The National Cyber Security Centre (NCSC) has warned organizations to tighten up their security practices following the recent cyber attacks on M&S, Co-op, and Harrods.
The security agency is calling on firms to review their password reset policies, and in particular how IT help desks authenticate workers when they make a reset request.
Organizations should be particularly cautious in the case of senior employees with escalated privileges, such as Domain Admin, Enterprise Admin and Cloud Admin accounts.
Similarly, the advisory noted that businesses should make sure that they're using multi-factor authentication (MFA) across the board.
Notably, the agency warned organizations should be constantly on the lookout for ‘risky logins’ within Microsoft Entra ID Protection, where sign-in attempts are flagged as potentially compromised due to suspicious activity or unusual behaviour.
"Preparation and resilience does not mean just having good defences to keep out attackers. No matter how good your defences are, sometimes the attacker will be successful," wrote NCSC national resilience director Jonathon Ellison and chief technology officer Ollie Whitehouse.
"It also means detecting threat actors when they are using your employees’ legitimate access (or are on your network, or in your cloud services) whilst being able to contain attackers to prevent damage, and to respond and recover when an attack has got through your defences."
The Information Commissioner's Office (ICO) has similar advice warning organizations to make sure that accounts are protected by a strong password, and that passwords aren't being reused across multiple accounts.
What happened with the retail attacks?
Attacks against UK retailers have rocked the industry in recent weeks. M&S was the first to be hit, followed by the Co-op and Harrods at the end of April.
The attacks have caused lasting disruption for M&S in particular, which has been unable to provide contactless payment, click-and-collect services, or online sales.
While the Co-op attack was initially thought to have been limited in its impact, the retailer told BBC News last week that hackers had “accessed data relating to a significant number” of current and past members.
The threat actors behind the Co-op attack, who are going by the name ‘DragonForce’, told the broadcaster they are also responsible for the incidents at M&S and Harrods.
Attacks are a ‘wake-up call’ for UK businesses
In a speech at CyberUK this week, chancellor of the Duchy of Lancaster Pat McFadden is expected to describe the attacks as 'a wake-up call for every business in the UK', and to call on firms to treat cybersecurity as an 'absolute priority'.
"We are ready to support you," he will say. "The National Cyber Security Centre is standing ready to support businesses and provide advice, and guidance, on how to raise the cyber security bar."
Small businesses are being encouraged to engage with the NCSC’s Small Business Guide to help bolster their defences and support through the Cyber Local scheme, which provides tailored funding to boost regional cyber skills.
MORE FROM ITPRO
- 2024 was a record year for commercial cyber attacks
- Cyber attacks against UK firms dropped by 10% last year, but experts say don't get complacent
- Global cyber attacks jumped 44% last year
-
SonicWall CEO Bob VanKirk hails ‘pivotal moment’ as firm unveils new MSP cyber solutionsNews The company is expanding its MSP solutions range and ramping up its focus on platform-based security
-
What is AI washing?Leaders should interrogate claims products use 'AI' if they want the outcomes they've paid for
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloadsNews The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
Five Eyes cyber agencies issue guidance on edge device vulnerabilitiesNews Cybersecurity agencies including the NCSC and CISA have issued fresh guidance on edge device security.
-
"Thinly spread": Questions raised over UK government’s latest cyber funding schemeThe funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
-
State-sponsored cyber crime is officially out of controlNews North Korea is the most prolific attacker, but Russia and China account for the most disruptive and tightly-targeted campaigns
-
Modern enterprise cybersecuritywhitepaper Cultivating resilience with reduced detection and response times
-
IDC InfoBrief: How CIOs can achieve the promised benefits of sustainabilitywhitepaper CIOs are facing two conflicting strategic imperatives
-
The NCSC and FBI just issued a major alert over a state-backed hacker group – here’s what you need to knowNews State-affiliated attackers are targeting individuals via spear-phishing techniques, according to the NCSC
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
