Several major UK retailers have recently been targeted by cyberattacks. Experts warn that the retail sector’s vast access to consumer data and the challenges it faces in keeping up with the constantly shifting threat landscape make it a prime target for hackers. This is evident in the finding that retail cyber vulnerabilities have risen by 52% year-over-year.
These types of attacks are almost inevitable, but retailers are prime targets due to their online presence and the high volumes of transactions involving billions of customers’ sensitive data. Further, the prominent nature of these attacks boosts awareness for the hacking groups involved.
Reports suggest that some retailers could lose as much as £1 million per day in sales due to cyberattacks. This has created industry-wide alarm, and the UK’s National Cyber Security Centre (NCSC) is working with affected retailers to mitigate the damage and improve cybersecurity measures. Experts emphasise that, going forward, retailers must treat cybersecurity as a strategic business priority and the consequences of inaction.
In his keynote speech at the CyberUK conference in Manchester in May, the Chancellor of the Duchy of Lancaster said: “These attacks are a wake-up call for every business in the UK. In a world where the cybercriminals targeting us are relentless in their pursuit of profit, with attempts being made every hour of every day, companies must treat cybersecurity as an absolute priority.”
“We’ve watched in real-time the disruption these attacks have caused, including to working families going about their everyday lives. It serves as a powerful reminder that just as you would never leave your car or your house unlocked on your way to work. We must treat our digital shop fronts the same way.”
Where the greatest threats lie
While the full facts about the most recent retail attacks are yet to be disclosed, typically when these happen, there are three common factors or weaknesses that threat actors prey on.
Firstly, social engineering tactics, often through the IT helpdesk, allow hackers to impersonate employees and trick staff into resetting their passwords and disabling multi-factor authentication, thereby gaining access to internal systems.
After gaining access to the system, hackers often enter via Microsoft Active Directory and exfiltrate the database containing password hashes for domain users. This allows them to retrieve clear-text credentials, so they can move laterally across the network and escalate their privileges.
Often, IoT devices, which are used extensively in retail for smart inventory management, cashier-less payment systems and real-time shipment tracking, as well as smart security cameras and connected POS systems, are on the organisation’s network and present major security risks as hackers exploit IoT vulnerabilities to gain unauthorised network access.
What should retailers do now?
While authorities, including Scotland Yard’s cybercrime unit, investigate the attacks, retailers are urged to strengthen their digital infrastructure and integrate security into broader business operations to prevent future breaches. This is easier said than done, and to help retailers proactively protect themselves, here are five practical steps to shore up their defences:
1. Start with a cyber maturity assessment
This structured evaluation will help identify security gaps to prioritise improvements. It begins with an assessment against an industry-accepted framework, such as NIST or CIS, to benchmark the current security posture against best practices. This involves reviewing policy enforcement, access controls, incident response readiness, and threat detection capabilities. By analysing historical breach data, third-party risks, and compliance gaps, security teams can pinpoint areas needing urgent attention.
2. Ensure robust identity security
Once gaps are identified, the next step is building a roadmap for improvement, which could start by implementing a Zero Trust framework that eliminates implicit trust across the network. This means enforcing least-privilege access, continuous posture and access verification, and network segmentation to restrict lateral movement. It is also valuable to implement authentication mechanisms by deploying phishing-resistant MFA, biometric authentication, hardware security keys for privileged accounts and Identity and Access Management (IAM) best practices. It is advisable to invest in proactive threat hunting, using AI-driven analytics to detect anomalous activity before breaches occur.
3. Conduct employee cybersecurity training
Employees are the first line of defence against cyber threats. As such, cybersecurity awareness training must go beyond routine awareness and focus on tailored, real-world attack scenarios that retail employees encounter, such as phishing, social engineering, and credential theft. Employees must be trained to spot fraudulent emails, verify IT requests, and avoid password-sharing pitfalls. For maximum results, training should be interactive, ongoing, and tailored to specific roles, ensuring frontline staff, warehouse teams, and executives understand the potential risks.
4. Invest in improving incident response and recovery plans
As retailers operate in a high-risk environment where ransomware, phishing, and supply chain attacks can be detrimental to their operations and expose customer data, incident response and recovery plans are non-negotiable. A well-defined incident response plan ensures the rapid containment of a breach, thereby minimising financial losses and reputational damage. Recovery strategies, on the other hand, must prioritise backups, system restoration, and forensic analysis to prevent repeat attacks. Testing should also be done continuously to reduce delays and ensure an effective response during an attack.
5. Work closely with cybersecurity experts
To stay ahead of evolving threats, retailers should partner with cybersecurity experts who bring specialised knowledge in threat intelligence, compliance, and adversarial skills to withstand advanced persistent threats, social engineering attacks, and supply chain vulnerabilities. External specialists provide unbiased assessments, cutting-edge tools, and global threat visibility that internal teams may lack. They also have deep expertise in penetration testing, risk mitigation, and real-time defence strategies, which provide a proactive approach to security and are valuable in reducing the risk of a breach or associated regulatory penalties.
Given the spate of recent attacks on retailers, the increase in breaches year-on-year, and the advanced sophistication of these attacks, it is critical that retailers go beyond the basic security measures and invest in cyber resilience. This includes a renewed focus on rapid detection, response, and recovery as well as investing in Zero Trust architecture, AI-driven threat intelligence, and robust incident response strategies to protect sensitive customer and employee data while minimising potential downtime.
Looking forward, threats to retailers will only intensify with more ransomware attacks, combined with the security implications of new technologies like AI and machine learning, and the challenges of securing the supply chain. After all, breaches not only impact operations but also erode customer trust, impact brand reputations, disrupt stability, and, as witnessed recently, can cost millions in lost sales.
With over 15 years of experience in telecoms, UC, contact centre, networking and security technologies, Dave provides strategic and technical consultancy as a trusted adviser to Xalient’s customers, with a proven track record for driving secure network transformations for global enterprises to help achieve business objectives.
Chris Woods, an award-winning cybersecurity expert and the Founder and CEO of CyberQ Group, a global cybersecurity leader headquartered in the UK with locations in the USA and the Philippines. His contributions to the field have been recognised with numerous accolades, including being named Tech Leader of the Year in 2024 at Birmingham Tech Week, midlands finalist positions in the KPMG and EY Entrepreneur of the Year awards (2021, 2022), and Wolverhampton University's Professional Excellence Award (2022). He is also Acorns Hospice Ambassador, which involves helping the organisation raise much needed funds.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.