Experts warn that businesses are not ready as cyberattacks are more frequent and expensive.
The head of the National Cyber Security Center (NCSC) warns that, following major cyber attacks by retailer Marks & Spencer, it has not done “almost enough” to protect itself from cyber threats.
NCSC CEO Richard Horn said there is a “wide gap” between the threat of rising cyberattacks and the organization’s readiness to protect them.
Written in The Times of London, Horne encouraged businesses to act quickly on NCSC’s public security advice.
“Business leaders who think this is effective risk management and that they could be exempt from cyber risk should think again and implement their advice immediately,” he said.
The warning comes as Marks & Spencer confirmed that the expected cost of a cyberattack over Easter weekend was around £300 million.
The violation forced retailers to suspend online orders, leading to loss of customer data.
Related Stories
Speaking to reporters on Wednesday, Marks & Spencer CEO Stuart Machine said the hackers exploited third-party vendors after the “human error” case.
“We didn’t leave the door open. This had nothing to do with the lack of investment. Everyone is vulnerable. For us, we were unlucky through some human error on this particular day,” he said.
The high street retailer said online shopping turmoil could continue into July, adding that it is taking proactive steps to minimize customer disruption.
The attack is the latest in a wave of cyber incidents affecting major UK retailers. Cooperatives and Harrods have also been targeted for the past few weeks. The cooperative confirmed last week that it is currently in the “recovery phase” and is gradually regaining its system online.
Violates surges and call centers are vulnerable
Official figures reveal that 66% of all businesses and high-income charities that report having experienced a cybersecurity breaches or attacks in the last 12 months have been reported.
This rate is even higher among medium-sized companies (70%) and large companies (74%).
Teacher Daniel, CEO of accounting and finance IT security firm T-Tech, noted that organizations responsible for a wide range of customer service operations are particularly susceptible to fraudulent calls.
This vulnerability occurs because a usefully trained call handler can be manipulated by an attacker using target tactics to reset multifactor authentication to impersonated individuals.
The teacher also highlighted the need for managed security that allows organizations to respond to violations immediately.
“When I use M&S, they were on the system for a few days before they were detected,” he said.
The logo will appear on the TV screen of the National Cybersecurity Centre in London on February 14th, 2017. Curl Coat/Getty Images
Cyber Essentials and Business Resilience
The NCSC emphasizes that retailer cyberattacks “should serve as wake-up calls to all organizations.”
NCSC is urging businesses to adopt Cyber Essential Program, a government-supported certification scheme designed to prevent common threats such as malware, phishing, and hacking.
The scheme is for any organization, regardless of size or sector, but NCSC recommends it especially for small and medium-sized businesses.
Lindsay Hill, CEO of Manchester-based cybersecurity firm Mitigo, said the code is not yet a legal requirement, but the government said it could become mandatory later if sufficient companies don’t follow it.
Other measures to strengthen UK cyber defense will be documented in the Cybersecurity and Resilience Bill.
The bill, which will be introduced in Congress this year, aims to strengthen the country’s cyber defense by expanding current regulations and requiring more detailed reporting of incidents, including ransomware attacks.
A recent report by the Public Accounts Commission said the government’s resilience is “significantly lower than the expected Cabinet Office,” and the department has “several fundamental management obstacles, including risk management and response plans.”
Despite the violations, M&S profits rise
Marks & Spencer is still struggling with the impact of cyberattacks. Retailers are looking for an increase in stock management costs in the second quarter.
Retailers reported performance exceeded expectations for the year ending in March, with pre-tax profit of £875.5 million, up 22.2% the previous year.
Group revenues rose 6% to £13.8 billion, with an 8.7% increase in food sales and a 3.5% increase in fashion, home and beauty sales.
PA Media contributed to this report.
