As Uber becomes the latest victim in a series of high-profile cyber-attacks this year, leading IT expert Nebula is reminding retailers of the ever-growing cyber risk and the importance of increasing cyber security as we go into 2023.
On 10 December (2022), a threat actor – named ‘UberLeaks’ – began leaking data employee email addresses, corporate reports, and IT asset information they claimed was stolen from Uber and Uber Eats from a third-party vendor. Constituting the second major cyber security incident for Uber this year, the leak is believed to affect almost 80,000 of its employees.
This comes as estimates suggest that in the last 12 months, 39% of UK businesses identified a cyber-attack. Adding to the equation is an increased influx of new threat variants as hackers and the technologies they use become more sophisticated and targeted.
The result, according to leading IT support services provider Nebula is that it has never been more important or timely for businesses to strengthen their cyber security practices.
Chris Pottrell, founder and MD of Nebula said: “As we look to the recession and what promises to be a challenging year ahead, it may appear all too tempting for businesses to place cybersecurity investment on the backseat to try to claw back on cost or resources. However, as the frequency and depth of cyber-attacks increases, the bottom line is cyber security is no longer an option but integral for any business that wants to remain in the field.
“The unfortunately reality, as demonstrated by this latest Uber incident, is that we are now living in a world where cybercriminals are able to penetrate businesses with increasingly advanced attacks as more business is done online. These types of attacks are by no means prejudiced either. It doesn’t matter if you’re a small start-up or a global empire, a charity or a private business, the risk is there. It is therefore vital that every organisation takes cyber security seriously to protect themselves, their assets, their employees and stakeholders as we continue to live in a time of increasing cyber risk.”
Chris adds: “Understandably, because of the technological complexities involved, we know that cybersecurity can, at first, appear incredibly daunting for some businesses. However, the good news is that recent years have seen an influx of organisations, research papers and guidance to help. As always, if in doubt, we’d recommend businesses call on an expert IT consultancy, such as the team at Nebula, who would be able to provide an expert assessment and introduce key measures to ensure absolute a best class policy.”
To help retailers optimise their cyber security, Nebula offers the following best practice guidelines:
- Invest in employee training. Take a proactive, ongoing approach to educating your entire workforce about cyber security threats and countermeasures. This should include regular cybersecurity training sessions and specific rules for email, internet browsing, social networks and mobile devices based on a shared understanding of the underlying risk.
- Follow all the usual cybersecurity best practices. That means applying network perimeter defences to block out any insecure or unnecessary websites and services, along with malware protection to block malicious emails and prevent malware being downloaded from websites – and not forgetting a strong password policy.
- Ensure breaches can be managed effectively. With the foundations in place, it’s vital to apply patches and fixes to operating systems, applications and drivers to prevent attacks which exploit software bugs. This should also entail introducing additional malware protection on the internal network at key points of vulnerability.
- Monitor and analyse anomalies and attack patterns. Log everything – every transaction, every privileged login, every failed password attempt. In most cases, this can be critical to not just detecting and addressing a breach before it escalates into something bigger, but pre-empting similar points of entry or system constraints.
- Do not get complacent. If these measures are consistently in place, the good news is that the majority of standard cyber attacks are likely to be unsuccessful. However, that is not to say there is room for complacency – should your adversary have bespoke capabilities then they still may be able to find a way into your systems. With that said keep it’s important to keep a finger on the pulse and be ready to act should your ‘normal’ look even slightly different.
For further information please visit https://nebulait.co.uk