Cyber attacks still seem like a dystopian ‘it will never happen to us’ to so many people. While these retail breaches have disrupted operations, and inflicted substantial financial losses, it is the compromised customer data and direct public impact to household names that has turned lots of attention to these latest cyber attacks.
Put frankly, the recent hacks have grabbed headlines because so many members of the public have directly been affected which makes the story sensational and newsworthy.
Why the Sudden Rise in Retail Cyberattacks?
The escalation in attacks is attributed to the activities of sophisticated cybercriminal groups such as Scattered Spider and DragonForce. These groups employ advanced social engineering tactics in their attacks. They often impersonating employees to deceive IT help desks and gain unauthorised access to systems. The retail industry’s vast repositories of customer data and its reliance on digital operations make it an attractive target for such malicious actors. A key word is ‘employ’, showing that cybercrime itself is a booming and growing industry.
Retailers’ Vulnerability to Cyber Threats
Several factors contribute to the retail sector’s susceptibility:
Legacy Systems: Many retailers operate on outdated IT infrastructures, which are more prone to security breaches.
Third-Party Dependencies: The extensive use of third-party vendors and suppliers increases the attack surface, providing multiple entry points for cybercriminals.
High-Volume Transactions: The sheer volume of daily transactions makes it challenging to monitor and detect anomalies promptly.
As mentioned, the cybercriminal groups recognised as being the driving forces behind the attacks focus on sophisticated social engineering tactics. Cyber professionals like to focus on tooling and technology as our main defenders. However, human risk management and understanding insider threats and behaviours of employees remain a vulnerability.
Indicators of Cyber Maturity Deficiencies
The delayed detection and response to breaches suggest a lack of cyber maturity within the sector. For instance, M&S experienced prolonged disruptions, with online services remaining unreliable weeks after the initial attack. Such extended recovery times point to inadequate incident response plans or major incident plans and a need for more robust cybersecurity frameworks in some instances.
However, without fully understanding the nature of what happened once attackers gained access to the network, I would not fully support the statement. An area that M&S got very right in the process was their continued communication with their customers. They were transparent and shared information on what was happening. Communication during an incident is often left out of the incident response plan. However including this as part of your preparation within an incident response will save time and ensure clear and appropriate messages are relayed in a time of crisis.
Historical Context: Lessons from 2014
The current wave of attacks echoes the cyber incidents of 2014, where retailers faced a series of breaches. In the world of cyber security, it’s not IF we get breached, it’s WHEN.
Unfortunately, with the development of new technologies and attacks becoming more sophisticated, it is not history repeating itself as such, it is the fact that the threat landscape continues to grow and employees leave and join new companies. Therefore, there should be collaboration between cyber security and HR to understand the risks and ensure timely cyber security awareness training for joiners, movers and leavers.
Why Is It Happening Again?
I believe it is down to ongoing vulnerabilities, disjointed cybersecurity teams to the business need and the evolving tactics of cybercriminals. While technology has advanced, so have the methods employed by attackers. It could be suggested the retail sector’s slow adaptation to these evolving threats has left it exposed.
Proactive Measures for the Future
History will always repeat itself, that’s the biggest lesson to learn! Unfortunately, we spend most of the time being reactive in cyber security as we fundamentally respond to the presence of an attack or impending risk. Businesses need to spend more time understanding what proactive measures look like – both inside and outside the cyber security team.
Invest in Modern Infrastructure
Updating legacy systems to more secure, modern platforms can reduce vulnerabilities and reduce tech debt. Doing so frees up more potential budget for other endeavours.
Enhance Employee Training
Regular training sessions can equip staff to recognise and respond to phishing attempts and other social engineering tactics. Step away from generic security training and understand how specific risks can affect the business or individuals in the business and deliver bespoke training. Training does not stop at recognising threats, it must also extend to ensuring employees understand what to do when they suspect suspicious activity, and the roles they play during a crisis.
Implement Multi-Factor Authentication (MFA) or Single Sign – on (SSO)
MFA and SSO adds an extra layer of security, making unauthorised access more difficult. Also embed a two-factor authentication for requests such as financial transactions.
Regular Security and Risk Audits
Conducting frequent audits can help identify and address potential weaknesses before they are exploited. Not only that, but they can help identify risks there are to the business. Also, ensure that patch management is understood and fluid through the business. There should be full visibility of all of the environments and assets of the business.
Develop Comprehensive Incident Response Plans
Having a well-defined and tested response strategy ensures quicker recovery and minimises damage in the event of a breach. IRPs should be tested regularly with different scenarios including different areas of the business, not only sitting in the cyber security teams.
To be clear, cyber security is not going away. Technology, and AI is advancing all the time, and criminals will keep evolving their hacking tactics. Businesses need to understand that cyber resilience is business resilience.
- Cybersecurity