Co-op and M&S cyber attacks show dark forces are preying on corporate giants: Greg Wright

In a blog post, bosses at the National Cyber Security Centre warned that cyber criminality, including extortion and ransomware, is one of the biggest threats facing companies in the UK.

It added: “It affects organisations of all sizes, from the largest, to the very smallest. No one is immune from this threat. It is both opportunistic and indiscriminate."

Criminals continue to adapt their business models to maximise profits, including a shift towards ‘ransomware as a service’ where criminals, who often have little technical knowledge, are able to launch attacks using pre-developed tools.

This includes tailoring their methods of attack depending on what is most likely to yield the most significant payments. Recovery can be lengthy and costly.

The blog notes that here has been speculation that some of these incidents have been carried out by a group known as 'Scattered Spider', “as well as discussion about whether social engineering had been used by threat actors targeting IT helpdesks to perform password and MFA (multi-factor authentication) resets, a technique that the group has been reported to use in the past”.

Scott Dawson, the CEO of payments processor DECTA, said retailers can no longer afford to treat resilience against cyber attacks as optional.

He added: “This (Co-op) incident, coming on the heels of major breaches at Marks & Spencer and other high-profile targets, highlights how brittle legacy architectures and siloed security practices are.

"Until businesses adopt uniform metrics and invest in fail-safe recovery plans, every transaction—and every customer relationship—remains at risk. When a single intrusion forces entire back-office operations offline, every step from inventory management to customer service teeters on collapse.

"Much like the repeated failures of banking apps, this illustrates a fundamental weakness in the resilience of the systems we rely on most,’’ he added.

The National Cyber Security Centre believes two-step verification, a form of multi-factor authentication, should be deployed comprehensively and companies must also keep a close eye on unauthorised account use as part of a strategy to keep the hackers at bay.

Most big companies are taking steps to boost their cyber security defence systems. But the fact remains that these attacks are becoming an almost daily occurrence, leading to empty shelves, worried customers, frazzled management and plunging share prices.

If we don’t remain on our guard, these dark forces could ruin our lives. Cyber vigilance will always be the price of liberty.

Greg Wright is the deputy business editor of The Yorkshire Post