“The speed at which (retail) is going digital just opens up a huge amount of complexity around how to really make sure you have (security) covered.” —retail consultant David Ian Gray
Article content
As London Drugs’ 79 stores remained closed Tuesday dealing with the fallout from an as-yet-undisclosed cyberattack, retail experts are preparing for the next likely case in an increasingly connected world.
“This is something that is an ever-present threat,” said retail consultant David Ian Gray of Dig360 Consulting.
Article content
The news that the retail giant, with estimated sales of $3 billion in 2022, according to a 2023 ranking by BC Business magazine, had been the victim of an attack was just the latest high-profile incident in a list which included the Indigo bookstore.
Advertisement 2
Article content
Indigo, in early 2023, suffered a ransomware attack – the most common attack businesses face, according to research by law firm Blakes – and saw its online operations shut down for a month.
Cybersecurity company Fortinet reported a 35 percent increase in cyberattack alerts in 2023, compared to 2022, “highlighting an increase in cyber threats across multiple sectors,” according to the company’s global security strategist, Derek Manky.
“(Ransomware) and other attacks are becoming increasingly specific and targeted, thanks to the increasing sophistication of attackers’ tactics, techniques and procedures,” Manky said in a statement.
Gray said the degree to which retail has been digitized, giving customers real-time access to store inventories, down to individual items in particular stores, is what is holding up operations.
“The speed at which (retail) is going digital just opens up a huge amount of complexity around how to really make sure you have (security) covered,” Gray said.
He estimated that London Drugs will remain closed and is unlikely to say much about the incident until the chain is “100 percent sure” it has secured its operations.
West Coast Houses
Article content
Advertisement 3
Article content
London Drugs, in a statement Tuesday, said it is working with a “third-party cybersecurity expert leader” to determine whether anyone’s personal information was compromised and “securely bring our operations back online.”
“Recognizing the impact these closures have had on our customers and employees across Western Canada, our priority remains to continue working around the clock to keep all stores fully operational,” said the company’s chief operating officer. chain, Clint Mahlman, in a statement.
London Drugs’ statement said phone lines have been temporarily cut “as a necessary part of (the) internal investigation” but will be restored as soon as possible. He said there will be pharmacy staff in all stores to help with “urgent pharmaceutical needs.”
The retailer recommends pharmacy customers visit stores in person, during business hours, “for immediate assistance.”
Coincidentally, Gray said he was involved in organizing an event in Toronto to speak to retail executives about the strategic implications of cybercrime, as well as the risks of loss from shoplifting and cargo theft that were already there.
Advertisement 4
Article content
“And it’s not about whether London Drugs did anything wrong or whether they were ill-prepared,” Gray said. “For every retailer, it’s a question of when they’re going to have to deal with something.”
Blakes, in its 2023 study of Canadian cybersecurity trends, found that “every industry remains susceptible to a cybersecurity incident,” and attackers are increasingly aware of how valuable data is to the organizations they target. that they point.
According to the Blakes’ study, attackers are also aware of the legal obligations that may arise when an organization’s data is accessed or downloaded.
Last October, British Columbia-based laboratory services company LifeLabs reached a $9.8 million settlement in connection with a 2019 ransomware cyberattack that saw the information of up to 15 million customers compromised. The deal affected up to 8.9 million of them.
Blakes, in its 2023 study, said about 70 per cent of the incidents it reviewed included its own clients, third parties and the 860 Canadian public companies that made cybersecurity-related disclosures. The study found that attackers accessed companies’ data in 77 percent of cases and two-thirds of victim companies paid a ransom in the attacks.
Advertisement 5
Article content
Fortinet, in its 2023 findings, said that 50 percent of its malware detections occurred through the distribution of Microsoft Office files such as Excel, Word, and PowerPoint.
Indigo, in 2023, did not pay a ransom and did not publish an accounting of all the costs of the incident, but it occurred in a quarter when retail operations lost $50 million, according to the filings. The company reported that it spent $5.2 million in response to the ransomware attack alone.
Recommended by Editorial
-
Update: London Drugs closed and phones down after cybersecurity incident
-
Trendspotting: Vancouver restaurants adapt to changing landscape
Bookmark our website and support our journalism: Don’t miss the news you need to know – add VancouverSun.com and LaProvincia.com to your favorites and subscribe to our newsletters here.
You can also support our journalism by becoming a digital subscriber: for just $14 a month, you can get unlimited access to The Vancouver Sun, The Province, National Post and 13 other Canadian news sites. Support us by subscribing today: The Vancouver Sun | The province.
Article content