98% of UK businesses are now operational online in one way or another, benefiting hugely from the use of online websites, social media accounts, and online banking. With the ability for customers to shop 24/7 online it is no surprise that cybercrime is trending upwards. It is highly anticipated that online sales will remain strong throughout 2023 across the Eastern region.
But there is a price to pay for the convenience of online retail - The rate of cyber-attacks on UK retail businesses has been steadily increasing in recent years. According to the Cyber Security Breaches Survey 2021, which is conducted by the UK government, 38% of UK retail businesses reported experiencing a cyber-attack in the past 12 months, which is up from 19% in 2019.
The most common types of cyber-attacks reported by UK retailers include phishing attacks (72%), impersonation attacks (41%), and ransomware attacks (17%). These attacks can result in significant financial losses, as well as damage to the reputation of the affected businesses.
In addition to the increasing rate of cyber-attacks, the impact of these attacks on UK retail businesses has also been significant. According to a report by the British Retail Consortium, the cost of cyber-attacks to UK retailers increased by 43% in 2020, with an average cost per attack of £13,400. The report also noted that the impact of cyber-attacks on smaller retailers can be particularly severe, as they may have limited resources to invest in cybersecurity measures.
So here at the Eastern Cyber Resilience Centre we ask this question to the whole sector.
Can you afford to take another hit from scammers and hackers? If not, spend a little bit of time and effort to beef up your cyber resilience, and make sure that you don’t become a cyber victim in 2023.
Most of the reported attacks against retail relate to big companies – but remember – Small is not safe. Small businesses are more likely to be victims of a cyber-attack than a large one.
Greencore: In November 2020, Irish food manufacturer Greencore, which supplies sandwiches, salads, and ready meals to UK retailers, was hit by a ransomware attack that caused disruption to its IT systems. The company reported that it had contained the attack and that there was no impact on its production facilities or products.
Nando's: In June 2021, the UK arm of the South African restaurant chain Nando's experienced a ransomware attack that affected its IT systems, causing delays in the processing of customer orders. The company reported that no customer data had been compromised, and it was working to resolve the issue.
FatFace: In January 2021, UK fashion retailer FatFace suffered a ransomware attack that resulted in the theft of customer data, including names, addresses, and partial payment card details. The company reportedly paid the ransom to retrieve the stolen data.
Brakes Group: In August 2020, UK food distributor Brakes Group experienced a ransomware attack that disrupted its IT systems, causing delays in order processing and deliveries. The company reported that it had contained the attack and restored its systems, and there was no evidence that any customer data had been compromised.
Simply put this is a malicious attack against a network where the criminals get access to data and either steal it, threaten to delete it, or encrypt it. The criminals will then demand a payment for the return of the data. Imagine how this could affect your business – sensitive financial data relating to your customers, suppliers or even your own company, commercially sensitive data relating to staff, the operating of your business or contacts with others - these could all be compromised or lost.
The reality is that ransomware is now viewed as a business model and many entities behind these attacks will present themselves as being on the same side as the victim. So, in return for the payment your business will often be supported through a process which will return the data that has been encrypted / stolen. It is worthy of note that paying the ransom does not guarantee the return of the data and certainly does not guarantee that it won’t be sold on or published at some point in the future. Also, your network will still be infected, and you are more likely to be targeted again in the future.
The paying of the ransom has moral and ethical undertones that may not be immediately apparent when you are faced with such an attack. Consider the fact that you may be financially supporting terrorists or criminals by paying the ransom.
Ransomware is always preceded by an attack on the network itself, commonly through use of stolen credentials, a phishing e-mail or brute force attack. These attacks are increasing in complexity and sophistication meaning that defence against these dark arts needs continual review. But the key points for protection to remember are.
The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of data and permanent loss of reputation. But all is not lost.
Here at the centre, we would recommend that you consider.
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.
Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.
Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).
Click to Open Code Editor