Last week, UK snack producer KP Snacks suffered a huge cyber attack. The incident led to the total shutdown of operations, with the company’s supply chain being affected. As it stands, customers have been warned that they may not be able to purchase their favourite snacks in the near future. But that will not be the end to this incident – cyber attacks and their aftermath can cause huge, lasting damage to an organisation.
Here are a few things to note from last week’s KP Snacks cyber attack, and how to avoid them affecting your own organisation…
Data breached in the KP Snacks cyber attack
Researchers have discovered that a data dump from the KP Snacks cyber attack has been found on hacker group Conti’s confidential ‘data leak page’. On this site, the cyber criminals allege that they have access to the following KP Snacks-related information: “credit card statements, birth certificates, spreadsheets with employee addresses and phone numbers, confidential agreements, and other sensitive documents”.
A data breach of this kind is detrimental to any organisation. Not only could it impact the company’s own staff, but relationships with suppliers and customers could also be hugely damaged. Outside of this are the wider data privacy implications of a data breach.
An example of this would be that of British Airways in October 2020. Following a breach in 2018, the airline was found to have failed data security policies they were expected to abide by. As a result, 400,000 customers had their credit card information swiped, and a £20 million fine compounded the airline’s problems.
The bottom line is that the effect of a data breach can be huge on any business. They can be avoided by abiding by data privacy laws. It is worth reviewing your own data policies to ensure that the way your business looks after its data is correct. Failure to comply could result in a fine which could financially ruin your organisation – highlighting the importance of getting your data governance right.
Wider impacts of downtime
As mentioned, KP Snacks have warned of the potential for low stock of some of their various products. This is due to complete shutdown of their internal IT systems, which halted production, stock control, order fulfilment and shipping. Aside from the obvious impact of not being able to work, with vast sums of revenue lost by businesses if any time is taken out of the normal working schedule, there are other, wider implications of this level of downtime.
The reason this downtime, in particular, has affected KP Snacks and the wider economy around it is because of the ripple effect of the cyber attack. Not only did the attack release confidential data about the business to the wider word, but this data will not be ‘unbreachable’. Once the information has been swiped by cyber criminals, it will be out there, in the public domain for all to see. This not only has impacted KP Snacks employees, with their personal information, but also the customers and suppliers of KP Snacks. Reputationally, this kind of damage can be huge.
Other critical IT incidents, with rivals Walkers in October 2021, resulted in gaps on supermarket shelves that lasted until the end of December. This took a lot of the key festive season trade away from Walkers, which will have been unexpected, and not accounted for. In December, a Spar wholesaler and store operator, James Hall, was also hit by a huge cyber attack. In this instance, the cyber attack saw over 600 independent and centrally owned Spar stores across the north of England were shut.
In the case of the Walkers incident, KP Snacks themselves upped their production capacity, in order to maximise the opportunity. Who’s to say the same won’t occur now with their rivals? Consumer habits can change if products are not on shelves, and something like a cyber attack can change the future of a business – even an organisation as successful as KP Snacks.
The very same impact could occur on your own business. If you work in the packaging industry, for example, and your operations are halted due to a crippling cyber attack, who is to say your customers won’t go to the next available company who can supply them with the goods they require. If you are an important part of a supply chain, you will need to have adequate cyber security and data backup policies in place, to avoid impacting upon the whole chain.
What have we learned from the UK Snacks cyber attack in particular?
So, how does KP Snacks and, indeed, the victim of any cyber attack, bounce back from such a critical incident? At Neuways, we encourage our customers to have comprehensive Business Continuity and Disaster Recovery (BCDR) plans in place. BCDR plans are there to help ease the pain of the recovery process. A plan which saves the data of an organisation in several different locations means that the ransom demands of a cyber crime gang do not need to be met, in order for the retrieval of business data.
In some instances, data can be reinstated within a matter of minutes, reducing the downtime experienced and allowing for normal business operations to be carried out. BCDR plans cover events such as cyber attacks, but also a natural event, like an office being flooded, criminal damage, such as theft or arson, as well as providing safe and secure access to saved, confidential information.
A detailed, comprehensive BCDR plan is as crucial to the safety of a business as cyber security measures themselves are. As cyber crime is continuing to break new ground each year, businesses should prepare themselves for the worst. Cyber security and resilience measures are about cyber attack prevention, but most will not cover eventualities such as the cyber criminals breaking through and breaching your organisation’s corporate network. How an organisation responds to a data breach it experiences is critical – it truly can make or break the future of the business.
While the future of KP Snacks is, at present, unknown, the hope is that they can recover from the incident with as little downtime experienced as possible. But for other businesses and organisations of all shapes and sizes, the cautionary tale is there. Cyber crime remains a very real threat for the global economy in 2022, and businesses should act sooner rather than later, to prevent themselves becoming the next headline.
Contact the business technology experts at Neuways today, and discover how technology can help your business avoid being harmed by cyber criminals. Call 01283 753 333 or email hello@neuways.com to find out more.
