UK Retail Cyber Attacks Now Target US - Former CEO Reveals Shocking Security Gaps

Google data suggests that the cyber crime spree that has hobbled British retailers is now aimed at the U.S.

according to NBC News, this time, hackers behind a series of destructive, financially motivated cyber attacks against some of the UK's largest retailers are now going after big American brands.

Google said last Wednesday, quote, major American retailers have already been targeted.

John Holtquist, the chief analyst for Google's Threat Intelligence Group, told NBC News at least three top British retailers have experienced cyber attacks in recent weeks.

Marks and Spencers was forced to pause online orders for weeks.

Hackers who contacted the BBC provided evidence of, quote, huge amounts of customer and employee data.

Also stolen from the Co Op Group.

And Third Harrods restricted some Internet access at store locations, though a spokesperson told NBC News that it has not seen evidence that customer data was stolen.

Michael, I'm curious, how aware, especially given your recent stint as the interim CEO at joann Fabrics, how aware are US retailers of the cyber attacks going on overseas and are they prepared or are they too distracted by everything else going on right now to make them a priority?

Aware, not prepared enough and too distracted on the difficulties in the market.

And I'm speaking from experience at Joanne as the interim CEO, one of the first questions I asked was how prepared are we for cybersecurity?

And the answer was lackluster.

Within 60 days we were set up like a Brinks truck picking up a cash delivery.

So we quickly reacted and really protected, protected ourselves, but it is not.

If you polled CEOs, they would say, of course it's a high priority.

If you poll CIOs in the US, it'd be very interesting to see what percentage would say we feel that we are fully prepared and fully protected.

I would only probably gauge it at a 20% mark.

That's fully anecdotal.

I don't have any data to back that up, but I think it is a major concern.

It is also a major risk.

I just don't think retailers are as prepared as they need to be and protected as they need to be in a global US format.

There are retailers out there that are spectacular at this, but there are also retailers that are the opposite end of spectacular.

And in today's environment, being anything headed towards the opposite end of spectacular is a very scary and risky proposition.

I will say once it is a priority, it is generally there's a low barrier of success to getting yourself protected from a cybersecurity standpoint.

Now, depending on your technology stack and what protections you have in place, it may be more expensive than what you would Expect it to be, but it's definitely money well spent.

And I think every single major retailer and every single major hybrid wholesale retail omnichannel, provider of product people that we used to refer to as vertical entities, they all need to have this as a top, top operational priority, not just a top strategic priority that someone reports in the board meetings and says, it's a priority for us.

Here's the five things we've done.

And I also think it comes down to the boards and ownership of companies to be hyper villagent and provide due diligence to it, because it is a very scary thing when you really get under the covers of it.

And there have been some highly publicized challenges in the US over the past few years.

I think it's the tip of the iceberg, and I think everybody needs to be very aware and vigilant in protecting themselves.

Yeah.

Wow, that's really interesting and really harrowing in a lot of ways.

And it actually jives very nicely with what we heard at WRC in London.

And I mean, like, yeah, you know, for the.

For the most part, you know, the crazy thing was, like, people could not get groceries from these stores.

You know, if this was their local grocery store, they couldn't get groceries.

And what I was hearing from sources that I was talking to about this is they told me that this hit the retailers that were huge.

Not all of them, but some of them were very hubristic about the quality of their tech stack and their cybersecurity.

So if you're in that position.

Yeah, I would take what Michael has to say here very seriously.

Chris, are you seeing this in your Com?

Like, do your conversations in the boardrooms hit this at all?

Like, when you're talking to retailers, what.

What.

What is your take?

I think, you know, when I think about CyberSecurity, I think two things are kind of at play.

Right.

It's like, one is, what is the potential interruption to your business?

And that's always top of mind.

And number two is what is the relationship with your customer?

Right.

Because if we go back and think about, you know, the security breach for in with Target in 2013 or DoorDash in 2019, or even the Vegas casinos, if you recall, a couple years back, you know, some of the Vegas casinos had to close down because of the security reach, that does have an impact on your relationship with your customer, and they go elsewhere.

So I think.

I think some of the macro themes, from what I'm hearing, are always top of mind.

Yeah.

And anything to add here?

I think my My only point is just kind of reiterating what Chris just said.

Like, I think that's the biggest challenge that we're seeing or we heard from the retailers in the UK who were impacted last week is, you know, when you are walking stores and the inventory is gone, they're going to start going somewhere else.

And now when you look at how highly competitive that market is, especially in the grocery space, like they may never come back.

And I think that's what the real concern is from the retailers that we talked to who were hit by this is like, you know, they're, they've already joined another loyalty program at this point in there there's shoppers that you're a competitor now and there's really not a way to.

Like Michael said, it's a, it's an investment that you should make.

That's a great investment because it protects you against things like that that really could damage your business long term.

I think you're both making a really good point about the customer.

At joann, we had an immaterial service provider.

To us it was a very small service they provided us.

They were hacked and originally they thought it would be days.

It was multiple weeks that they were completely dark, completely dark.

So if you go days, the demands of a customer today, it's going to shake your confidence as a customer in that company.

If you go weeks, you're definitely going to lose that customer for the most part and you're going to have to bring them back.

Maybe they'll come back, maybe she won't come back.

But I think that's the other scary thing in today's cyber attacks.

It's sort of not your parents cyber attack anymore.

When you go down, you're going down and it is long term and it's 3, 4, 5x as expensive just to get back to baseline.

And even getting to baseline is very, very challenging and comple So I think this is definitely one where you've got to be protected ahead of time.