Reducing your Cybersecurity risk

The sustained disruption at both M&S and Co-op highlights the lasting impact a cyber incident has on day-to-day operations and their customers. In the case of both retailers, this is negatively impacting the ability to fulfil online orders and stock shelves. 

Much of the detail is still to be reported on the recent incidents but there is information that is publicly available that can allow organisations to implement preventative and detective measures to protect their data.

From ransomware and phishing scams to data breaches and social engineering, attackers are targeting organisations with sophisticated tactics. The recent high-profile breaches demonstrate that even the most established brands are vulnerable, with social engineering tactics at the heart of them.

What can businesses and employees consider to protect themselves?

A key lesson from the current breaches is to ensure you have robust IT helpdesk processes to reduce the risks of social engineering. It is paramount to validate staff members before resetting their passwords. This is of even greater importance for those users with privileged access. If you use a third party, you should seek assurances that they have robust user validation processes for password resets.

Passwords remain the first line of defence - and often the weakest. One way of addressing this is adopting the “three random words” passphrase guidance from the National Cyber Security Centre. Employees should avoid using the same password across multiple websites.

Two-factor authentication (2FA) is vital and adds another critical layer of protection, particularly so for user accounts that are accessible via the internet e.g. Microsoft365, cloud solutions etc.

Businesses should always install updates for operating systems, browsers, plugins, and apps as soon as they are available. These often contain patches for newly discovered vulnerabilities that attackers are quick to exploit. Business should also perform regular vulnerability scanning and security testing to ensure any security weaknesses are identified and addressed as soon as possible.

Phishing emails remain one of the easiest ways to compromise a network. It’s important to be cautious with emails that urge immediate action, include unexpected attachments, or come from slightly misspelled domains. Even internally sent messages can be spoofed. Always verify through a second channel if in doubt.

Accounts with privileged access need to be carefully managed. If compromised, these accounts often provide unrestricted access to networks and data. Access through privileged accounts should be restricted to the minimum necessary to perform the role. In addition, regularly review who has access to privileged accounts

Human error is still the root cause of many breaches. Training employees (including helpdesk staff) to recognise threats, report suspicious behaviour, and follow security protocols is crucial. A well-informed workforce is a strong defence.

The growth in adoption of “as-a-service” technologies means that the majority of organisations are reliant on third parties for critical business solutions. Cyber security due diligence should be completed as part of adoption of new technology solutions and ongoing assurance performed. Businesses should also seek confirmation that third parties have and regularly test their incident response plans.

Even with the best defences, attacks can still succeed. Regularly backing up and protecting important data - and ensuring those backups are stored securely and tested - can be the difference between a quick recovery and a significant loss.

The use of immutable backups – which prevents backup data from being overwritten or deleted - should be considered.

Cybersecurity is not a set-it-and-forget-it solution. Use monitoring tools to detect unusual or higher risk behaviour e.g. volume of unusual sign-in attempts, access from overseas, access via VPNs. 

A cyber incident response plan should be in place and be regularly tested. Being prepared can dramatically reduce the time and cost of recovery. 

The recent high-profile attacks serve as a reminder that cybersecurity presents a significant business risk that can cause substantial business disruption. By being risk aware and having effective risk management processes, organisations can drastically reduce their cybersecurity risk.

If you have any concerns or questions about cyber attacks and protecting your business against them, please get in touch with a member of our specialist Cyber Services team.