Retail Cyber Crime Spree: A "Wake-Up Call" Says NCSC CEO
The UK's National Cyber Security Centre (NCSC) has sounded the alarm following a wave of devastating cyber attacks against major British retailers, including Marks and Spencer (M&S), Co-op, and Harrods. The attacks have left household names struggling to cope with the fallout, with M&S forced to close down its online services over the Easter weekend.
Just over a week later, on April 30th, Co-op revealed it had proactively taken systems offline following a series of hacking attempts. Then, barely 48 hours later, on May 1st, luxury department store and tourist icon Harrods became the latest retailer to fall victim to cyber attack. Computer Weekly understands that all three retailers affected in the current spate of cyber attacks are currently receiving incident response support from the NCSC.
"The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers, and the public," said NCSC CEO Richard Horne. "The NCSC continues to work closely with organisations that have reported incidents to us to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture."
"These incidents should act as a wake-up call to all organisations. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively," added Horne.
A Call to Action
The Information Commissioner's Office (ICO) has also confirmed it is actively involved in both the M&S and Co-op incidents, according to deputy commissioner Stephen Bonner. "We have received reports from Marks and Spencer plc and the Co-op Group. We are making enquiries with these organisations and working closely with the NCSC," said Bonner.
"We recognise that seeing cyber attacks in the news can be concerning, especially if you are a customer," added Bonner. "If you are worried about your personal information, you can visit our website for advice and support. Make sure your accounts are protected by a strong password and that you are not using the same password across multiple accounts. We also advise checking regularly for updates from the organisation and following their advice if they confirm that your personal information has been impacted by a cyber attack."
A Warning from the Experts
M&S chief executive Stuart Machin today again apologised to the high street mainstay's customers for not being able to offer its usual services. "We are working day and night to manage the current cyber incident and get things back to normal for you as quickly as possible," said Machin.
"Thank you from me and everyone at M&S for all the support you have shown us. We do not take it for granted and we are incredibly grateful. Our teams are doing the very best they can, and are ready to welcome you into our stores … this bank holiday weekend," he added.
A Serious Threat to the Economy
MP Matt Western, chair of the Joint Committee on the National Security Strategy, warned that these serious attacks threaten not just the bottom line of the businesses involved but also the wider food supply chain. "If shelves are left empty and deliveries unfulfilled, local communities will suffer," he said.
"Ransomware is a real and growing threat to many aspects of our daily lives. Cyber security affects us all, and we must do more to prevent these attacks knocking out whole sectors of our economy in future," added Western.
A Call for Urgent Action
As the extent of the cyber attacks continues to spread, it is clear that urgent action is needed to protect businesses and individuals from this growing threat. The government must treat these threats with the seriousness they clearly deserve, and we must do more to prevent these attacks knocking out whole sectors of our economy in future," said Western.