Major retail chains across the globe are falling victim to sophisticated cyber attacks, with Australian businesses facing risks as criminals target the sector’s customer databases and operational systems.
An Arthur J. Gallagher & Co report highlighted recent attacks on British retail giants Marks & Spencer (M&S) and Co-op Food, noting these demonstrate the devastating impact cybercriminals can inflict on major retailers. The M&S attack left the iconic retailer unable to process contactless payments or operate online for nearly two weeks, whilst 200 workers lost shifts and shelves sat empty across the country.
The disruption stemmed from a ransomware attack that encrypted the company’s servers after hackers stole a database of passwords. Initial access reportedly came through social engineering tactics that tricked employees into divulging information.
Co-op Food and department store Harrods also sustained cyber attacks, with criminals claiming access to private information of 20 million Co-op membership scheme customers. The hackers revealed their extortion demands through British media, detailing data breaches affecting 10,000 customers and targeting business executives in blackmail attempts.
Australian retailers face similar threats, with 24% of cyber attacks targeting the sector. The COVID-19 pandemic accelerated the uptake of e-commerce platforms and online services, expanding the attack surface for financially motivated cybercrime groups.
Local examples include The Good Guys, which suffered an attack via a third party, and Retail Apparel Group, which fell victim to ransomware. Latitude Financial exposed 14 million customer records, affecting customers of David Jones and JB Hi-Fi.
“What is most concerning is that the attack method and threat vectors vary from attack to attack which makes prevention extremely challenging,” the report said.
The risk is compounded by increased regulatory scrutiny following the Optus and Medibank breaches, with regulators ramping up audits and enforcement actions.
Cybersecurity experts recommend retailers implement several key strategies: regular employee training to recognise social engineering attempts, vulnerability scanning to identify system weaknesses, multi-factor authentication to strengthen account security, and comprehensive incident response planning.
“Proactive investment in cybersecurity, third party risk management and compliance are now essential to survive in the current cyber threat landscape,” security analysts said.
With 48% of retail organisations lacking comprehensive ransomware prevention policies, the sector remains an attractive target for cybercriminals seeking to exploit operational dependencies and valuable customer data.
What steps can businesses take to safeguard customer data and operations against future cyber attacks? Share your insights in the comments below.
