By Rick Jones, CEO, DigitalXRAID

In December 2021, over 300 James Hall-supplied Spar stores fell victim to a cyberattack so debilitating they were forced to temporarily close a number of their stores. Store closures were a result of an IT system failure, where stores were unable to process card payments, meaning those that remained open could only accept cash. In addition to this, the attack also had huge implications for the wholesale ordering functions and its manufacturing operations at the James Hall depots.

Although this attack targeted the retail industry, the learnings can be applied across many other verticals – including financial services. These industries are responsible for the management of huge sums of money, and both possess large databases containing customer data. Drawing on the lessons from the SPAR attack, this article seeks to explore how the financial services industry can best protect both their supply chain and their customers.

Prioritising supply-chain security

Most large financial services organisations now understand the importance of a strong security strategy. However, as this network protection becomes more sophisticated, so will hackers. They will begin looking for new ways to infiltrate. We’re already seeing evidence that they are leveraging a back-door entrance through partner companies (possibly with less resource to secure their networks), with SPAR in December and the data breach of Red Cross more recently.

To overcome these threats, it is essential organisations understand, evaluate and quantify the risk of working with third parties, and ensure that well-defined security policies and frameworks such as ISO 27001 are put in place. Liability around breaches must be contractually agreed, and businesses should look to implement regular penetration testing to protect their networks as well as demonstrate their due diligence. Furthermore, adopting a Zero Trust architecture can also help in significantly reducing risk. Ensuring a certain level of trust is essential for financial services and their suppliers and service providers. However, much stricter measures must be implemented, to help in preventing the devastation caused by attacks today.

Cybercrime is evolving

Like much of the cybercrime we have seen over the last 12 months, the attack on SPAR was confirmed as ransomware. It is no accident that the shared services targeted by the SPAR hackers were payment processes. Cybercriminals will want to cause as much pain as quickly as possible to ensure they get the financial reward, and financial services can often be the perfect target. Research found that the first half of 2020 saw a 238% increase in cyberattacks targeting financial institutions. These organisations are an attractive target to adversaries looking for deploy ransomware due to the valuable customer data they possess. And ransomware itself is becoming increasingly concerning for businesses across all industries. In fact, one VPN service provider observed a 151% increase in ransomware attacks in the first half of 2021 compared to the same period in 2020.

But what does this mean for the future of financial services? The finance industry is at the heart of all global economies, and its disruption can affect millions of lives. At risk are not just banks, but the wider financial services industry, as well as supply chains to these institutions. Robust cybersecurity measures are crucial to protect these organisations from both reputational damage and financial loss.

Implementing an ‘always on’ Security Operations Centre

Following the attack, James Hall and SPAR had to reflect on and review their current recovery techniques and backups strategies. Although these back-ups will be beneficial, in reality, organisations need to implement a Security Operations Centre (SOC), that can track potential threats and help to mitigate the severity of a breach. The biggest lesson financial services and other industries can take from this attack, is that it’s not the case of ‘if’ a business will be attacked, but ‘when’. With a SOC in place, SecOps teams can spot the attack before it becomes critical, which for financial services, can prevent significant disruption and the loss of huge amounts of personal data.

While it may be impossible to completely eradicate the possibility of a breach occurring, organisations can take proactive steps in ensuring that they are better prepared to mitigate an attack and manage its impact. By building a strong cybersecurity foundation from the top down, implementing strict supply-chain protocols and implementing a SOC, businesses can protect themselves from the inevitability of cyberattacks.