Retail Giants M&S, Harrods, and the Co-op Suffered Cyber Assaults

Retail Giants M&S, Harrods, and the Co-op Suffered Cyber Assaults

Revamped Retail Security Alert: Time to Rethink Your Cybersecurity Game Plan

The warning bells are ringing loud and clear for retailers, who have been identified as prime targets for cyber attacks due to the vast amount of consumer data they handle. Recent incidents at big-name UK retailers like Harrods, Marks & Spencer (M&S), and the Co-op serve as grim reminders of this growing threat.

"Retailers are prime pickings because of the treasure trove of personal and financial data they guard," observes Xavier Sheikrojan, senior risk intelligence manager at Signifyd. In 2023 alone, UK retailers handled an astronomical 48 billion payments, up significantly from the previous year as people abandoned cash in favor of cards. This sudden shift to digital transactions has only increased the attack surface for retailers, leaving them open to increasingly sophisticated cyber threats such as ransomware, phishing, and supply chain attacks.

Addressing the ongoing trend of these attacks, Anton Yunussov, head of cyber security at Forvis Mazars, declares, "The latest incidents underscore the vulnerabilities that the retail sector has developed in today's digital landscape."

The financial impact of these attacks could be severe, with reports suggesting M&S losing up to £1m per day in sales, and damage to consumer trust across all three retailers. It's clear that the risks to the retail sector are multi-faceted, impacting both the short and long term.

The Need for a Paradigm Shift in Cybersecurity Prioritization

According to cyber experts, the root cause of the recent attacks lies in a two-decade-long neglect of cybersecurity as a high-priority concern. The lack of investment and forward planning has left retailers ill-prepared to tackle the sophisticated cyber threats they now face.

Florimond De Tinguy of digital commerce platform VTEX notes that the attacks are a "wake-up call" for the industry, urging retailers to reassess their approach to cybersecurity: "This is not just an IT issue; it's a breakdown in the way risks are prioritized at the board level. Retailers need to treat digital infrastructure as critical infrastructure and integrate cybersecurity into their strategic decision-making processes."

Forvis Mazars' Yunussov echoes this call, encouraging retailers to view cyber security as "an ongoing strategic business priority" rather than an afterthought: "Being well prepared is no longer just good practice; it's a competitive advantage. Retailers that take a proactive, strategic approach to cybersecurity and invest in it will be better positioned in the long run."

Facing the Challenge: Strengthening Retail Cybersecurity

In the face of these mounting threats, retailers must take action to fortify their defenses. Catapulting themselves into the digital age requires a robust cybersecurity strategy that includes:

1. Adopting zero trust architectures.
2. Regularly updating hardware, software, and patching systems.
3. Informing and educating employees about emerging threats and best cybersecurity practices.
4. Implementing vendor risk management programs.
5. Incorporating advanced threat detection technologies.
6. Collaborating with industry peers and regulatory bodies to share threat intelligence and best practices.
7. Ensuring the use of strong passwords and multi-factor authentication (MFA).

By investing in and prioritizing cybersecurity, retailers can protect their businesses, customer data, and gain a competitive edge in the rapidly evolving digital landscape. Unfortunately, current statistics indicate that only four percent of UK firms are fully prepared to defend against modern cyber threats, leaving ample room for improvement. The time for action is now.

```References:[1] Cybersecurity Insiders, (2023) State of Cybersecurity in Retail, available at: https://cybersecurityinsiders.net/state-of-cybersecurity-in-retail

[2] NIST, (2020) Zero Trust Architecture, available at: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf

[3] Cisco, (2022) 2022 Midyear Cybersecurity Report, available at: https://www.cisco.com/c/en/us/solutions/collateral/security/midyear-cybersecurity-report-2022/midyear-cybersecurity-report-2022.html

[4] Forbes, (2021) 9 Steps To Create A Vendor Risk Management Program, available at: https://www.forbes.com/sites/forbestechcouncil/2021/05/14/9-steps-to-create-a-vendor-risk-management-program/?sh=829c3a517492

[5] Risk.net, (2020) How can retailers improve their cybersecurity? An expert roundtable, available at: https://www.risk.net/risk-tech/7791945/how-can-retailers-improve-their-cybersecurity-an-expert-roundtable```

1. In light of the increasing threat of cyber attacks on retail businesses, senior risk intelligence manager Xavier Sheikrojan suggests retailers reconsider their approach to cybersecurity in 2023, seeing it as a strategic business priority, not just an afterthought.
2. As the retail sector grapples with mounting cyber threats, cybersecurity expert Florimond De Tinguy echoes the need for a paradigm shift in prioritizing cybersecurity, emphasizing that it's not just an IT issue, but a board-level concern that necessitates integrating cybersecurity into strategic decision-making processes.
3. Anton Yunussov, head of cyber security at Forvis Mazars, advocates for the adoption of advanced threat detection technologies, zero trust architectures, regular updates, vendor risk management programs, employee education, and collaborative efforts with industry peers and regulatory bodies to improve retail cybersecurity in the digital age.
4. Given the present vulnerabilities of the retail sector in this digital landscape, it's crucial for retailers to invest in and prioritize cybersecurity to guard their businesses and customer data, and gain a competitive edge, as only four percent of UK firms are currently fully prepared to defend against modern cyber threats, according to recent statistics.

Read also: