Cyberattacks have been on the rise across industries. But infiltrations of corporate technology carry their own set of implications when the target is a consumer-facing business.
Here’s what you need to know.
Despite ongoing efforts from organizations to boost their cybersecurity defenses, experts note that cyberattacks continue to increase across the board.
In the past year, there’s also been an “uptick in the retail victims” of such attacks, said Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, a U.S. nonprofit.
“Cyber criminals are moving a little quicker than we are in terms of securing our systems,” he said.
Attackers know there’s a particular impact when going after well-known brands and products that shoppers buy or need every day, experts note.
“Creating that chaos and that panic with consumers puts pressure on the retailer,” Steinhauer said, especially if there’s a ransom demand involved.
Ade Clewlow, an associate director and senior adviser at the NCC Group, points specifically to food supply chain disruptions. Following the cyberattacks targeting M&S and Co-op, for example, supermarkets in remote areas of the U.K., where inventory already was strained, saw product shortages.
“People were literally going without the basics,” Clewlow said.
Along with impacting business operations, cyber breaches may compromise customer data. The information can range from names and email addresses, to more sensitive data like credit card numbers, depending on the scope of the breach. Consumers therefore need to stay alert, according to experts.
“If (consumers have) given their personal information to these retailers, then they just have to be on their guard. Not just immediately, but really going forward,” Clewlow said, noting that recipients of the data may try to commit fraud “downstream.”
Fraudsters might send look-alike emails asking a retailer’s account holders to change their passwords or promising fake promotions to get customers to click on a sketchy link. A good rule of thumb is to pause before opening anything and to visit the company’s recognized website or call an official customer service hotline to verify the email, experts say.
A range of consumer-facing companies have reported cybersecurity incidents recently — including breaches that have caused some businesses to halt operations.
United Natural Foods, a major distributor for Whole Foods and other grocers across North America, took some of its systems offline after discovering “unauthorized activity” on June 5.
Still, that’s meant leaner supplies of certain items this week. A Whole Foods spokesperson told The Associated Press via email that it was working to restock shelves as soon as possible. The Amazon-owned grocer’s partnership with United Natural Foods currently runs through May 2032.
In a statement, The North Face said it discovered a “small-scale credential stuffing attack” on its website in April. The company reported that no credit card data was compromised and said the incident, which impacted 1,500 consumers, was “quickly contained.”
Whether or not the incidents are connected is unknown. Experts like Steinhauer note that hackers sometimes target a piece of software used by many different companies and organizations. But the range of tactics used could indicate the involvement of different groups.
Companies’ language around cyberattacks and security breaches also varies — and may depend on what they know when. But many don’t immediately or publicly specify whether ransomware was involved.
Still, Steinhauer says the likelihood of ransomware attacks is “pretty high” in today’s cybersecurity landscape — and key indicators can include businesses taking their systems offline or delaying financial reporting.
Overall, experts say it’s important to build up “cyber hygiene” defenses and preparations across organizations.
“Cyber is a business risk, and it needs to be treated that way,” Clewlow said.
