With the news that first Marks and Spencer and now the Co-op have come under attack from hackers, it is clear that even the largest household names in the UK and Ireland are at risk of falling victim to cyber-crime.
The details of the attack on the Co-op are not yet known but it is likely to be an attempted ransomware attack of the sort that has had a major impact on the operations of Marks and Spencer, with fallout being experienced for the second week.
The cause of the Marks and Spencer outage has been widely reported as being the work of a group called DragonForce. This organisation operates a Ransomware-as-a-Service operation whereby a network of affiliate groups around the world deploy malicious code to attack organisations, encrypt their systems and using 'double extortion' tactics, charge a ransom for providing decryption keys to unlock data and threatening to leak sensitive stolen data to the Dark Web if the ransom is not paid.
Retailers, hospitality providers and financial services bodies are at particular risk of ransomware attacks. Multiple access points which have to be accessible by the public, vast quantities of valuable and sensitive data, and household name reputations offer criminals means, motive and leverage against these businesses. Jo Joyce, co-head of cyber security for the UK and Ireland notes that technology plays its part "with access to AI tools and increasingly sophisticated group structures, groups of cyber criminals are having more success than ever. Cyber security tools are catching up fast, but IT security has to work every time, cyber criminals only have to get lucky once."
The recent attacks on retailers comes at a time when EU cyber security legislation and proposed UK measures put further regulatory pressure on businesses to protect their systems and their customers. Although retail businesses are not necessarily in scope of recent cyber legislation such as NIS2 (the EU's sector-focused cyber regulation) or DORA (the EU Digital Operational Resilience Act), Clare Reynolds, digital resilience specialist, points out that "incidents affecting retailers often target backend infrastructure or payments providers, reflecting the focus in the EU and the UK on requirements to manage cyber risk in supply chains. A big cyber attack can mean reporting obligations throughout the supply chain, and reinforces the need for all organisations to choose and manage their use of technology carefully."
We offer a suite of services through our BreachReady offering, as well as comprehensive incident response services if the worst should happen. Please get in touch with Jo and Clare if you would like to discuss how we can help you get BreachReady.
