Cyber Security guidance following incidents impacting retailers

No business or sector is immune to this threat, with attacks becoming more and more common. Research indicates that over 4 in 10 UK businesses reported a cyber breach or attack in the last 12 months¹, this figure rises to 67% for medium and 74% for large organisations.

The incidents highlight vulnerabilities in a business that cyber criminals are getting ever more sophisticated in exploiting for their own gain, in this instance a technique called social engineering is thought to have been used. Social engineering focuses on the people in a business, tricking individuals into divulging information which allows them access into business systems. One social engineering method, phishing, remains the most prevalent type of cyber-crime, accounting for 93% of crime reported by businesses¹.

Enhancing cyber security

There are several steps you can take to enhance your cyber security and help protect your business from a cyber-attack:

1. Train staff: It is reported that one of the current major incidents could have been caused by social engineering, targeting IT help desk staff. Continuous training in your staff to become ‘secure humans’ ensures they are able to play their part in defending your organisations.
2. Vulnerability scanning: Invest in systems to monitor your external boundaries for any vulnerabilities to prevent these becoming an entry point for cyber criminals. Pen testing, a form of ethical hacking, allows for a deeper understanding of your vulnerabilities by assessing your systems from an attack rather than defensive lens.
3. Multi-factor authentication (MFA): Making use of MFA can make it harder for criminals to gain access to accounts through stolen or reset passwords. Not all MFA methods are equal, and attackers are constantly looking at ways to bypass weaker methods. Consideration should be given to make sure your chosen method provides adequate protection.
4. Importance of a plan: Creating a plan that can be easily implemented in the wake of an attack can make a vast difference in your response and the severity of the attack. Plans should consider all eventualities, down to how you will communicate when all usual systems are unavailable.
5. Cyber insurance: Having cyber insurance in place can support your business getting back to fully operational in the event that your business did fall victim to a cyber-attack.

National Cyber Security Centre CEO, Dr Richard Horne, has said of the recent retail attacks that they should act “as a wake-up call to all organisations”² and ensure they have appropriate measures in place to prevent attacks. Johnty Mongan, Global Head of Cyber Risk Management at Gallagher is well versed in the disruption experienced in the aftermath of an incident. Listen to his podcast The Hidden Challenges of a Cyber Breach to learn more.

The Gallagher Cyber Defence Centre

Gallagher provide an innovative ‘always on’ approach to cyber security through our Cyber Defence Centre. Our Cyber Defence Centre provides a comprehensive collection of tools and services to take a proactive approach to managing cyber risk including:

• Vulnerability scanning
• Threat intelligence
• A virtual Chief Information Security Officer (CISO)
• Regular webinars

We are available to talk to businesses about the steps they can take to create a robust cyber risk management strategy and how our Cyber Defence Centre can help. Contact our specialists to discuss enhancing the cyber security of your business.