CFOtech UK - Technology news for CFOs & financial decision-makers
Story image

Ransomware attack exposes retail vulnerabilities globally

Tue, 26th Nov 2024

The recent ransomware attack on Blue Yonder, affecting the supply chains of Morrisons and Sainsbury's, highlights the persistent vulnerabilities retailers face, particularly during the holiday season.

Dan Lattimer, Vice President of Semperis, noted that the timing of the attack is likely strategic. "This attack was likely calculated as the hackers are aware that the Thanksgiving Holiday is approaching and disruptions in the supply chain will leave many grocery stores in the U.S. with empty shelves at the worst possible time," he stated.

Lattimer also acknowledged that while details of the attack are limited, its potential ramifications could be extensive. "Kudos to Blue Yonder for dealing with this cyberattack head on but we still don't know how far reaching the business disruptions will be in the UK, U.S. and other countries," he added.

Emphasising the need for vigilance, Lattimer highlighted the decisions organisations must face in ransom situations. "Deciding whether or not to pay a ransom is a personal decision that each company has to make, but paying emboldens threat actors and throws more fuel onto an already burning inferno. Simply, it doesn't pay-to-pay," he cautioned. He also referenced Semperis' new Ransomware Holiday Risk Report, noting that the data underscores significant vulnerabilities during holidays. "In fact, more than 70 percent of organisations have been victimised by ransomware in the past 12 months. Unfortunately, most companies also downsize security staffing on holidays and weekends," Lattimer stated.

The issue is exacerbated by a reduction in security staffing during vulnerable periods. "In the UK, 81 percent of companies scale back security staffing by up to 50 % during holidays and weekends. In the U.S. 90 % of organisations do the same thing," Lattimer said, pointing to a substantial gap in security measures across these critical times.

Lattimer advised on steps to bolster operational resilience, particularly concerning identity systems like Active Directory. "For instance, in nearly all ransomware attacks, threat actors compromise organisations' identity systems, most often Active Directory. This can lead to entire networks being taken offline," he explained. To combat this, organisations are urged to implement robust backup and recovery strategies. "To improve operational resiliency, businesses should deploy a robust backup and recovery plan, that ensures Active Directory, Entra ID, Okta and other identity systems are recoverable," Lattimer concluded.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X