Recent cyber-attacks against major UK retailers have revealed the scale of vulnerability in legacy IT systems that run the country’s most vital services.
In quick succession both Co-op and Marks & Spencer faced disruption to their IT systems because of targeted attacks.
M&S was forced to suspend online sales – which net the business on average £3.8m a day – while the Co-op was forced to shut down entire parts of its IT system to avoid an attempted breach.
The scale of the attacks on two of Britain’s largest retailers, made worse by the fact they took place within a week of each other, has shown how vulnerable so many legacy IT systems still are.
“This incident highlights how brittle legacy architectures and siloed security practices are, and no match for sophisticated threat actors,” said Scott Dawson, chief executive of payment security and infrastructure group DECTA.
According to Dawson, the problem is far from limited to retail. Pointing to recent bank outages, including an incident in March that forced Barclays to pay out millions in customer compensation, he said there is a “fundamental weakness in the resilience of the systems we rely on the most”.
For Dawson, the solution requires standardised uniform metrics to measure the resilience of systems, the lack of which has contributed to the very notion of IT durability being “dismissed as mere rhetoric”.
“It’s time to move beyond rhetoric: businesses must move from reactive patchwork to proactive resilience engineering architected into every layer of IT strategy, or retailers will continue to pay the price,” he continued.
For Raghu Nandakumara, head of industry solutions at cyber group Illumio, however, there is a positive lesson to be learnt from the Co-op’s response.
“The decision to proactively shut down parts of its IT systems following a cyber threat, whilest keeping essential business operations running, is a strong example of an effective containment strategy in action,” he said.
While it is concerning that the decision had to be made, Nandakumara applauded the group’s ability to protect its business continuity, leaving the firm in a better position than M&S.
“Security today is about knowing that breaches are inevitable, but disasters are optional. This realisation is key to maintaining trust and continuity during a cyberattack,” he added.
The UK government has been warning businesses of the threat posed by cyber-attacks;, encouraging more proactive measures.
The Department for Science, Innovation and Technology (DSIT), claims to have found a solution in the form of quantum computing.
Last month, Tech Secretary Peter Kyle wrote in UKTN that by “harnessing the power of new technologies like quantum computing, we can take the fight to the criminals”.
Kyle’s message came alongside the reveal of a £121m public investment into researching how quantum technologies can enhance cyber systems.
Though considered something of a ‘silver bullet’ by DSIT, the National Cyber Security Centre (NCSC) has warned that just as quantum can be used to support security, it can also be used by the perpetrators of attacks themselves.
The cyber security organisation told businesses earlier this year that they have, at best 10 years, to prepare their systems for a new generation of quantum-powered attacks.
Read more: Another day, another banking outage – why are our systems breaking down?
The post Supermarket cyber-attacks highlight vulnerability of legacy systems appeared first on UKTN.
