A Wake-Up Call for Cyber Vigilance - Danger in the Threat Landscape for Everyone
📢 This week the news has reported cyber attacks on several major UK retailers: Marks and Spencer, the Co-op and Harrods, all of which have given everyone a stark reminder of the ever-present and evolving threat of cyber crime.
While the full extent and specific details of each attack are currently still under investigation, these incidents should remind us all to check, enhance and adopt a more vigilant approach to online activities.
🛡️ Ransomware: a disruptive form of attack where cyber criminals encrypt an organisation's data and demand a ransom for release.
🛡️ Data Breaches: attackers aim to steal sensitive data such as personal information, payment details and login credentials.
🛡️ Phishing and Social Engineering: these involve tricking employees into revealing sensitive information or clicking on malicious links, thus giving attacks access to internal systems.
🛡️ Supply Chain Attacks: cyber criminals target third party vendors and suppliers with weaker security, and use them as an entry point to larger, more secure organisations.
🔒 Valuable Data: you have data which is valuable to cyber criminals. They can sell it on the dark web, it's used for identity theft or exploited for financial gain.
🛜 Interconnected Systems: by its nature, the digital world is interconnected. Therefore, a breach in one organisation can have a ripple effect, exposing the data of its customers or partners.
👾Evolving Threats: cyber criminals can quickly be ahead of large corporations and are able to evolve and adapt quickly.
🧑🏻🤝🧑🏾Human Element: sometimes described as the weakest link as often the most sophisticated technical defences can be bypassed due to human errors. Phishing emails, malicious links and social engineering prey on inattentive or uninformed individuals.
💰Financial and Reputational Cost: these are often significant. The financial loss is not necessarily from ransomware payment, but rather from data recovery costs, legal fees and regulatory fines. Financial loss from reputational damage can be difficult to measure but is always significant.
👁️Enable two-factor (2FA) or multi-factor (MFA) authentication where possible
👁️Train staff about phishing emails
👁️Regularly update software to reduce vulnerabilities
👁️Be mindful of public Wi-Fi
👁️Back up your data
BBC 👉Harrods latest retailer to be hit by a cyber attack
NCSC 👉 NCSC Statement: Incident impacting retailers
The latest information from the BBC is that the Scattered Spider group likely used social engineering to impersonate staff and tricked IT support into resetting passwords which allowed them to gain access to internal systems. From there, they were able to deploy ransomware.
This attack highlights one of the biggest cyber threats to organisations, even those with a huge cyber security budget - the human vulnerability.
Schools and colleges might like to read this article from the BBC that discusses lessons learned and includes information about the Harris Federation cyber attack, a group of 55 schools in the London and Essex area 👉 'They wanted $4m': Lessons for M&S from other cyber attacks
Interview following the cyber attack with the Harris Federation with the Trust CEO:
While the full extent and specific details of each attack are currently still under investigation, these incidents should remind us all to check, enhance and adopt a more vigilant approach to online activities.
Threats
Although details haven't yet been fully disclosed, all type of organisations should review:🛡️ Ransomware: a disruptive form of attack where cyber criminals encrypt an organisation's data and demand a ransom for release.
🛡️ Data Breaches: attackers aim to steal sensitive data such as personal information, payment details and login credentials.
🛡️ Phishing and Social Engineering: these involve tricking employees into revealing sensitive information or clicking on malicious links, thus giving attacks access to internal systems.
🛡️ Supply Chain Attacks: cyber criminals target third party vendors and suppliers with weaker security, and use them as an entry point to larger, more secure organisations.
Cyber Vigilance
These attacks are increasing and are not isolated incidents. Why you should be cyber vigilant:🔒 Valuable Data: you have data which is valuable to cyber criminals. They can sell it on the dark web, it's used for identity theft or exploited for financial gain.
🛜 Interconnected Systems: by its nature, the digital world is interconnected. Therefore, a breach in one organisation can have a ripple effect, exposing the data of its customers or partners.
👾Evolving Threats: cyber criminals can quickly be ahead of large corporations and are able to evolve and adapt quickly.
🧑🏻🤝🧑🏾Human Element: sometimes described as the weakest link as often the most sophisticated technical defences can be bypassed due to human errors. Phishing emails, malicious links and social engineering prey on inattentive or uninformed individuals.
💰Financial and Reputational Cost: these are often significant. The financial loss is not necessarily from ransomware payment, but rather from data recovery costs, legal fees and regulatory fines. Financial loss from reputational damage can be difficult to measure but is always significant.
Enhancing and Improving Cyber Vigilance
👁️Strong passwords👁️Enable two-factor (2FA) or multi-factor (MFA) authentication where possible
👁️Train staff about phishing emails
👁️Regularly update software to reduce vulnerabilities
👁️Be mindful of public Wi-Fi
👁️Back up your data
Knowledge Bank Guidance
Our customers can get support and guidance in our Cyber Security Best Practice Area. Schools and colleges should look to the DfE Digital Standards and work with their SLT Digital Lead to review the DfE Cyber Security Standards.Reports and Guidance
BBC 👉Harrods latest retailer to be hit by a cyber attack
NCSC 👉 NCSC Statement: Incident impacting retailers
The latest information from the BBC is that the Scattered Spider group likely used social engineering to impersonate staff and tricked IT support into resetting passwords which allowed them to gain access to internal systems. From there, they were able to deploy ransomware.
This attack highlights one of the biggest cyber threats to organisations, even those with a huge cyber security budget - the human vulnerability.
Schools and colleges might like to read this article from the BBC that discusses lessons learned and includes information about the Harris Federation cyber attack, a group of 55 schools in the London and Essex area 👉 'They wanted $4m': Lessons for M&S from other cyber attacks
Interview following the cyber attack with the Harris Federation with the Trust CEO: