Cyber attacks - The Modern Menace

To give you a little insight into what has been happening in recent weeks…

The disruption being caused by the wave of cyber attacks on UK retailers has been apparent for weeks. Empty shelves, cancelled online orders, websites paused, the data of millions of customers stolen.

M&S has been hit with ransomware, which scrambled the company's servers, rendering computer systems useless. The high street giant is still struggling to keep shelves stocked and has halted online shopping for weeks. Hackers have also stolen customer and employee data from the company.

Marks & Spencer has said its online services will continue to be disrupted until at least July following April’s cyber attack.

"We expect online disruption to continue throughout June and into July as we restart, then ramp up operations," said M&S.

It estimates that the cyber attack will hit this year's profits by around £300m - more than analysts expected, and the equivalent to a third of its profit—a sum that would only partly be covered by insurance pay-out.

At one major UK convenience store chain, staff took systems offline to prevent the spread of ransomware infection, but a huge amount of customer and staff data was stolen and is being held to ransom. Operations at the firm's supermarkets and funeral services have been badly affected. It’s still not clear what happened at Harrods, but the company admitted it had to take computer systems offline due to an attempted cyber attack.

What has also been unclear is who is responsible, with the companies and authorities only giving limited details.

But now the National Crime Agency (NCA), has indicated where their suspicions lie, and named the notorious cyber-criminal collective Scattered Spider as a key part of their investigation.

Worryingly, the hackers used social engineering techniques—relying on human error or misjudgment rather than a purely technological loophole.

They have claimed they gained access to M&S's system via a "third party" - a company working alongside the retailer - rather than accessing systems directly.

Lisa Forte, from cyber-security firm Red Goat, who advises companies following cyber-incidents, said she would not be surprised if any of the retailers involved in the recent wave of attacks had paid a ransom, since research from Barclays suggests 82% of businesses facing such an attack do.

"You wouldn't necessarily know," she said.

Meanwhile, the boss of one of the UK's biggest banks has said the threat of cyber attacks "keeps me awake at night.”

Ian Stuart, the CEO of HSBC UK, said cyber-security was "top of the agenda" for his banking group, and dealing with IT vulnerabilities was an "enormous" expense for the sector as a whole.

He said: "It does worry me—we can be attacked, and we are being attacked all the time."

In March, it emerged nine major banks and building societies operating in the UK accumulated at least 803 hours - the equivalent of 33 days—of tech outages in the past two years.

Lisa Forte, of the cyber-security company Red Goat, told BBC News that Mr. Stuart had made "an incredibly important point".

“Cyber attacks are increasing in both number and severity," she said.

"Criminals are monetising attacks more efficiently, and we are at a point now where it very much is when not if businesses will experience an attack.”

Whilst attacks on businesses are indeed a lucrative enterprise for the groups who orchestrate them, cyberattacks targeting individuals—though on a smaller scale—are equally disturbing. These attacks can take many forms and impact financial security, personal data, and online activity. Common methods include phishing (where attackers impersonate legitimate entities such as banks or social media platforms to trick individuals into revealing sensitive information like passwords or credit card details, often via emails or messages), as well as malware, ransomware, and social engineering.

These attacks can lead to identity theft, financial losses, and compromised online accounts, among other consequences. 

Victims of cyberattacks may also experience stress, anxiety and anger, as well as feelings of vulnerability and helplessness.

For individuals, the following tips are advised to help prevent cyber attacks:

• Strong Passwords: Use unique and complex passwords for all online accounts.
  
  
• Two-Factor Authentication: Enable two-factor authentication for accounts whenever possible.

• Phishing Awareness: Be wary of suspicious emails, messages, and links, and verify their authenticity before clicking or providing information.

• Software Updates: Keep your operating system and software up-to-date to patch security vulnerabilities.
  
  
• Antivirus Software: Install and regularly update antivirus software on your devices.

• Regular Security Audits: Conduct regular security audits of your devices and systems to identify and address vulnerabilities.

• Firewall: Utilize a firewall to protect your network from unauthorized access.

• Data Backups: Regularly back up your important data to protect against data loss in case of a ransomware attack.

• Security Training: Educate yourself and your family about common cyberattack methods and how to prevent them.

And then of course there’s cash, which we couldn’t conclude without mentioning!

Cash transactions offer a higher degree of privacy and security compared to electronic payments and are generally less susceptible to fraud or cybercrime. Cash is a reliable and stable store of value and not subject to the risks of online theft or system failures like digital payments.