2023 has not been off to a great start in the world of cyber security in the UK. We’ve already seen some huge brands fall victim to targeted cyber-attacks and lose profits, sensitive data and suffer a sincere damage to reputation.
Cybercrime rates continue to rise and threaten businesses, and whilst it’s usually the big brands that hit the headlines, it’s also small and medium sized businesses who are also at risk, as cybercriminals expand their operations.
From British Airways to Kingfisher, 2022 was the worst year on record for cyber-attacks on UK businesses. So, what does this mean for your company in the year ahead and are you prepared?
According to a report from business internet service provider Beaming, UK companies experienced an average of 687,489 attempts to breach their systems last year.
That means one attempted cyber-attack every 46 seconds in 2022!
The same report identified almost 1.2 million IP addresses being used to launch cyber-attacks and was able to trace around a fifth of them (268,484) to China alone. These staggering numbers make 2022 the worst year for cyber-attacks on record, pushing malicious cyber activity beyond the previous record established in 2020. In fact, during the final few months of 2022, UK businesses saw the biggest surge in attacks when compared to the rest of the year.
It is therefore no surprise that cyber security measures need at the forefront of minds in 2023 – especially for anyone now operating or working within a hybrid or remote-based business.
The sad truth is that, although cyber security reports and simple measures can help find a company’s vulnerable spots, most businesses avoid implementing or updating security measures until a breach occurs – and the impact can be devastating.
Five cyber-attacks on big brands which hit the headlines in 2022
In 2022, cyber-attacks on established brands continued to make headlines around the world, causing widespread disruption and unthinkable financial losses.
1. Amazon data breach
As a business of such magnitude, it’s not surprising that Amazon has been on the firing line of numerous cyber-attacks. In May 2022, Amazon suffered a huge data breach that exposed the personal information of millions of customers.
The hackers were able to gain access to Amazon’s systems through a vulnerability in one of the company’s third-party vendors. As a result of the data breach, customers’ names, email addresses, phone numbers, and home addresses were compromised, putting them at risk of identity theft and other forms of fraud.
Amazon took immediate action to mitigate the damage, including informing affected customers of the breach and offering credit monitoring and identity theft protection services.
This incident highlights the importance of implementing robust cybersecurity measures to protect sensitive data. In the aftermath of the breach, Amazon reassessed its security protocols and implemented new measures to prevent similar incidents in the future. Further reviewing its relationships with third-party vendors to ensure that they adhere to the company’s stringent security standards. The incident serves as a cautionary tale for businesses of all sizes to be vigilant in protecting their customers’ data and to regularly review and update their security protocols.
2. Marriott International
In August 2022, Marriott International, one of the largest hotel chains in the world, suffered its second significant data breach in as many years. The breach resulted in the exposure of sensitive personal information belonging to millions of its guests and the attackers were able to exploit a vulnerability in Marriott’s systems to gain access to guest data, including names, addresses, and payment card details.
The data breach was a major blow to Marriott, which had already experienced a similar incident in 2018 that affected approximately 500 million guests. Following the previous breach, Marriott implemented a range of security measures to prevent a recurrence, including upgrading its security systems and conducting regular vulnerability scans. Despite these efforts, the company was still vulnerable to attack, highlighting the ever-evolving threat landscape and the need for constant vigilance.
3. British Airways
In November 2022, British Airways, one of the world’s largest airlines, announced that it had suffered a severe data breach. The breach was the result of a cyber-attack on the airline’s website, which allowed unauthorised individuals to gain access to sensitive customer data. Such as the personal and financial information of more than 380,000 British Airways customers. This information included the customers’ names, addresses, email addresses, phone numbers and credit card details (even the three-digit security code on the back of the card).
The Information Commissioner’s Office (ICO) and various other authorities in the UK were involved to ensure the remediation of the breach was effective, however, the issue already had a severe blow to British Airways’ reputation, as it highlighted the airline’s vulnerability to cyber-attacks and the potential risks to its customers.
British businesses are on high alert in the lead-up to Christmas
The last three months of 2022 were a hotbed for cyber-attacks, with a multitude of companies reporting personal and public data being stolen, backend data being hacked and ransom money being demanded. Though there would have been hundreds to choose from in those months, two British brands particularly stood out in terms of magnitude and ripple effect, both of which happened in October…
4. Kingfisher – the UK’s first insurance company to be hacked
Insurance provider Kingfisher is one of the UK’s leading providers of specialist insurance services, and in October of 2022, they confirmed that they had been the victims of a cyber-attack. Malicious actors claimed that they had stolen up to 1.4TB of company data, including the personal details of employees and customers. Though Kingfisher claims that there is ‘no ongoing impact on its business operations’, the impact this attack had on customer trust, the lost time while servers were offline, and the costs involved in containing the incident cannot be underestimated.
5. Pendragon Car Dealer held to ransom for £54m
In the same month, the dealer group Pendragon (which owns 160 showrooms across the UK) were the victim of a major ransomware cyber-attack to the value of nearly $60 million. Details of the assets held have not yet been made public, but the hacker coalition ‘Lockbit 3.0’ claimed responsibility (LockBit has gone on to claim it compromised 40 organisations around the world in December 2022 alone). Pendragon is still saying, at this time, that they won’t pay the ransom, but the continuing cost of this attack will be great.
What does this all mean for UK businesses?
If cyber-attacks in the UK continue with this kind of frequency and businesses fail to put effective protection in place, there will be countless negative impacts for businesses. Faced with digital breaches or the loss of sensitive data, many businesses would likely see a decrease in consumer trust and confidence, costly interruptions to day-to-day activity, a loss of investment, a decrease in their reputation nationally (or internationally), and the obvious loss of assets as a result of the crime.
On top of all that, if you are not properly protecting your company from cyber-attacks, it can be seen as negligent by the British authorities, resulting in an expensive fine. This is especially true if your company works with a large amount of sensitive data from the public, which, if breached, could ruin people’s lives.
So, what can businesses do to protect themselves?
There are a number of steps that businesses can take to prevent cyber-attacks. From the regular backup of data and keeping all software updated to implementing robust security software.
Talk to our team today and get your free cyber health check to find out how vulnerable your business is to cyber-attacks, and how to get the right protection for you.
Security awareness training and testing
Employees are the biggest cyber security risk to UK businesses. Let us help you to deploy bespoke and fully managed security awareness training and phishing testing that is proven to reduce cyber risk.
Cyber security awareness training >
24/7 managed security operations centre
Protect your critical business assets with our affordable 24/7 managed security operations centre. Threat detection and response across your endpoints, network and cloud applications supported by a team of cyber security experts, always on hand to respond to security threats.
Monthly vulnerability scanning
Gain visibility on a monthly basis of where your network weak points are and receive remediation advice from our experts with V-Scan monthly vulnerability scanning. Let us help you maintain a strong cyber security posture and stay on top of your vulnerabilities.
Vscan vulnerability scanning >
2022 Was the Worst Year Ever For Cyberattacks On UK Businesses – Business Mondays
42% of the UK industry suffered cyber-attacks in the past year – Drives and Controls Magazine (drivesncontrols.com)
Nearly half of the British manufacturers hit by cyber-attack in the last year | E&T Magazine (theiet.org)
‘Biggest cyber risk is complacency, not hackers’ – UK Information Commissioner issues warning as construction company fined £4.4 million | ICO
Cyber Security Breaches Survey 2022 – GOV.UK (www.gov.uk)
2022 Cyber Threat Report – Beaming
What is a cyberattack? | IBM
What Is the Internet of Things (IoT)? (oracle.com)
The Consequences of a Cyber Security Breach (sungardas.com)
Pendragon being held to $60m ransom by dark web hackers – Car Dealer Magazine
Kingfisher confirms its IT systems were breached | Cybernews
8 Most Common Causes of Data Breach – Sutcliffe Insurance