Arts, crafts and hobbies retailer The Works has today announced the temporary closure of some of it’s 520 UK stores following a cyber-attack.
The attack was said to have created issues with tills and caused disruption to the company’s ordering/re-ordering systems. It reassured customers in a statement that that client data had not been breached, however the company has reported the breach to the ICO.
The Works said in a statement that debit and credit card transactions were processed outside its own systems by third parties so customer payment data had not been compromised by the attack.
John Davis, Director UK & Ireland, SANS Institute, EMEA, said this was a timely reminder for businesses to exercise good cyber hygiene and offered the following guidance for businesses, explaining the steps they can take to build in defences to their daily operations.
“With nearly four in ten (39%) UK businesses identifying a cyber attack over the last 12 months, basic digital hygiene is still going a long way in providing a crucial barrier of protection. Of those identifying a cyber attack, a staggering 83% outlined that phishing was the most common threat vector. However, only 8% of organisations have set up multifactor authentication and forced employees to change passwords since their most disruptive breach or attack of the last 12 months, in cases where breaches had material outcomes.
“Keeping on top of cybersecurity with tools like MFA and education around password maintenance needs to be the new status quo. Consistently reinforcing the importance of foundational cybersecurity training and creating a knowledge-based defence against any kind of phishing attack will help block bad actors at the door. When it comes to cyber hygiene, nearly half (49%) of businesses have enacted at least five steps from government guidance. This is a good start, but doubling cyber hygiene should be a goal for leaders across all shapes and sizes of company, to reduce the likelihood of cyber attacks happening and minimise the detrimental impact.
“We’re seeing that acknowledgement of growing cyber threats at a board level is increasing, with 82% of boards or senior management teams rating cybersecurity as a high priority. Awareness of cybersecurity stakes needs to permeate all levels of a company, and training initiatives need to be translated across teams. It’s impossible for everyone to be a cybersecurity guru, but with the right education and interactive training even technophobes can get a starting grasp of the new threat landscape and the ways to safeguard data.”
The Works has said in a statement they expect to be able to re-open stores soon.