Yodel Cyber Incident – Experts Discussion

Following the news of Yodel’s cyber incident, please find comment below from Industry leaders.

Subscribe
Notify of
guest

4 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Matt Aldridge
Matt Aldridge , Principal Solutions Architect
InfoSec Expert
June 25, 2022 10:39 am

The reported cyber incident at Yodel highlights how huge an impact a cyber-attack can have on a service delivery organisation. An attacker’s ability to disrupt business operations to this extent can have a massive effect on the business in the immediate term through unavailability, and in the medium to long term through loss of reputation and thus future business.
In this case, it appears that customers experienced a huge delay in parcel deliveries and that even when parcels had been delivered to collection points, they may not have been retrievable by their recipients, because the system to allow them to identify themselves was also offline. Planning around these types of outages is crucial to maintain at least a minimal service in times of crisis. Comprehensive Business Continuity Plans are key, factoring in potential cyber incidents, and fallback systems should be securely isolated yet regularly tested so that they can be seamlessly invoked.
Outside of this, organisations need to have the proper cyber hygiene, prevention, detection, response and recovery solutions in place to provide them with a significant cyber resilience capability. If an incident does occur, it’s critical that the processes and procedures in place are tested and ready to yield a rapid and robust response. 
Neutralising the threat rapidly is key, as is keeping customers and business partners informed quickly and efficiently to avoid further loss of goodwill. 
Due to challenges in finding qualified and experienced cybersecurity personnel and the associated costs, organisations should consider an outsourced Managed Detection and Response (MDR) service to be delivered through networks of experienced service providers and vendors. There should be no excuse for any organisation for not having the best detection and response capabilities alongside the more mature yet essential protection and recovery solutions.

Last edited 5 months ago by Matt Aldridge
Matt Aldridge
Matt Aldridge , Principal Solutions Architect
InfoSec Expert
June 23, 2022 2:38 pm

The reported cyber incident at Yodel highlights how huge an impact a cyber-attack can have on a service delivery organisation. An attacker’s ability to disrupt business operations to this extent can have a massive effect on the business in the immediate term through unavailability, and in the medium to long term through loss of reputation and thus future business.
 
In this case, it appears that customers experienced a huge delay in parcel deliveries and that even when parcels had been delivered to collection points, they may not have been retrievable by their recipients, because the system to allow them to identify themselves was also offline. Planning around these types of outages is crucial to maintain at least a minimal service in times of crisis. Comprehensive Business Continuity Plans are key, factoring in potential cyber incidents, and fallback systems should be securely isolated yet regularly tested so that they can be seamlessly invoked.
 
Outside of this, organisations need to have the proper cyber hygiene, prevention, detection, response and recovery solutions in place to provide them with a significant cyber resilience capability. If an incident does occur, it’s critical that the processes and procedures in place are tested and ready to yield a rapid and robust response. 
 
Neutralising the threat rapidly is key, as is keeping customers and business partners informed quickly and efficiently to avoid further loss of goodwill. 
 
Due to challenges in finding qualified and experienced cybersecurity personnel and the associated costs, organisations should consider an outsourced Managed Detection and Response (MDR) service to be delivered through networks of experienced service providers and vendors. There should be no excuse for any organisation for not having the best detection and response capabilities alongside the more mature yet essential protection and recovery solutions.

Last edited 5 months ago by Matt Aldridge
Ian McShane
Ian McShane , Field CTO
InfoSec Expert
June 23, 2022 2:37 pm

The apparent ransomware on Yodel is a prime example of another organisation failing to correctly deal with the repercussions of a cyberattack. It’s a narrative we see over and over – a business gets attacked, keeps its cards close to it’s chest, and creates undue panic and speculation among customers.

Everyone and every business is at risk of a cyberattack. They’re inevitable and it’s impossible to prevent them all. The difference between an organisation coming out the other side of an attack without any brand damage usually isn’t the incident itself, but how they communicate with their customers.

Without transparency in these situations, everything is rumours. We don’t know what’s been compromised, whether packages are impacted, or if payment details and PII have been leaked, and this makes the business look worse. Had Yodel come clean about exactly what it was dealing with, it would likely have received more sympathy from customers.

Last edited 5 months ago by Ian McShane
Keiron Holyome
Keiron Holyome
InfoSec Expert
June 23, 2022 2:23 pm

“We’re yet to hear details of the cyber incident Yodel has been prey to, however the nature of the attack pits ransomware as the suspect. We continue to see attacks like this across the UK and understand the dilemma organisations face, once breached, as to what to do next. 
 
“Ultimately, there’s no golden rule when it comes to ransomware attacks. In principle, it’s true that the security community does not recommend paying up to the cybercriminals, simply because doing so justifies and propels the ransomware business. There is also no guarantee that paying the ransom will result in the data being released or decrypted. 
 
“However, we do understand that in some of the highly targeted and most damaging attacks, there might be no other way to recover but to meet the ransom demands. Analysis and approach to an attack can only be taken on a case-by-case basis.
 
“It also seems that phishing was potentially part of, or as a result will soon to be part of, the attack, as Yodel warns users of receiving fake emails. It’s become increasingly difficult for everyday users to spot targeted phishing messages and spear phishing attempts. The latest BlackBerry Threat Report explains how the infrastructure of the cyber underground has evolved so attackers can deliver more timely and personalised deceptions to the public. It’s therefore vital organisations’ security holds strong on its customer’s behalf.
 
“In any scenario, it’s critical that companies that find themselves victim of attack work closely with the police and do everything possible to help with the investigation. BlackBerry also urge businesses to review their readiness to respond to cyber-attacks, which includes having access to expert Incident Response resources that have experience in getting businesses functioning again.
  
“With attacks on the rise, adopting a prevention first strategy that helps stop the attacks in the first place is now a critical part of any strategy for any business.”

Last edited 5 months ago by Keiron Holyome
Information Security Buzz
4
0
Would love your thoughts, please comment.x
()
x