How ZTNA and DLP Team Up to Prevent Breaches

• The M&S cyberattack exposed just how outdated VPNs have become—and the high cost of ignoring that reality.
• ZTNA and DLP work together to secure critical data and enable safe remote work.
• A phased rollout of ZTNA and DLP can strengthen defences without disrupting productivity or pulling the plug on your infrastructure.

In April 2025, a cyberattack linked to threat group Scattered Spider hit British retailer Marks & Spencer, resulting in over £100 million in losses. The attackers exploited weaknesses in traditional VPNs—weaknesses that so many threat actors rely on to steal customer data, disrupt online orders and wreak havoc on operations. The impact was immediate—stock dropped, systems stalled and public trust wavered.

Retailers like M&S are especially vulnerable. They depend on e-commerce, third-party vendors and hybrid teams, all of which expand the attack surface. One stolen credential can unlock a web of systems—and when defenders rely on implicit trust within the network, it’s already too late. Some companies react by shutting down their systems. But that doesn’t solve the problem—it just grinds operations to a halt. 

Preparation is the smarter path. Zero Trust Network Access (ZTNA) paired with Data Loss Prevention (DLP) offers a way forward: tighten access, secure sensitive data and keep businesses running, even under pressure.

The M&S wake-up call: VPNs aren’t enough

The M&S attack exploited VPN vulnerabilities, still a common weak link in retail. Broad network access allowed attackers to steal customer data (names, addresses, order histories) and disrupt operations, including e-commerce and supply chains. The breach cost M&S over £100 million, a 10% drop in share value and potential GDPR fines.

This wasn’t an isolated case, either. With 56% of organizations experiencing VPN-related cyberattacks, the attack reflects a broader trend: traditional perimeter-based security fails in today’s distributed, cloud-first world. Retail’s reliance on customer data and online platforms makes it an especially prime target.

Shutting down IT systems might seem like a fast fix, but it just disrupts operations further. M&S’s experience shows how such measures cripple business continuity, alienating customers and stunting revenue. Instead, prevention—not panic—using modern tools like ZTNA and DLP directly addresses core issues: overly broad access, limited visibility and weak data controls. These tools also support work-from-home (WFH) initiatives while maintaining compliance with regulations like GDPR.

ZTNA: Securing Access with Zero Trust

ZTNA replaces VPNs with an identity-centric, “never trust, always verify” approach that reduces the attack surface. Instead of blanket access, users reach only specific apps based on identity, device and context. Continuous monitoring and microsegmentation stop lateral movement—key in the M&S breach. Its cloud-native design also keeps remote access secure without slowing down your users.

DLP: Identifying and Protecting Sensitive Data

DLP complements ZTNA by finding and classifying sensitive data across cloud, endpoints and SaaS platforms. It flags high-risk assets like customer databases and monitors data movement, such as downloads to personal devices. With a clear view of sensitive data, DLP ensures ZTNA policies target the most critical assets first, significantly reducing your risk of breaches. For example, DLP can flag GDPR-covered customer data, prompting stricter access controls to prevent theft.

ZTNA + DLP = Security-First WFH

Together, ZTNA and DLP secure remote users without compromising productivity. DLP finds where sensitive data lives (in Salesforce, for instance, or on the local network), while ZTNA restricts access based on identity and device context, blocking attackers even if credentials are stolen. Integration with SIEM tools enhances visibility for rapid incident response—something M&S lacked during its breach. Together, they detect insider threats, speed up response with SIEM integration and keep tools like Microsoft 365 secure. Yes, even on home Wi-Fi.

Implement ZTNA and DLP in steps

Rolling out ZTNA and DLP doesn’t have to be all or nothing. This phased approach helps build a comprehensive information security stack without pulling the plug on IT systems.

Step 1: Identify critical assets with DLP

Start with visibility. Deploy DLP to scan all environments—on-premises, cloud, endpoints and SaaS—for sensitive data. In M&S’s case, this would have flagged customer databases and loyalty programs as high-risk due to PII and GDPR exposure. In 1–2 months, you’ll have a prioritized asset inventory to guide ZTNA’s rollout.

Step 2: Secure high-risk assets with ZTNA

Apply ZTNA to the assets flagged by DLP, using fine-tuned access controls. At M&S, that would’ve meant securing e-commerce systems with MFA, device compliance and role-based access. ZTNA hides apps from the public internet and can revoke access if DLP detects risky behavior. This 2–3-month phase locks down critical systems with minimal disruption.

Step 3: Pilot with high-risk users

Test your setup with WFH groups who handle sensitive data, like customer support or third-party vendors—a weak spot in the M&S breach. DLP monitors these users’ data interactions, while ZTNA enforces strict access rules. Setting aside 1–2-months for a pilot can help smooth adoption and address friction in user training.

Step 4: Scale and optimize

Expand ZTNA and DLP to more assets and users over 6-12 months, using pilot feedback to refine policies. DLP’s ongoing monitoring updates the data inventory, while ZTNA scales to cover all work-from-anywhere scenarios. Integration with existing security tools (like SIEM tools) can further improve your threat detection and response. 

Don’t panic—prepare

The M&S attack is a wake-up call, not a one-off. As digital footprints grow, so do the stakes—and ZTNA’s ability to isolate apps, verify every access attempt and support remote work makes it a must-have. With implementation costs dwarfed by potential breach fallout, the investment is a no-brainer. GDPR fines, customer trust erosion and major business disruption aren’t risks worth gambling on.

The bottom line: Cyber attacks are inevitable, but preparation can prevent catastrophe. Together, Symantec ZTNA and DLP help secure your critical assets and enable WFH without resorting to extreme measures like shutting down systems. By starting with DLP to identify sensitive data and ZTNA to secure access, businesses can protect their crown jewels—customer data, e-commerce platforms and more—while maintaining operational continuity. 

Now is the time to act: Test and adopt Symantec ZTNA and Symantec DLP to future-proof your organization, avoid M&S’s fate and build a resilient, secure digital future. To get started, contact your local partner.