end-point
ANALYSIS
CYBERSECURITY CRISIS:
RETAILERS’ RESPONSE DURING AND AFTER AN ATTACK
Dave McGrail, Head of Business Consultancy at Xalient, and Chris Woods, Founder and CEO at CyberQ Group, explore how retailers in the UK should react when facing a cybersecurity incident, both during the immediate aftermath and in the long term.
It won’ t happen to me
You have that unenviable sinking feeling when you suddenly realise you’ ve been breached.
In fact, many people struggle to comprehend how their systems or data were compromised. There’ s often a frantic rush to contain the breach and assess the extent of the damage. Without clear information, victims often feel overwhelmed about what actions to take next. Especially if security measures were believed to be strong, the realisation of a breach can be deeply stressful and incredibly frustrating.
Stay vigilant for the early warning signs
Attacks of this nature often start with subtle warning signs before more obvious system disruptions get underway. These include password changes, unfamiliar logins from odd locations, or new admin accounts appearing without authorisation. Your website suddenly slows, or you experience performance issues, crashes, and erratic behaviour in your apps and your website.
You notice important files being moved, deleted, or encrypted without user intervention, signalling there might be ransomware. You can see there are unauthorised devices connecting to the network and suspicious new user accounts gaining access.
Your worst fears have been confirmed as you face the fact, like many other retail businesses recently, you are under attack and your systems have been compromised.
So, what happens next?
Typically, when an attack happens, hackers will look to exploit any vulnerabilities to gain access to sensitive systems or data. They do this to steal confidential information and / or to encrypt files in ransomware
You notice important files being moved, deleted, or encrypted without user intervention, signalling there might be ransomware. You can see there are unauthorised devices connecting to the network and suspicious new user accounts gaining access.
72 WWW. INTELLIGENTCISO. COM