Govt wades in as Co-op and M&S cyber attacks escalate

The Government has urged businesses of all sizes to treat cyber security as an “absolute priority” following the wave of attacks on UK retailers, with Chancellor of the Duchy of Lancaster Pat McFadden insisting the onslaught must to be “a wake-up call”.

In a speech at this week’s CyberUK conference, McFadden will set out what action the Government is taking to improve the country’s cyber security, as part of plans to secure Britain’s future through the Plan for Change, including a new Cyber Security Bill.

It follows a briefing he led with national security officials and National Cyber Security Centre CEO Richard Horne on Friday about the recent hacks and expert support being provided to retailers.

McFadden will say: “These attacks need to be a wake-up call for every business in the UK. In a world where the cybercriminals targeting us are relentless in their pursuit of profit – with attempts being made every hour of every day – companies must treat cyber security as an absolute priority.

“We’ve watched in real-time the disruption these attacks have caused – including to working families going about their everyday lives. It serves as a powerful reminder that just as you would never leave your car or your house unlocked on your way to work. We have to treat our digital shop fronts the same way.”

The NCSC is working closely with organisations that have reported incidents to them to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture.

Business leaders are also being urged to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.

In his speech, McFadden will encourage firms from all sectors to consider what cyber protections they have in place: “We are ready to support you. The NCSC is standing ready to support businesses and provide advice, and guidance, on how to raise the cyber security bar.

“We’re modernising the way the state approaches cyber, through the Cyber Security & Resilience Bill. That legislation will bolster our national defences.

“It will grant new powers for the Technology Secretary to direct regulated organisations to reinforce their cyber defences It will require over 1,000 private IT providers to improve their data and network security.

“It will require companies to report a wider array of cyber incidents to the NCSC in the future – to help us build a clearer picture of who, and what, hostile actors are targeting.”

The move comes as UK retailers brace themselves for mass disruption following the attacks on Marks & Spencer, Co-op and Harrods.

While Harrods appears to have successfully blocked the hack attack, the M&S incident in now entering its third week, with no sign of the business getting back to normal.

In fact, one M&S insider has told Sky News it could be “months” before the retailer fully recovers from the attack, claiming last week had been “just pure chaos”. They added: “We didn’t have any business continuity plan, we didn’t have a cyber attack plan.”

The latest part of the business to be affected has been its meal deals. Shoppers have been warned that M&S is unable to fulfil certain offers because of stock availability issues caused by the hack.

Meanwhile, Co-op confirmed late last week that attackers had stolen personal data from a “substantial” number of customers, although in a email to its 5 million members group CEO Shirine Khoury-Haq insisted a “limited amount” of member data had been compromised.

She said: “We want to be open with you about where we find ourselves right now, so I am writing to you personally to give as clear a picture as I am currently able to provide.

“We recognise the importance of data protection and take our obligations to you and our regulators seriously, particularly as a member-owned organisation.

“I appreciate you will want to know more, and I hope you will understand that in order to protect our Co-op, we are limited as to the detail we can communicate at this time. I thank you for your patience and I will be back in touch as soon as possible.”

The retailer has also warned customers of ongoing product shortages across its store network as the retailer continues to battle a “sustained” cyber-attack that has forced it to shut down some of its delivery systems.

The retailer said the attack on its systems, which began last week, has caused serious disruption to store availability, particularly in fresh categories such as fruit, vegetables, meat and dairy.

According to reports, hacking groups Dragonforce and Scattered Spider – allegedly composed of British and US teenagers – are believed to be behind the Co-op and M&S breaches.