The National Cyber Security Centre (NCSC) has warned organizations to tighten up their security practices following the recent cyber attacks on M&S, Co-op, and Harrods.
The security agency is calling on firms to review their password reset policies, and in particular how IT help desks authenticate workers when they make a reset request.
Organizations should be particularly cautious in the case of senior employees with escalated privileges, such as Domain Admin, Enterprise Admin and Cloud Admin accounts.
Similarly, the advisory noted that businesses should make sure that they're using multi-factor authentication (MFA) across the board.
Notably, the agency warned organizations should be constantly on the lookout for ‘risky logins’ within Microsoft Entra ID Protection, where sign-in attempts are flagged as potentially compromised due to suspicious activity or unusual behaviour.
"Preparation and resilience does not mean just having good defences to keep out attackers. No matter how good your defences are, sometimes the attacker will be successful," wrote NCSC national resilience director Jonathon Ellison and chief technology officer Ollie Whitehouse.
"It also means detecting threat actors when they are using your employees’ legitimate access (or are on your network, or in your cloud services) whilst being able to contain attackers to prevent damage, and to respond and recover when an attack has got through your defences."
The Information Commissioner's Office (ICO) has similar advice warning organizations to make sure that accounts are protected by a strong password, and that passwords aren't being reused across multiple accounts.
What happened with the retail attacks?
Attacks against UK retailers have rocked the industry in recent weeks. M&S was the first to be hit, followed by the Co-op and Harrods at the end of April.
The attacks have caused lasting disruption for M&S in particular, which has been unable to provide contactless payment, click-and-collect services, or online sales.
While the Co-op attack was initially thought to have been limited in its impact, the retailer told BBC News last week that hackers had “accessed data relating to a significant number” of current and past members.
The threat actors behind the Co-op attack, who are going by the name ‘DragonForce’, told the broadcaster they are also responsible for the incidents at M&S and Harrods.
Attacks are a ‘wake-up call’ for UK businesses
In a speech at CyberUK this week, chancellor of the Duchy of Lancaster Pat McFadden is expected to describe the attacks as 'a wake-up call for every business in the UK', and to call on firms to treat cybersecurity as an 'absolute priority'.
"We are ready to support you," he will say. "The National Cyber Security Centre is standing ready to support businesses and provide advice, and guidance, on how to raise the cyber security bar."
Small businesses are being encouraged to engage with the NCSC’s Small Business Guide to help bolster their defences and support through the Cyber Local scheme, which provides tailored funding to boost regional cyber skills.
MORE FROM ITPRO
- 2024 was a record year for commercial cyber attacks
- Cyber attacks against UK firms dropped by 10% last year, but experts say don't get complacent
- Global cyber attacks jumped 44% last year
-
More transparency needed on sprawling data center projects, activists claimNews Activists call for governments to be held accountable when data centers are pushed through without proper consultation
-
Red Hat eyes tighter data controls with sovereign support for EU customersNews The company's new offering will see support delivered entirely by EU citizens in the region
-
Government urges large enterprises to shore up defenses as NCSC warns UK faces four 'nationally significant' cyber attacks every weekNews UK enterprises of all sizes face escalating cybersecurity threats, ministers have warned
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
‘States don’t do hacking for fun’: NCSC expert urges businesses to follow geopolitics as defensive strategyNews Paul Chichester, director of operations at the UK’s National Cyber Security Centre, urged businesses to keep closer tabs on geopolitical events to gauge potential cyber threats.
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloadsNews The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
Five Eyes cyber agencies issue guidance on edge device vulnerabilitiesNews Cybersecurity agencies including the NCSC and CISA have issued fresh guidance on edge device security.
-
"Thinly spread": Questions raised over UK government’s latest cyber funding schemeThe funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
-
State-sponsored cyber crime is officially out of controlNews North Korea is the most prolific attacker, but Russia and China account for the most disruptive and tightly-targeted campaigns
-
Modern enterprise cybersecuritywhitepaper Cultivating resilience with reduced detection and response times
