Protecting Financial Services from Cyberattacks: Lessons from SPAR Attack | GBAF

Protecting Financial Services from Cyberattacks: Lessons from SPAR Attack | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Technology > What can financial services learn from the SPAR cyberattack?

What can financial services learn from the SPAR cyberattack?

Published by Jessica Weisman-Pitts

Posted on February 16, 2022

4 min read

Last updated: January 20, 2026

Cybersecurity concept illustrating hacker with laptop threatening financial services - Global Banking & Finance Review — An image depicting a hacker with a laptop in an urban setting, symbolizing the cybersecurity threats faced by financial services. This relates to the article's discussion on how lessons from the SPAR cyberattack can enhance security in the finance sector.

By Rick Jones, CEO, DigitalXRAID

In December 2021, over 300 James Hall-supplied Spar stores fell victim to a cyberattack so debilitating they were forced to temporarily close a number of their stores. Store closures were a result of an IT system failure, where stores were unable to process card payments, meaning those that remained open could only accept cash. In addition to this, the attack also had huge implications for the wholesale ordering functions and its manufacturing operations at the James Hall depots.

Although this attack targeted the retail industry, the learnings can be applied across many other verticals – including financial services. These industries are responsible for the management of huge sums of money, and both possess large databases containing customer data. Drawing on the lessons from the SPAR attack, this article seeks to explore how the financial services industry can best protect both their supply chain and their customers.

Prioritising supply-chain security

Most large financial services organisations now understand the importance of a strong security strategy. However, as this network protection becomes more sophisticated, so will hackers. They will begin looking for new ways to infiltrate. We’re already seeing evidence that they are leveraging a back-door entrance through partner companies (possibly with less resource to secure their networks), with SPAR in December and the data breach of Red Cross more recently.

To overcome these threats, it is essential organisations understand, evaluate and quantify the risk of working with third parties, and ensure that well-defined security policies and frameworks such as ISO 27001 are put in place. Liability around breaches must be contractually agreed, and businesses should look to implement regular penetration testing to protect their networks as well as demonstrate their due diligence. Furthermore, adopting a Zero Trust architecture can also help in significantly reducing risk. Ensuring a certain level of trust is essential for financial services and their suppliers and service providers. However, much stricter measures must be implemented, to help in preventing the devastation caused by attacks today.

Cybercrime is evolving

Like much of the cybercrime we have seen over the last 12 months, the attack on SPAR was confirmed as ransomware. It is no accident that the shared services targeted by the SPAR hackers were payment processes. Cybercriminals will want to cause as much pain as quickly as possible to ensure they get the financial reward, and financial services can often be the perfect target. Research found that the first half of 2020 saw a 238% increase in cyberattacks targeting financial institutions. These organisations are an attractive target to adversaries looking for deploy ransomware due to the valuable customer data they possess. And ransomware itself is becoming increasingly concerning for businesses across all industries. In fact, one VPN service provider observed a 151% increase in ransomware attacks in the first half of 2021 compared to the same period in 2020.

But what does this mean for the future of financial services? The finance industry is at the heart of all global economies, and its disruption can affect millions of lives. At risk are not just banks, but the wider financial services industry, as well as supply chains to these institutions. Robust cybersecurity measures are crucial to protect these organisations from both reputational damage and financial loss.

Implementing an ‘always on’ Security Operations Centre

Following the attack, James Hall and SPAR had to reflect on and review their current recovery techniques and backups strategies. Although these back-ups will be beneficial, in reality, organisations need to implement a Security Operations Centre (SOC), that can track potential threats and help to mitigate the severity of a breach. The biggest lesson financial services and other industries can take from this attack, is that it’s not the case of ‘if’ a business will be attacked, but ‘when’. With a SOC in place, SecOps teams can spot the attack before it becomes critical, which for financial services, can prevent significant disruption and the loss of huge amounts of personal data.

While it may be impossible to completely eradicate the possibility of a breach occurring, organisations can take proactive steps in ensuring that they are better prepared to mitigate an attack and manage its impact. By building a strong cybersecurity foundation from the top down, implementing strict supply-chain protocols and implementing a SOC, businesses can protect themselves from the inevitability of cyberattacks.