Of all the UK highstreet brands for hackers to target, the home appliance and cutlery retailer Lakeland was probably not seen by many as an obvious target.
Yet this week the firm admitted it was hit by a 'sophisticated cyber attack’ on two databases. This was done via a Java flaw and as a precautionary measure the firm reset all customer passwords, in a move praised by security professionals.
The Lakeland hack – carried out with "concerted effort and considerable skill" – on a relatively small and unglamorous (sorry guys) company proves that businesses of all shapes, sizes and sectors face serious cyber threats.
As news of this attack spread across the media there must have been some civil servants rubbing their hands with glee; not because they had anything to do with the hack, of course, but because the timing of a letter they were preparing to send out about cyber security would look highly prescient.
The letter, which was sent on Thursday to the UK’s biggest FTSE 350 firms, was offering the chance for free cyber security audits to be carried out by six consultancy firms: PWC, KPMG, Ernst & Young, Deloitte, Grant Thorton and BDO International.
The audit will take place after the firms fill out questionnaires on their cyber security practices before the information is sent back, anonymously, for assessment. With the Lakeland hack in the headlines, the message from the government should carry some real weight.
Furthermore, the fact the letter offering the free audits has been signed off by the chiefs of the UK’s top spy agencies of GCHQ and MI5 only underlines how serious the issue is, and the government really wants to drum this home.
Deloitte's European head of security and privacy services, Mike Maddison, agrees with this, arguing it was vital for all firms to assess their cyber security procedures, and the approach by the government was a vital step in this direction.
“With cyber threats acknowledged as one of the four major risks to national security, Deloitte supports the UK Government’s Cyber Governance Health Check to help understand, at board level, how prepared UK plc actually is,” says Maddison.
“Just trying to prevent an attack is no longer a realistic strategy. Today it is about being aware, preparing and being able to respond effectively if a breach does occur.”
However, so far, many firms have failed to show any interest. BT, TalkTalk, Vodafone, Sage, Barclays and M&S had all failed to reply to a request for their thoughts on their initiative when contacted by V3, or said it was not something they would be talking about.
Perhaps this is not surprising as many firms are unwilling to talk about anything to do with cyber security practices, given the risk that the information could, potentially, be used by hackers or influence rivals.
However, perhaps the open attitude taken by Lakeland marks a change in the stance firms will take on cyber issues, and perhaps encourage others to be more open with attacks they suffer in the future for the benefit of the whole of the UK.
Are you paying attention?
Private equity firm Permira only acquired Magento from eBay for $200m three years ago
Before robots can take over from humans, we need more humans
It's not easy not being evil