Following the news that The Works has closed stores after suffering a cyber attack – The Works hit by cyber attack: Retailer forced to close stores after hackers use ransomware | Daily Mail Online – Information security expert reacted below.
Following the news that The Works has closed stores after suffering a cyber attack – The Works hit by cyber attack: Retailer forced to close stores after hackers use ransomware | Daily Mail Online – Information security expert reacted below.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
If recent trends are anything to go by, this is very likely a ransomware attack. Threat actors who carry out this kind of attack are typically financially motivated, looking to extort money from their victims. IBM reported that ransomware was the most common attack type in 2021, so assuming that this is the case here is a pretty safe bet.
2022 will be the year of mid-market cyber attacks, meaning that we will see a lot more of this kind of attack on our news feeds in the coming months. Unfortunately, many more incidents will go undetected and even unreported. In light of this, businesses should turn to available resources and take steps to better protect themselves.
For example, the Joint Cybersecurity Advisory, put together by cybersecurity authorities in the United States, United Kingdom and Australia outlines the key steps businesses should take to mitigate the risk of a ransomware attack. These include, but are by no means limited to, keeping all operating systems and software up to date, requiring multi factor authentication wherever possible, and protecting cloud storage by backing up and encrypting data.
Although few details have been disclosed about the attack, the fact that no user data was stolen but operations were disrupted leads me to think this was most likely a ransomware attack. Even if a company like The Works has backups in place, downtime is often more costly than a ransom. Studies show that businesses can lose thousands of dollars per minute due to downtime. Our study shows downtime due to ransomware lasted 9 days on average.
Reading the company\’s notice, it will appear that their tills are connected, in one way or another, to the internet. This indicates that the incident had some connection to the stores\’ point of sale (POS) systems. This is reminiscent of the big American chain company – Target breach in 2013. We commend The Works for what appears to be a sound and prompt response to this incident. From the details provided, it is clear that The Works does segment their networks in a way that helps prevent attackers to move laterally from one network – the network that connects to the tills, to the other networks – the network for payment processing. Further reading the notice, The Works followed a well organised and tested incident response plan. This is evident through the steps they took –
1. Immediately isolating the networks suspected of the potential breach
2. Deploying an external forensic cyber security expert to analyse the systems to confirm a breach and if so, the extent of it
3. Taking immediate steps to bolster its security posture
4. While determining the full extent of this potential breach, informing the authorities.
This type of response to a potential breach is certainly a model for what all companies, in Britain and abroad should follow.