The National Cyber Security Centre (NCSC) has warned organizations to tighten up their security practices following the recent cyber attacks on M&S, Co-op, and Harrods.
The security agency is calling on firms to review their password reset policies, and in particular how IT help desks authenticate workers when they make a reset request.
Organizations should be particularly cautious in the case of senior employees with escalated privileges, such as Domain Admin, Enterprise Admin and Cloud Admin accounts.
Similarly, the advisory noted that businesses should make sure that they’re using multi-factor authentication (MFA) across the board.
Notably, the agency warned organizations should be constantly on the lookout for ‘risky logins’ within Microsoft Entra ID Protection, where sign-in attempts are flagged as potentially compromised due to suspicious activity or unusual behaviour.
“Preparation and resilience does not mean just having good defences to keep out attackers. No matter how good your defences are, sometimes the attacker will be successful,” wrote NCSC national resilience director Jonathon Ellison and chief technology officer Ollie Whitehouse.
“It also means detecting threat actors when they are using your employees’ legitimate access (or are on your network, or in your cloud services) whilst being able to contain attackers to prevent damage, and to respond and recover when an attack has got through your defences.”
The Information Commissioner’s Office (ICO) has similar advice warning organizations to make sure that accounts are protected by a strong password, and that passwords aren’t being reused across multiple accounts.
What happened with the retail attacks?
Attacks against UK retailers have rocked the industry in recent weeks. M&S was the first to be hit, followed by the Co-op and Harrods at the end of April.
The attacks have caused lasting disruption for M&S in particular, which has been unable to provide contactless payment, click-and-collect services, or online sales.
While the Co-op attack was initially thought to have been limited in its impact, the retailer told BBC News last week that hackers had “accessed data relating to a significant number” of current and past members.
The threat actors behind the Co-op attack, who are going by the name ‘DragonForce’, told the broadcaster they are also responsible for the incidents at M&S and Harrods.
Attacks are a ‘wake-up call’ for UK businesses
In a speech at CyberUK this week, chancellor of the Duchy of Lancaster Pat McFadden is expected to describe the attacks as ‘a wake-up call for every business in the UK’, and to call on firms to treat cybersecurity as an ‘absolute priority’.
“We are ready to support you,” he will say. “The National Cyber Security Centre is standing ready to support businesses and provide advice, and guidance, on how to raise the cyber security bar.”
Small businesses are being encouraged to engage with the NCSC’s Small Business Guide to help bolster their defences and support through the Cyber Local scheme, which provides tailored funding to boost regional cyber skills.
MORE FROM ITPRO
TOPICS
