The recent cyberattack on Wiltshire Farm Foods highlights the damaging impact of cyber threats on business continuity. The company is “unable to make many deliveries in the next few days” and is “unable to contact customers personally.”
“It certainly looks from afar that Wiltshire Farm Foods is the victim of a ransomware attack, but at this early stage, only the company and hackers know the real story. Time will tell us a lot more regarding this incident. Overall, it’s never a good idea to pay a ransom, but it may be better than some alternatives. Ransomware attacks are fuelled by the fact that the model works. It’s where the money is. Rather than a comeback or discussion of tools, we should realize that this is the nature of crime. It will continue to grow if it is hugely profitable and not addressed.
In the case of Wiltshire Farm Foods, is their supply chain facing a major disruption? It certainly seems that way based on the dire update from the company notifying customers that deliveries this week are halted. In other industries suffering ransomware attacks, are lives on the line in a hospital or are other critical infrastructure systems at risk of being shut down? No one wants to pay, but this decision must be the victims once we rule out illegal entities and funding terrorists or banned organisations.
The most important thing is to deploy the right prevention, the right detection, the right backup and to take the right business precautions. Resilience is the best defence. Extended detection and response (XDR) solutions stops the spread, anti-ransomware prevention stops it on detonation, and backup done correctly means that even if the worst happens, recovery is cheap, and a ransom doesn’t have to be paid. The bottom line is that you can’t pay your way out of ransomware. When organisations pay ransoms, they fuel the entire ransomware economy.”
“This cyber attack is just the latest of the many attacks we’ve seen on food processing plants, utilities, and other infrastructure.
Customers of Wiltshire Farm Foods and its parent firm, Apetitio should stay alert for unsolicited messages or emails claiming to be from the company, especially those with links or attachments, NEVER click or tap on a link or attachment included in any message. Also, look out for phone scams. As Wiltshire Farm Foods runs a food delivery service for seniors, they may be targeted by bad actors via phone calls or other forms of communication.”
“It’s refreshing to see an honest declaration like this from a victim of cybercrime instead of the usual, cut-and-paste response we see so often.
I’m aware that Wiltshire Farm Foods serve a substantial community of more elderly customers so hopefully, they can be confident in the statement reassuring them that their personal information is still currently secure. But they should also be on the alert for any unsolicited messages, emails or phone calls from anyone claiming to be from the company. Don’t reply, hang up the phone and contact the local depot to tell them about it. Now that the incident is public, cybercriminals and fraudsters will take the opportunity to try to get money or information by pretending to help. Stay alert and don’t give anything away.”
“Sadly, with cyber-crime on the increase, these types of attacks are becoming more common. Businesses of every size must ensure they have an Incident Response Plan in place so they can manage their response effectively and minimise the impact it will have on their organisation – including their customers. It’s also important that businesses regularly review and update their Incident Response Plans so that everyone knows what to do, should it need to be used.”
Customers of Appetitio must also be careful when making contact with their local depot as suggested by the company. They will undoubtedly be concerned about their orders, but must be absolutely sure the person they are contacting works for the company. Cyber criminals are very clever in being able to extract information from individuals when your guard may be down, so never give out any bank account, credit card details or other personal information, unless you can be absolutely sure who the person you are dealing with is.”
“Recent security trouble at Apetito is yet another example showing that every organisation is a software organisation. Food? Gyms? Oil pipelines? Global shipping? Every organisation in every industry depends on software for critical business functions.
Consequently, every organisation in every industry must embrace a proactive approach to cybersecurity. Without a security mindset in all parts of the organisation, the risk of disaster is high. Organisations must recognise that the software they use every day is a part of their infrastructure, just like office buildings or stores or factories. As such, organisations need to select, deploy, and operate software with an eye toward security at every step.
As software becomes more entrenched in the fabric of society, and as criminals get better at exploiting weak security processes, good security hygiene will become a competitive differentiator. Eventually, organisations will see software security not as a cost centre or hurdle, but as an enabler to a faster, more efficient, less risky future.”
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics