The past two years have presented some really unique challenges and opportunities for the sector. Brexit, COVID, increased fuel costs and inflation have all made their mark. But as we approach Christmas there is an expectation of increased footfall both through the digital and physical shop doors. However, the increase in digital presence and sales also presents an opportunity for cybercriminals to steal your money, your data, and your customers.
98% of UK businesses are now operational online in one way or another, benefiting hugely from the use of online websites, social media accounts, and online banking, and with the ability for customers to shop 24/7 online it is no surprise that cybercrime is trending upwards.
Online shopping surged 30% amid the global pandemic and in the run-up to Christmas 2020.
70% of shoppers bought goods online - significantly higher than the 55% in 2019. It is highly anticipated that online sales will remain strong again this festive season, following numerous news stories warning the public about stock shortages for things like festive food and gifts.
So here at the Eastern Cyber Resilience Centre we ask this question to the whole sector
Can you afford to take another hit from scammers and cyber criminals?
If not, spend a little bit of time and effort to beef up your cyber resilience, and make sure that next few weeks provide you with a much-needed profit bonanza ahead of tough early 2023.
Most of the reported attacks against retail relate to big companies – but remember – small is not safe. Small businesses are more likely to be victims of a cyber-attack than a large one.
In October of 2021, supermarket chain Tesco announced that their website and app were offline after a deliberate attempt was made to disrupt their services. In a similar incident, Costco suffered a data breach after finding a payment card skimming device had been set up in one of its warehouses.
In April of 2022, The Works made the headlines when the UK retailer was forced to close some stores with others forced to only transact using cash after they were faced with a cyber-attack. Many stores then faced the knock-on effect of delayed stock arriving and some customers having online orders deliveries arrive much later than promised.
The Works said all debit and credit card transactions were processed outside its own systems by third parties, so customer payment data had not been compromised by the attack. But the company was forced to hire forensic cybersecurity experts to investigate the attack and didn't know if other data had been accessed.
If you don’t understand the jargon talk to us at the centre
The only way to really know is to test your site. But do you really want to know? Nothing bad has happened so far and if you don’t know about it then surely you can’t be guilty of not fixing it?
But ask yourself these questions:
There are a number of different tests that can be run on your website, from fully automated scans to an ethical hacker attempting to exploit everything a cyber criminal might do, and of course these range in cost, based on the type of testing and the size/complexity of the infrastructure.
The ECRC offers two affordable website testing options:
- First Step Web Assessment - this is a set fee of £250
- Web App Vulnerability Assessment - you can get a free of charge quotation to see how much this service would cost your business
Our CyberPATH students can provide two levels of website review. The first step web assessment, is intended to give you reassurance on the basic set up of your site. It looks at the products used to configure your site, and the way they are put together, to establish whether there are likely to be known vulnerabilities. It focuses on more obvious vulnerabilities, with simpler fixes.
The full web app test looks at how the web products are configured and made to work. It takes a more intrusive approach to testing whether they are all used in the most secure way possible.
The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of data and permanent loss of reputation. But all is not lost.
Here at the centre, we would advise you to do three things now
Whatever you decide to do, doing nothing is no longer an option. Here at the ECRC we are already working closely with hundreds of organisations across the seven counties to help them tackle the continually changing cyber threats that they face. So come and join our community as free members and let us help you protect your organisations from the ever presents threats out there in the cyberverse.
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.
Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.
Click to Open Code Editor