From airports to major retailers and car manufacturers, 2025’s relentless wave of cyberattacks is exposing the fragility of our interconnected business world, says Jason Walsh
Blogs
Image: DAA
Dublin airport last week joined a club it surely did not want to be in, becoming one of a number of European airports to have to go back to pen and paper in the face of a cyber attack.
Happily, the airport could continue work despite the attack, but passengers can be forgiven for rueing delays and cancellations. (British police subsequently made an arrest.)
Clearly, major transport hubs being ground to a halt was a major news story, but, on the whole, cyberattacks are effectively background noise at this point. They can’t be ignored, though. While airport staff having to resort to handwritten boarding passes may mark another milestone in 2025’s cyber siege, the real cost is still being counted in boardrooms across Europe, where companies are seeing losses in the hundreds of millions.
In Britain, supermarkets Marks & Spencer and The Co-Operative, as well as department store Harrods, have all been slammed by attacks in 2025. The Co-Op alone has reported a £206 million (approx. €236 million) impact on sales. It’s not just retailers, either. Car giants Jaguar-Land Rover (JLR) and Stellantis (owner of Peugeot-Citroën, Opel, Fiat, Chrysler and others) have been hit, with JLR having to halt production and bracing itself for losses in the region of £200 million (approx. €269 million).
Today’s business technology environment is chaotic, to say the least. The frequency of attacks has reached a point where cyber security experts routinely warn that it’s not a matter of if an organisation will be targeted, but when. Likewise, the drone-forced closure of Copenhagen airport, while not a cyber security issue per se, also speaks to an increasingly volatile world thanks to the technology we rely on day and daily. The latest event to hit the headlines is a ransomware attack directed against a childcare company in Britain.
Interestingly, the Dublin airport event was a classic ‘supply chain’ attack, meaning the actual target being not the airport itself but a key supplier. This matters for a very good reason. To use a driving analogy, if you don’t want to crash you can remember to be careful on the road, but you can’t make others do so.
Supply chain attacks are a threat because they offer a way to breach multiple organisations simultaneously – or work up to the ultimate target – by compromising a single shared service provider.
Rather than attacking the target directly, hackers can target a third party company and either threaten them, potentially knocking out other companies higher up the food chain, or work toward getting access to those companies’ systems.
As a strategy, it maximises impact by exploiting typically weaker security at smaller suppliers who may lack the robust security measures of their larger clients. As a result, even organisations that have strong internal security can find themselves crippled by vulnerabilities they don’t directly control. The true moral of the story, though, is that no-one is too obscure to be a target.