Please see below expert comments on Funky Pigeon suffering a cyberattack. The comment focuses on the impact this could have on both the business and customers, and how organisations can protect themselves against cyberattacks.
Although the attack on Funky Pigeon hasn’t been claimed by a ransomware gang just yet, we suspect it will be. The retailer has claimed that “no customer payment data” is at risk and said it does not believe that any customers’ account passwords have been affected, but unfortunately this is unlikely to be the case. More often than not, what follows these ‘cybersecurity incidents’ is a data breach notification weeks or months post attack. What attackers really want is data, and the more personal and confidential in nature the better.
Data is, after all, the crown jewels of any organisation, from customer data, trade secrets and confidential employee information. It’s time for organisations to step up and beat the bad actors at their own game by leveraging newer cyber tools such as Anti Data Exfiltration. After all, no exfiltration equals no successful attack, no ransom and no costly breach.
The cyberattack on Funky Pigeon is another example of the widespread impact cyberattacks can have on both businesses and customers. WH Smith confirmed that the attack on its greeting card subsidiary ahead of the Easter weekend had potentially put personal data at risk, and forced them to temporarily suspend orders on their website.
Although Funky Pigeon has confirmed that they believe no customer payment data is at risk, personal data such as names, addresses and emails may have been accessed. Unfortunately, stolen data usually ends up being sold on the dark web and can be used to commit further crimes such as fraud. It is an awful position for both the business and customers to be in- not knowing who has access to their personal data, and ultimately, what they could be using it for.
When organisations are breached by a cyberattack, security teams are under immense pressure to get their IT services back up and running as soon as possible, knowing that every minute offline is harming the business. On top of this stress, security teams have the constant fear of threat actors returning to the network to cause further harm, with a second attack potentially causing lasting and irreversible damage. Organisations must, therefore, invest in security solutions that are proactive and preventative, rather than reactive, to ensure that cyberattacks are stopped before they damage an organisation’s network.
Solutions such as, deep learning – a subset of AI, can help to shift security teams’ mindset from mitigating cyberattacks to preventing them. Deep learning delivers a sub-20 millisecond response time, stopping a ransomware attack before it can execute and take hold of an organisation’s network. With deep learning, organisations can finally crack the egg of preventing cyberattacks before they have the chance to cause irreversible damage to an organisation’s network.
Businesses like Funky Pigeon rely heavily on the collection of information including customer names and addresses. This data presents a particularly attractive target to cybercriminals as data can be sold easily on the dark web.
Given this reliance on customer data, hopefully Funky Pigeon encrypted its customer data and was able to implement a tried and tested incident response plan that helps with its business continuity.
The business has warned that data including names, addresses, email addresses and personalised card and gift designs could have been stolen in the breach. All of this now faces being sold to other criminals or leaked online if it wasn’t stored securely by encrypting the information.
While Funky Pigeon and its owner WHSmith have released a statement saying that no customer payment data has been breached, that doesn’t mean it’s in the clear yet. Consumers are becoming increasingly aware of the risk of cybercrime as it rises higher on the mainstream news agenda, so the incident could still have an impact on the company’s reputation, and its consumers’ willingness to spend.
While the company has taken necessary steps since the breach – such as reporting the incident to regulations and law enforcement, informing those whose data may have been put at risk and taking its systems offline – it’s vital that it mitigates further and future damage. As a company that handles both sensitive payment data and personal information such as passwords, birthdays and addresses, Funky Pigeon must therefore have a comprehensive multi-layered approach to security.
Technology and security tools still play an important role in a business’ security architecture, but the human element of cybersecurity must not be forgotten in order to bolster their cyber defenses. Going forwards, Funky Pigeon should invest in ensuring employees understand the evolving cybersecurity ecosystem at every tier of its structure, as well as implementing intelligent and agile security measures to diminish the risk of a successful attack. By doing so, it can make its employees its first line of defence, and protect its infrastructure and customers from such attacks in the future.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics