategy & Evangelist at KnowBe4 Africa, revealed that Co-op and Harrods also fell prey, with attempted and successful breaches exposing sensitive customer data and operations.

“These attacks aren’t just about stolen data. They took whole systems offline. In retail, downtime is a critical threat—it affects sales, trust, and brand loyalty,” she said.

Scattered Spider represents a new kind of cyber adversary who is young, decentralised, English-speaking, and skilled at manipulating people. “They have mastered social engineering and tactics like MFA fatigue, bombarding staff with multi-factor authentication prompts until they give in, are just one example. Others include impersonating employees and calling helpdesks to reset passwords,” added collard.

The SVP of Content Strategy & Evangelist at KnowBe4 Africa said emphasised that African retailers should care about this new cybersecurity threat.

“From Lagos to Johannesburg to Nairobi, cloud-based POS systems, loyalty programmes, and data-rich platforms are now standard. But so too are the risks. With high staff turnover and under-resourced helpdesks, local retailers are increasingly vulnerable. Worse, attackers fluent in English can easily blend in and manipulate frontline staff,” stated Collard.

Duncan Rae, CISO at Pepkor IT, recently warned that overwhelmed security teams are distracted by “shiny tools” and constant fear-mongering, losing sight of cybersecurity basics such as human risk, third-party exposure, and patching vulnerabilities.

The fix, according to experts, lies in building a strong “human firewall.” Train frontline employees, especially those in IT support, to detect social engineering and phishing. Make secure behaviour part of daily operations, not an annual workshop.

“Executives must also get involved. Cybersecurity is not just an IT problem, it’s a business risk. Cyber resilience is everyone’s job. And in today’s world, learning from others’ crises may be our best defence,” urged Collard.