By Dave McGrail, head of business consultancy at Xalient and Chris Woods, founder and CEO at CyberQ Group
Several major UK retailers have recently been targeted by cyberattacks. Experts warn that the retail sector’s vast access to consumer data and the challenges it faces in keeping up with the constantly shifting threat landscape make it a prime target for hackers. This is evident in the finding that retail cyber vulnerabilities have risen by 52% year-over-year.
These types of attacks are almost inevitable, but retailers are prime targets due to their online presence and the high volumes of transactions involving billions of customers’ sensitive data. Further, the prominent nature of these attacks boosts awareness for the hacking groups involved.
Reports suggest that some retailers could lose as much as £1 million per day in sales due to cyber-attacks. This has created industry-wide alarm, and the UK’s National Cyber Security Centre (NCSC) is working with affected retailers to mitigate the damage and improve cybersecurity measures. Experts emphasise that, going forward, retailers must treat cybersecurity as a strategic business priority and the consequences of inaction.
In his keynote speech at the CyberUK conference in Manchester in May the Chancellor of the Duchy of Lancaster said: “These attacks are a wake-up call for every business in the UK. In a world where the cybercriminals targeting us are relentless in their pursuit of profit – with attempts being made every hour of every day – companies must treat cyber security as an absolute priority.”
“We’ve watched in real-time the disruption these attacks have caused – including to working families going about their everyday lives. It serves as a powerful reminder that just as you would never leave your car or your house unlocked on your way to work. We must treat our digital shop fronts the same way.”
Where the greatest threats lie
While the full facts about the most recent retail attacks are yet to be disclosed, typically when these happen there are three common factors or weaknesses that threat actors prey on.
Firstly, social engineering tactics, often through the IT helpdesk, allow hackers to impersonate employees and trick staff into resetting their passwords and disabling multi-factor authentication, thereby gaining access to internal systems.
After gaining access to the system, hackers often enter via Microsoft Active Directory and exfiltrate the database containing password hashes for domain users. This allows them to retrieve clear-text credentials, so they can move laterally across the network and escalate their privileges.
Often, IoT devices, which are used extensively in retail for smart inventory management, cashier-less payment systems and real-time shipment tracking, as well as smart security cameras and connected POS systems, are on the organisation’s network and present major security risks as hackers exploit IoT vulnerabilities to gain unauthorised network access.
What retailers should do now?
While authorities, including Scotland Yard’s cybercrime unit, investigate the attacks, retailers are urged to strengthen their digital infrastructure and integrate security into broader business operations to prevent future breaches. This is easier said than done and to help retailers proactively protect themselves, here are five practical steps to shore up their defences:
- Start with a cyber maturity assessment
This structured evaluation will help identify security gaps to prioritise improvements. It begins with an assessment against an industry accepted framework, such as NIST or CIS, to benchmark the current security posture against best practices. This involves reviewing policy enforcement, access controls, incident response readiness and threat detection capabilities. By analysing historical breach data, third-party risks and compliance gaps, security teams can pinpoint areas needing urgent attention.
- Ensure robust identity security
Once gaps are identified, the next step is building a roadmap for improvement, which could start by implementing a Zero Trust framework that eliminates implicit trust across the network. This means enforcing least-privilege access, continuous posture and access verification, and network-segmentation to restrict lateral movement. It is also valuable to implement authentication mechanisms by deploying phishing-resistant MFA, biometric authentication, hardware security keys for privileged accounts and Identity and Access Management (IAM) best practices. It is advisable to invest in proactive threat hunting, using AI-driven analytics to detect anomalous activity before breaches occur.
- Conduct employee cybersecurity training
Employees are the first line of defence against cyber threats. As such, cybersecurity awareness training must go beyond routine awareness and focus on tailored, real-world attack scenarios that retail employees encounter, such as phishing, social engineering and credential theft. Employees must be trained to spot fraudulent emails, verify IT requests and avoid password-sharing pitfalls. For maximum results, training should be interactive, ongoing and tailored to specific roles, ensuring frontline staff, warehouse teams, and executives understand the potential risks.
- Invest in improving incident response and recovery plans
As retailers operate in a high-risk environment where ransomware, phishing and supply chain attacks can be detrimental to their operations and expose customer data, incident response and recovery plans are non-negotiable. A well-defined incident response plan ensures the rapid containment of a breach, thereby minimising financial losses and reputational damage. Recovery strategies, on the other hand, must prioritise backups, system restoration and forensic analysis to prevent repeat attacks. Testing should also be done continuously to reduce delays and ensure an effective response during an attack.
- Work closely with cybersecurity experts
To stay ahead of evolving threats, retailers should partner with cybersecurity experts who bring specialised knowledge in threat intelligence, compliance and adversarial skills to withstand advanced persistent threats, social engineering attacks and supply chain vulnerabilities. External specialists provide unbiased assessments, cutting-edge tools and global threat visibility that internal teams may lack. They also have deep expertise in penetration testing, risk mitigation and real-time defence strategies, which provide a proactive approach to security and are valuable in reducing the risk of a breach or associated regulatory penalties.
Given the spate of recent attacks on retailers, the increase in breaches year-on-year, and the advanced sophistication of these attacks, it is critical that retailers go beyond the basic security measures and invest in cyber resilience. This includes a renewed focus on rapid detection, response and recovery as well as investing in Zero Trust architecture, AI-driven threat intelligence and robust incident response strategies to protect sensitive customer and employee data while minimising potential downtime.
Looking forward threats to retailers will only intensify with more ransomware attacks, combined with the security implications of new technologies like AI and machine learning and the challenges of securing the supply chain. After all, breaches not only impact operations, but they erode customer trust, impact brand reputations, disrupt stability and, as witnessed recently, can cost millions in lost sales.
