The wave of cyberattacks which targeted some of the UK’s most prominent luxury and high-street retailers has served as a stark reminder of the persistent and evolving threat landscape.
As these organizations grapple with the operational, financial, and reputational fallout, the broader business community in the UK and Ireland is asking a critical question: how did this happen, and how can we prevent it from happening to us?
Chief Information Security Officer at Arctic Wolf.
While it’s easy to point fingers at sophisticated malware or shadowy nation-state actors, the uncomfortable truth is that the initial point of failure is often much closer to home. The human element remains the most unpredictable and, therefore, the most exploited variable in the cybersecurity equation.
Arctic Wolf’s recent report found that a staggering 80% of successful breaches involve a human factor. Attackers aren’t just breaking down digital walls; they’re often being handed the keys to the kingdom.
They understand that it is far easier to trick a person than to defeat a complex security system. In the fast-paced retail environment, where staff are focused on customer service, logistics, and sales, the pressure to be efficient can inadvertently open the door to security lapses.
A rushed click on a malicious link in a fake shipping notification, or using the same simple password for multiple systems, is all it takes for an adversary to gain a foothold.
Culture of blame
Cybercriminals are skilled at leveraging human psychology. They exploit our curiosity with convincing phishing emails, our trust with impersonation tactics, and our tendency to take shortcuts with password hygiene.
Employees are also three times more likely to click on a phishing link than to report it to their IT or security department. This is not because they are malicious, but because they are often unaware, untrained, or simply too busy to stop and scrutinize every email.
Furthermore, the pervasive issue of credential compromise continues to plague organizations. Over 60% of compromised credentials discovered on the dark web stem from the use of weak or reused passwords.
For a retail sector that relies on a complex web of suppliers, partners, and third-party vendors, a single stolen password can trigger a devastating supply chain attack, impacting countless other businesses.
For too long, the industry has fostered a culture of blame, where employees are seen as the weakest link. This is a fundamentally flawed and counterproductive approach.
When employees fear punishment for reporting a mistake, they stay silent. A minor incident, like a clicked link or a suspicious login, can quickly escalate into a catastrophic breach if it goes unreported.
Building resilience
To truly build resilience, leaders across the UK and Ireland must shift their perspective. Instead of blaming people, we must empower them.
This begins with fostering a robust security culture built on shared ownership. It requires moving beyond the annual tick-box training exercise and investing in continuous, engaging security awareness programs that are relevant to the specific threats employees face daily.
However, we must also operate with the assumption that, despite our best efforts, mistakes will happen. That is where technology must provide a crucial and non-negotiable safety net. A 24x7 Managed Detection and Response (MDR) strategy is essential.
It acts as a constant guardian, monitoring the entire IT environment for signs of compromise that may bypass preventative tools. Whether a threat originates from a malicious insider or an accidental click, MDR allows security teams to detect, respond, and neutralize it in minutes, before it can escalate into a headline-grabbing breach.
The security of our most beloved brands and bustling businesses doesn’t just rest on the shoulders of the IT department. It is a collective responsibility.
By shifting from a mindset of blame to one of empowerment, and by combining a positive security culture with a relentless technological safety net, UK and Irish businesses can turn a serious risk, their people, into their strongest line of defense.
We've featured the best encryption software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.