Between October 22nd-23rd 2021, Tesco shoppers were unable to make their regular online shopping orders via the retailer’s app and website, as both experienced periods of downtime. While it was initially described by Tesco as just an “issue”, a later update detailed that the outage was a result of deliberate attempts to disrupt Tesco services by cyber criminals.  

At the time of writing, the app and website are back online and working, but there has been no information about whether the information of Tesco customers has been compromised. However, many unhappy customers were unable to collect their orders from stores or received incorrect deliveries over the weekend. 

The incident will have lost Tesco revenue, as well as the disappointment customers will have experienced at being denied their goods. But, as has been seen with previous outages, what are the longer-term effects of supposed hacks such as these? 

Our Chief Technology Officer, Toby Stephenson, sees these periods of downtime as becoming endemic of the society we live in, as more and more industries invest in technology.  

“Retailers, such as Tesco, have invested heavily in their website and app technologies for a number of years, but the COVID-19 pandemic really accelerated the usage of these among consumers. 

“Shoppers are now used to the safer, pandemic-friendly option of click and collect etc. So, when incidents such as this downtime with Tesco occur, there is an element of inconvenience for them. It might force them into shopping with a rival retailer and changing their shopping habits – leading to long-term ramifications. 

“As a result, cyber criminals will be seeking to cause disruption, by exploring which companies have weaker cyber security that they will be able to breach.” 

As the world, as a society, become more technology-focused it is critical that businesses, of all sizes and across all industries, continue to value their cyber security defences and policies. These periods of outages and downtime are devastating and can lead to reputational damage, not only among customers but with your suppliers, too. 

Tesco issued an update, which said, “There is no reason to believe that this issue impacts customer data.” But there is the fear that hacks such as these could lead to compromised data, such as email and delivery addresses, passwords and financial details being swiped by cyber criminals. 

As Toby says, businesses need to ensure their cyber security is up to scratch to avoid downtime:

“Downtime is one of the worst things that can happen to a business. If you cannot reliably stay operational than you will struggle to continue to attract business, existing customers could become frustrated at the intermittent service they are receiving and go elsewhere. 

“As we have mentioned, more of the general public are shifting their habits to ordering and shopping online. This makes it even more critical that companies are cyber safe and secure, to avoid any issues that involve the loss of company or customer data – which could lead to data privacy laws being broken if the correct procedures are not in place. 

“Work must be done to ensure that businesses have Business Continuity & Disaster Recovery plans in place to protect them from any larger periods of downtime. These plans use data backup and recovery products to rebuild your IT systems in the event of failure. Through carefully restored backups, businesses can be up and running again much more quickly.” 

BCDR plans are not the only way in which businesses can improve their cyber security defences. What other measures does Toby recommend businesses take, in order to stay cyber safe? 

“We recommend that all businesses employ the use of multi-factor authentication (MFA). This ensures that those trying to access your corporate network are actual members of staff, as opposed to a sneaky cyber criminal who has gained account information through a successful phishing attack. 

“Phishing Awareness Training is a further recommendation. Training your staff should be high on the priority list, as, more often than not, they are the gatekeepers to your business. If they do not know how to identify a potential phishing email – poor grammar, an urgent action is asked of you, for example – then your business is not going to remain secure for very long. 

“It is also worth reviewing your current cyber security policies. If you’ve experienced change as a business over the last 18 months, as many have, then it might be that your existing cyber security procedures aren’t as effective as they once were.”