[ad_1]
In recent weeks, a string of major cyber-attacks have hit well-known UK retailers, sending a clear message: even large, well-resourced organisations are not immune. While details about the incidents remain sparse – as is often the case while investigations are ongoing – it’s believed that a notorious hacking group known as Scattered Spider is responsible, with social engineering used as the initial point of entry.
Social engineering – where attackers manipulate individuals into divulging sensitive information or granting access – is particularly dangerous because it bypasses traditional defences. Once inside, attackers can spend months gathering intelligence, reading internal communications, and slowly escalating their access. In some cases, they’ve even joined video meetings undetected, with cameras turned off.
People often ask: how can something as simple as a phishing email result in such a widespread breach, especially in organisations with dedicated cybersecurity teams, advanced monitoring tools, and red-teaming exercises? The truth is, it’s not about organisations being careless – it’s about how sophisticated these attacks have become.
Retail and hospitality businesses are especially vulnerable. Staff often access emails and communication tools like Microsoft Teams from personal devices, meaning policies around authentication must be more relaxed. This creates opportunities for attackers to exploit.
At razorblue, we’ve long recognised the risks posed by social engineering. We have strict internal controls, and while we can’t share the details for security reasons, we’ve recently reviewed and reinforced them in light of these events.
So, what should other organisations be doing?
Awareness is key. Encourage employees to be sceptical of unusual requests, especially those involving sensitive information. Phishing attempts can come via email, text, calls, or even internal messages. Confirm identities, and if something feels off – trust your instincts.
Restrict access where possible. Requiring users to access systems only from managed, corporate devices adds a strong layer of protection. Monitoring failed login attempts can help flag compromised accounts early.
Segment your networks. If an attacker does get in, this limits the potential damage. Many affected retailers were able to keep store operations running – likely due to effective network segmentation.
Finally, invest in monitoring. A 24/7 Security Operations Centre, like our Detect service, ensures early detection and response – often before an attacker can do lasting harm.
Cybersecurity is not just an IT issue; it’s a business-critical priority.
[ad_2]
