No business wants to be the victim of a cyber attack. Whether it is disruption to the smooth running of systems, the theft of important data or even the extortion of money, the consequences of such actions can be severe.
With the right IT support and services you can take big steps towards securing your firm – and it should be a big priority to do so if you are a provider of fast moving consumer goods, or FMCGs.
Writing for The Grocer, CEO at the Scottish Business Resilience Centre Jude McCorry said there is a rising number of cyber attacks aimed at the retail and FMCG sectors. She cited the example of a ransomware attack on KP Snacks earlier this year, which stopped the processing and dispatching of orders.
“Such an event can be crippling, hitting not only the business itself but also its supply chain,” she remarked, adding: “Sadly, such incidents are neither new nor unusual, but this isn’t translating into awareness across the retail sector.”
Of course, such a lack of awareness will not be lost on the cyber criminals, who will see the sector as being a soft target. This in turn will make more attacks increasingly likely unless firms take action to shore up their defences and provide a firm deterrent.
Ms McCorry highlighted the “disconnect” between risk and awareness by stating this had become clear to a colleague of hers who had been speaking at an event for the Federation of Independent Retailers, with an attitude that IT security is “someone else’s problem” still all too prevalent.
She said a more enlightened approach has been taken by Tesco, which recently carried out its first cyber attack stress test to see how resilient it would be.
The KP Snacks incident is certainly not the only high-profile recent incident, with Spar stores across the north of England being unable to take card payments at the tills last December after an attack on the company’s systems.
Ms McCorry warned: “The most common types of attacks that retailers should be vigilant for are phishing emails, vulnerabilities in the supply chain, and ransomware attacks.” She added that not only should firms improve their defences against these, but they should also have contingency plans in case an attack succeeds.
Emails are, of course, an area of vulnerability for anyone with a domain, but clearly there is more mileage for cyber criminals in targeting a company from which it can extort large sums of money than from the average individual person.
There is some wider help available, with the National Cyber Security Centre launching a tool earlier this month designed to enable organisations to check their email security systems for weaknesses.
Unveiled on the opening day of the CYBERUK 2022 conference, it can show firms where they need to bolster their email security to thwart criminals.
At the same time, it warned that vulnerability levels are high, with as few as seven per cent of firms in some sectors having the recommended email security in place.
This tool does not solve the problem, but it will show firms if they are vulnerable and need IT experts to help change that.