Services

In our latest Marketing vs the World episode Abbie sat down with Darren Hesketh, founder of Dark Knight, who’s been working in cyber security and IT for over 27 years. And with everything that’s happened recently - including the M&S cyber attack that had half the country glued to the headlines - this conversation couldn’t have landed at a better time.

Darren breaks down what really happened, why third-party risk is exploding, how AI and deep fakes are making things trickier for everyone, and - more importantly - why marketing teams are often sitting in the biggest blind spot without realising it.

It’s practical, it’s clear, and it makes a very complex topic easy to understand. A must-listen for everyone.

Want the full conversation? You can listen to the full episode below.

Listen on Apple | Listen on Spotify

Header Marketing vs The World Podcast Inside the MS Cyber security attack

Copied to clipboard

What Really Happened with the M&S Cyber Attack?

“There’s a third party that won’t be named… that was the entry point for the breach.”

The M&S cyber attack made huge headlines – especially in retail and e-commerce – but the public comms never really explained what went wrong. Abbie calls this out early on: as someone who understands websites and press offices, she knows how much gets left unsaid.

Darren explains what we do know:

The breach started with a third-party helpdesk supporting M&S
An attacker called pretending to be an M&S employee
That third party followed their password reset process
They handed credentials over to the attacker
That created a foothold into the system

No Hollywood-style hacking. No green code on black screens. Just a people and process failure.

“This is a tech company, a large tech company, handing over information. It was all process related.”

What’s worrying is how common this pattern is becoming:

Businesses spend heavily on internal security
But third parties (contractors, suppliers, SaaS providers) often have weaker controls or more relaxed processes
Attackers have realised that the weakest link is usually a human on a helpdesk, not a server in a data centre

For marketers, that matters. Agencies, tech partners, CRO tools, analytics platforms and email providers are all potential entry points.

If you want the full breakdown of the M&S scenario (and what Darren thinks they could have done differently) listen to the full episode.

Listen on Apple | Listen on Spotify

Third Parties, Freelancers and the New Compliance Reality

“Smaller businesses used to be able to deal with large enterprises as freelancers. That landscape has totally changed.”

Abbie asks the obvious follow-up: are businesses going to get stricter about who they outsource to?

Darren’s answer: they already are.

“We’ve seen quite a tenfold increase in risk assessments in just the last couple of months.”

Here’s what he’s seeing on the ground:

More questionnaires: 50+ questions about risk, data handling and technical controls
More formal certifications: things like Cyber Essentials and ISO are being requested, even from smaller suppliers
More scrutiny of access: who can access what, from where, and with which devices?

And this affects everyone:

Agencies working with big brands
Freelancers with direct access to client systems
SaaS tools that plug into websites, CRMs or payment journeys

It’s no longer enough to vaguely say “we take security seriously” – you need evidence.

For marketing leaders, this means:

Expect longer onboarding processes for new tools and partners
Build time into your timelines for security reviews
Be ready to answer questions about where data goes, not just what the tool does

Darren shares more real examples of these risk assessments – and how he quietly helps clients fill them in – in the full episode below.

Listen on Apple | Listen on Spotify

Why Marketing Teams Are a Prime Security Blind Spot

“Marketing is the lifeblood of a business… but they’re handling 10,000 records, analytics data, and lots of tools plugged into each other.”

Abbie admits she comes “at this from a marketer’s perspective” – constantly in and out of different client systems, trialling new tools, and pushing for better performance.

Darren gently points out where that becomes risky:

“So many applications and the tooling they use are interconnected into lots of different systems. It’s quite easy these days to bring a new CRM, pull a bit of data from one place or download a piece of data.”

The problem isn’t that marketers are careless. It’s that:

They move quickly, especially under performance pressure
They’re encouraged to experiment with tools, plugins and SaaS
They don’t always fully understand how important the data is to the business
Security is often seen as “IT’s job”, not part of the marketing plan

Practical steps Darren suggests:

Educate marketing teams on how valuable their data is – and what happens if it leaks
Make sure devices used for testing, data analysis and reporting are encrypted
Review where marketing data is stored and shared (no more random spreadsheets on desktops)
Include security checks when you roll out new tools, plugins and integrations

“Security and IT needs to be on the marketing and e-com team’s agenda. They have to take some form of responsibility… not just rely on IT to be all over it.”

If you want to hear how Abbie and Darren unpack this tension between “we need results now” and “we really should not leak customer data”, listen to the full episode.

Listen on Apple | Listen on Spotify

Performance vs Protection: How to Make Smarter Calls

“That’s the trade-off: being productive versus security.”

Abbie shares a real story: a client wouldn’t sign off a behavioural tracking / A/B testing tool for security reasons. From a conversion rate optimisation perspective, it was a huge missed opportunity.

Darren’s view is that these clashes are avoidable if IT are involved sooner:

Get IT at the table when you’re planning experiments, not just when you’re asking for sign-off
Ask: “What would it take to make this secure in our environment?” rather than “Can we install this?”
Explore whether the business already has an approved alternative tool that can do 80–90% of what you need
Understand that risk assessments are not all the same – each business will weigh risk differently

“If they’re brought to the table at the beginning… maybe they had a variation of the tool they were happy with, or they could suggest a different one.”

For marketing leaders, this might look like:

Including IT in your roadmap conversations
Adding a standard “security implications” question to new projects
Documenting which tools are approved and under what conditions

It’s not about never using “shiny new tools” – it’s about making sure they’re introduced in a way that doesn’t backfire later.

To hear the full CRO example – and how Darren would’ve handled it differently – listen to the full episode.

Listen on Apple | Listen on Spotify

AI, Deep Fakes and Why Security Training Will Become Like Health & Safety

“End user education is going to be mandated – like health and safety.”

As if all of that wasn’t enough, AI has arrived and turned the dial up to 11.

Darren is seeing two big things:

Deep fake attacks

Imagine your finance team getting a call from what sounds like your CEO, asking them to urgently approve a transfer. That’s not sci-fi – it’s here.

“You’re going to see stronger and stronger verification processes… AI has got hold of their voice and the person you think you’re talking to isn’t who you’re talking to.”

Too-easy tool building

People are spinning up AI tools and SaaS products without proper security, compliance or data protection baked in from day one.

“It’s so easy today to create your own software. It’s just too easy… especially with the likes of AI.”

Darren’s current advice is practical, not panicky:

Keep AI use inside trusted ecosystems like Microsoft Copilot or Google Gemini
Don’t let AI near e-commerce transactions or financial data yet
Don’t paste sensitive or customer data into random AI tools where you don’t control the data
Treat any new AI tool like any other vendor: check where data lives, how it’s stored, and whether it’s GDPR compliant

“If they tell you they don’t know… the alarm bells should be ringing.”

And for businesses overall?

Expect mandatory cyber training to become the norm
Teach people how to spot fake emails, fake calls and fake meetings
Use multi-factor authentication and stronger verification processes as standard

For more on how attackers and defenders are both using AI – and how Darren uses AI to speed up pen testing – listen to the full episode.

Listen on Apple | Listen on Spotify

When the Worst Happens: What to Do in the First 24–48 Hours of a Breach

“Typically my advice would be: call your insurance.”

This might be the most important part of the episode.

Abbie asks: if a brand does experience a breach, what should they do in the first 24–48 hours?

Darren’s answer is surprisingly simple:

“Your first call will be your insurance. They’ll tell you where you are legally.”

Here’s why that matters:

Your cyber insurance provider will help you understand your legal position
They’ll advise how and when to communicate with customers and regulators
They can put you in touch with specialist incident responders (often covered under your policy)
They’ll help decide whether to involve the police or consider the unattractive but sometimes necessary question of whether to pay a ransom

On the technical side:

Smaller businesses will lean heavily on their managed service provider
Larger enterprises will invoke their business continuity, incident response and disaster recovery plans
Communication might move to secure channels outside the compromised environment (e.g. WhatsApp, calls, separate systems)

“By having a clear plan of what you’re going to do and who you’re going to put back first, it removes a lot of stress.”

If you take nothing else away from that section, it’s this:

Get cyber insurance
Have a plan before you need it
Assume breach – one day it might be you

Darren goes into more detail on incident response, internal comms and decision-making under pressure in the full episode – it’s well worth a listen.

Listen on Apple | Listen on Spotify

Security Mindset: Assume Breach, Plan Calmly, Stay Human

“A business now needs to assume they will be breached.”

This isn’t meant to scare you. It’s meant to free you up to plan sensibly.

Darren’s whole approach is:

Assume something will go wrong one day
Decide now how you’ll respond, who you’ll call, and what you’ll prioritise
Keep security personable and practical, not fear-driven
Remember IT aren’t “the blockers” – they’re trying to keep the lights on

Abbie sums it up nicely: we’re all trying to keep up with the speed of technology. The personal and professional blur together, and for people like Darren, “every day is genuinely a new school day”.

“AI accelerates testing and helps protect businesses. But you’ve got to understand attackers are going to be using that as well.”

He still loves the work – that constant challenge of “keeping the good people protected and the baddies out”.

If you want to hear Darren talk candidly about staying motivated in a constantly shifting landscape (and why he still calls himself a techie), listen to the full episode.

Listen on Apple | Listen on Spotify

The Good Stuff, Summed Up

Here are the key takeaways from Darren’s episode:

The M&S cyber attack appears to have started with a third-party helpdesk and a fake employee call – a people and process failure
Third parties, freelancers and SaaS tools are now under much stricter compliance pressure
Marketing and e-commerce teams hold huge amounts of sensitive data and are often the biggest blind spot
Bring IT in early on website changes, new tools and CRO testing to avoid shutdowns at the eleventh hour
AI is accelerating both defence and attack – deep fakes and easy tool-building raise new risks
Keep AI within trusted ecosystems (e.g. Copilot, Gemini) and don’t paste sensitive data into random tools
In a serious breach, your first call should be your cyber insurance provider, then IT
Every business should assume breach, have a plan, and “do the basics well” – including getting cyber insurance

For the full story, examples and plenty more nuance than we can fit into a blog, listen to the full episode of Marketing vs The World with Darren Hesketh.

Listen on Apple | Listen on Spotify

Before You Go

If this episode has made you think “Hmm… maybe I should buy my IT team a coffee,” then good - that means it’s done its job.

A few easy next steps:

Connect with Darren & Dark Knight
If your business needs someone who’ll explain cyber security in a human, no-nonsense way, reach out to Darren. He’s genuinely brilliant.

Connect with Abbie & Monday Clicks
If you’re rethinking your website setup, tools, CRO stack or content workflows, come chat to us. We blend marketing, SEO and smart strategy - and we actually get the tech side.

Listen to the full episode
There’s so much more in the conversation than we can fit into a blog. Stick it on during lunch or your commute - you’ll be glad you did.

Listen on Apple | Listen on Spotify

More Blogs