Retail cyberattacks: How to better protect your business and boost cyber resilience
Cyberattacks against UK retailers have put the industry on high alert. How can you be better prepared, bounce back better if you are hit and check your insurance programme is adequate?
To help protect your retail business, in this Q&A, our cyber risk and retail industry specialists answer your most urgent questions following the recent cyberattacks targeted at businesses in the retail sector.
Q: Can my business avoid being hit by cyberattacks?
A: While avoiding cyberattacks altogether may be unrealistic, the National Cyber Security Centre (NCSC) has issued some useful guidance on best practice precautions. In summary, the NCSC recommends businesses should:
- Deploy multi-factor authentication (MFA) across your organisation, which reduces the risk of unauthorised access by adding an extra layer of verification that makes it harder for attackers to compromise accounts
- Enhance monitoring against unauthorised account misuse
- Pay special attention to employees with higher-privilege access to your IT infrastructure, including domain admin, enterprise admin and cloud admin accounts, and checking their access is legitimate
Review helpdesk password reset processes — IT helpdesks are increasingly targeted in search of credentials to penetrate organisation networks, so, in addition to regular training, having a robust policies and processes on verifying employees’ identities is essential - Identify logins from unusual sources
- Monitor threat intelligence in real time and respond rapidly to alerts.
Any suspicious activity can signal unauthorised network access. You need to be vigilant over possible social engineering attacks, which impersonate help desk interactions to infiltrate your organisation’s IT systems.
You should also regularly revoke active sessions (meaning users have to authenticate themselves regularly for continued access to IT systems) and identify when individuals have created suspicious accounts.
Q: If a cyberattack hits your business, how can you restore operations quickly?
A: Developing and regularly testing a robust incident response plan can help minimise the impact of any cyber incident and restore your operations quickly.
Your incident response plan should set out how you define a ‘cyber incident,’ as well as the procedures for identifying and reporting them. Your plan should also include processes for containing incidents to prevent further damage and outline steps to restore systems. It should also establish how you plan to learn lessons from any cyber incident.
While no simulation can fully replicate the pressure associated with a real crisis, cyber incident workshops can prove vital in testing your incident response plans. In particular, testing and simulations can help key decision-makers identify any issues with cybersecurity or gaps in planning, which they can then address to help the business recover rapidly after any incident.
Q: Are you insured against the types of losses emerging from the cyberattacks recently impacting retailers?
A: The answer here will depend on the specifics of your coverage and the circumstances of any attack. However, based on publicly available material, the spate of cyberattacks against retailers would ordinarily fall within the scope of a typical cyber policy (although other non-cyber policies might also contain some form of coverage for the impacts following a cyberattack).
If you’re not clear on the scope of cover and whether it’s fit for the intended purposes, now is the time to stress-test it. Are there any gaps and what measures can you take to plug them?
Q: Is the amount of insurance you’ve purchased adequate?
A: Even if you evaluate your type of cover as fit-for-purpose, you should also assess the adequacy of your limits against all the potential financial implications of cyberattacks, for example, business interruption, ransom payments and notification costs.
Underinsurance not only presents a balance sheet problem, but may also leave your directors exposed to shareholder actions. Boards can face allegations of failure to ensure robust IT systems or inadequate handling of cyber risk, which can include failure to maintain adequate cyberinsurance.
Q: Do you understand the cyber risks most likely to impact your business and the financial damages you could face?
A: Identifying and quantifying your specific cyber risks is the first step to finding the most efficient way to mitigate them. Cyber risk quantification analytics that use industry and organisation-specific scenarios can give you a detailed picture of the financial consequences of cyber incidents. With this insight, you can plot a course to the most effective and efficient combinations of risk controls, transfer and insurance limits.
The cyberinsurance market is more competitive than it has been in recent years, meaning now’s a good time to investigate your options. To understand and ensure your cyber risks more effectively, or to strengthen your incident response planning, get in touch with our cyber risk and retail industry specialists
To find out how WTW can help your retail operation, visit them online here.
