Cyberattacks on some of the UK’s largest retailers have flooded headlines in the past weeks.
Marks & Spencer, Co-op, and Harrods have all become victims of this latest onslaught of cyber crimes. As of this week, Peter Green Chilled, a logistics firm supplying major supermarkets like Tesco, Sainsbury’s, and Aldi, has confirmed it’s being held to ransom by hackers.
With thousands of meat products at risk of going to waste due to not being able to process any orders, this latest incident shows that the impact doesn’t stop at the point of sale.
- It’s deep.
- It’s disruptive.
- And it’s increasingly common.
The bigger picture on cyber attacks
It’s important to take a step back and remember that these are not just headlines; they are stories of real people who are facing real fallout. Empty shelves and having to manually check stock are just some of the problems faced by staff affected by these attacks, not to mention the overarching loss of revenue.
This is a more widespread issue than what’s currently in the papers. From the Cyber Security Breaches Survey 2024:
- Half of businesses and around a third (32%) of charities report having experienced some form of cybersecurity breach or attack in the past 12 months.
- The most common type of attack comes in the form of phishing (84% of businesses and 83% of charities).
Phishing is evolving with the help of AI
Phishing, whilst amusing in the more obvious cases (like when your “Boss”, who may or may not be sitting directly opposite you, needs your credit card details so they can buy a sandwich), is at the end of the day, attacks on trust. With the aim of tricking employees into revealing sensitive or private information by falsifying a name or company, these attackers can gain access to critical systems, compromise confidential data, and plant backdoors.
And yes, it can get personal.
Cyber attackers might cast their net wide or target individuals who they believe are more susceptible or are considered “high-value”, meaning people with access to critical systems, data, and resources.
How AI is evolving cyber attacks
This search for targets and vulnerabilities to exploit can now also be accelerated by using artificial intelligence. Whether for phishing or other types of attacks, AI has become an easy and fast way of data scraping: quickly and efficiently analysing and gathering data from online sources.
It can even be used to send eerily convincing messages.
If you’ve ever used a particularly helpful AI-driven assistant or help-bot and thought it was almost as good as talking to a real person (if perhaps a little long-winded and over-friendly), you may understand how this could be utilised for deception.
Why SMEs should be cautious
SMEs are particularly at risk due to limited cybersecurity budgets, fewer dedicated IT experts, and less robust defences compared to larger organisations.
This exposure could make even a single phishing incident potentially catastrophic, leading to business closure if recovery costs or reputational damage are too significant to overcome.
The stats are sobering:
- While 50% of businesses faced breaches last year, medium-sized firms were hit the hardest at 70%.
Potential fallout from attacks can include:
- Customer trust, lost through leaked data
- Financial pressure from ransom demands or fraud
- Daily chaos and operational breakdowns
- Emotional strain on employees
For a small retailer, these aren’t just setbacks. They can threaten everything they’ve built. This isn’t meant to be alarmist, it’s to point out that if you’ve been affected, know this: it’s not a mark of weakness or failure.
Cybercriminals are cunning, often exploiting trust rather than technology alone, making it a human challenge as much as a digital one. However, it’s important to remember you’re not alone.
We understand how daunting this feels, especially with the confusing and not always understood presence of AI.
What can you do now to prevent cyber vulnerabilities?
The National Cyber Security Centre (NCSC) suggests reviewing help desk processes and strengthening authentication, but that’s just a start.
You’re juggling enough without having to take on the role of cybersecurity expert, too. That’s why we believe in meeting you where you are, with empathy and solutions that fit your reality.
One vital thing to remember is that your employees are at the heart of your business, and they’re key to staying safe online. With the right support, they can spot trouble early, like a dubious email or an odd phone call.
Here’s how you can help them, help you:
- Simple training: Short, real-world lessons on spotting tricks like phishing build confidence without eating up time.
- Easy reporting: A one-click system to flag suspicious activity empowers action.
- Get back to basics: Smarter passwords, codewords to validate identity, and approval checks can block intruders quickly.
It’s not about pointing fingers, and it’s not about turning every member of staff into an expert. It’s about building a team effort where everyone feels supported.
Low-cost steps businesses can take to prevent cyber attacks
Beyond your team, a few practical moves can shore up your defences (without breaking the bank):
- Spot-check your systems: Regular reviews catch problems early.
- Create a crisis plan: Know who does what, when, and rehearse it.
- Check your suppliers: Ask them how they’re staying secure.
- Use simple tools
- Together, these create a safety net that’s strong enough to give you breathing room.
How RiskSmart can help businesses prevent cyber attacks
We know tools can feel like just another thing to figure out, but we believe RiskSmart is built to lighten your load, not add to it.
Our ethos is to keep things simple.
Our solution was created with all employees in mind, not just risk professionals.
We aim to help build cultures of risk awareness and are designed so your team can report potential threats in moments, and you get a clear view of what’s happening across your business. No jargon, no hassle, just a partner to help you stay on top of risks so you can focus on what you do best.
Now is the time for Cybercrime solidarity, not silence.
We often hear about the reputational cost of a cyber attack. Like being targeted is something to hide. It’s not.
The recent struggles of M&S, the Co-op, and Harrods show this isn’t about size, capability, or budget. It’s about the modern-day problems we now face.
Instead of condemnation, these moments call for understanding, solidarity and support. If we choose to support and not stigmatise the businesses affected (especially SMEs) we help build a culture where transparency is encouraged, lessons are shared, and recovery is possible.
Let’s not shy away from those who’ve been hit; instead, let’s stand with them. Cybercrime may be tough, but so is your team. With your team empowered, a few smart steps in place and the right kind of help, you can build something stronger.
If you ever need a hand, RiskSmart is here for you.
Let’s face it together.