The London Drugs cyber attack has been making headlines throughout the country. What makes this breach unique, is the impact it has had on operations and customer access. Following the attack, all 79 London Drug stores shut down for over a week. Leaving their customers with difficulty accessing prescriptions and other medical needs.
Like all breach stories, this headliner can be used to the advantage of security managers. Use this story as a case study to teach your executives, team members, and yourself lessons on the current state of cyber security. In today’s blog, we will review the story of the London Drugs cyber attack and what businesses can learn from it.
On April 28th, Canadian-owned pharmacy, London Drugs, shut down all 79 of their stores following a cyber attack. The cause of the attack is still unknown, as the company refuses to release information as it could “put them at further risk”. However, company leaders have mentioned social media, international threat actors, and customer logins during their speeches to the press. London Drugs says that they do not believe any customer data was stolen, but can never be 100% sure.
The biggest impacts of the breach were felt afterwards, as the stores remained closed for over a week. This left many Canadians nervous about medicine and prescription access. London Drugs created a solution by having pharmacists available to take calls at all locations for emergency prescription fills.
To secure and restart their systems, London Drugs hired a third-party security company, which they relay as the reason for the long shutdown. The company is still working on putting all systems back online and finding the source of the breach.
There are many lessons to be learned from this breach story. Whether you are a security awareness manager or an employee in another department, here’s what you can take away:
It is imminent that all businesses have a security breach response plan. More importantly, employees need to know what to do when they see unusual activity and when they are alerted to a cyber attack.
Security teams should create a comprehensive breach plan that includes:
On top of your breach plan, your operations team should have a plan for if your system ever goes offline. Their plan should take into consideration:
This is another crucial step to surviving a breach. London Drugs is likely losing large amounts of revenue due to this week-long closure and could lose even more customers due to a damaged reputation. Taking time to plan out your offline service plan can save your business money and loyal customers.
The reason many of these breaches are so alarming to customers is that they didn’t realize the data the business stored. As a pharmacy, London Drugs has access to medical records and personal data. Cyber criminals know this and probably targeted London Drugs due to this data.
Businesses need to reflect on the data they collect and store. Is it truly necessary for your business? If it is, how do you store and protect it? Do you clearly communicate to your customers the data you are storing?
Answer these questions and reduce your data storage to only include customer data which is fundamental to running your business. Anything else is just an additional liability you don’t need to be responsible for.
This story also serves as a huge reminder to businesses to educate their employees on spotting threats. We don’t know the official reason for this breach, but judging by the company’s mentions of social media and logins, we can assume there were human components.
The more you educate your employees on security awareness, the stronger your first line of defence is to protect your business. Use this story as a case study to prove to your executives that security training should be a priority and deserves more resources and budget. Then, implement engaging interactive training on topics that are relevant to your business like social engineering, passwords, and phishing.
If anything, let this story be the sign that your business needs to start taking cyber security seriously. Because of one attack, London Drugs was out of business for over a week and still isn’t working at full capacity. Don’t let this happen to your business. Stay safe by planning ahead, using proper data storage techniques, and educating your employees.
The post London Drugs cyber attack: What businesses can learn from its week-long shutdown appeared first on Click Armor.
*** This is a Security Bloggers Network syndicated blog from Click Armor authored by James Tobias. Read the original post at: https://clickarmor.ca/2024/05/london-drugs-cyber-attack-what-businesses-can-learn-from-its-week-long-shutdown/