Indigo cyberattack highlights mounting sophistication of hackers: Experts
TORONTO –
A cybersecurity incident stretching into its fifth day at Indigo Books & Music Inc. has illuminated the growing danger of cyberattacks on Canadian corporations and customers, specialists say.
The ongoing outage of the bookstore’s web site serves as a warning of the mounting risks dealing with organizations and people on-line, they are saying.
“These attacks are becoming more prevalent and more sophisticated,” mentioned Charles Finlay, govt director of Rogers Cybersecure Catalyst at Toronto Metropolitan University.
Last week, Indigo introduced it had skilled a “cybersecurity incident” impacting its web site and digital cost system. The firm mentioned it was working with third-party specialists to analyze and resolve the state of affairs.
Although the bookstore is as soon as once more capable of settle for debit, credit score and present playing cards in shops, Indigo’s web site remained off-line on Monday.
Finlay mentioned as hackers grow to be more and more savvy and extra of ours lives occur on-line, “every organization either already has been the victim of an attack, or will be the victim of an attack.”
“It’s not if but when these attacks will occur,” he mentioned.
On social media, Indigo instructed prospects it modified its in-store cost know-how as a part of its incident response.
The bookstore has mentioned prospects could expertise delays with half or all of on-line orders and returns, whereas its shops have been nonetheless unable to just accept returns in particular person.
Indigo spokeswoman Melissa Perri mentioned the corporate was persevering with to work with third-party specialists to analyze the state of affairs and perceive whether or not any buyer information has been accessed.
Canadian retailers have skilled a rising variety of cyberattacks.
Sobeys mum or dad firm Empire Co. Ltd. noticed a safety breach late final yr that shut down its pharmacy companies and different in-store features.
The incident in early November left prospects unable to fill prescriptions for 4 days, whereas different in-store features like self-checkout machines, present card use and the redemption of loyalty factors have been off-line for a few week.
Empire mentioned in December the assault was anticipated to value $25 million after insurance coverage recoveries.
While huge corporations with deep pockets often survive cyberattacks, smaller companies typically do not fare as properly, specialists say.
More than half of small companies shut inside six months of a cyberattack, mentioned Mandy D’Autremont, vice-president of selling partnerships on the Canadian Federation of Independent Business, which provides a coaching program for business house owners and their staff on methods to enhance cybersecurity.
“There is real risk for the survival of small businesses,” she mentioned. “Cyber criminals are always developing more advanced and sophisticated ways of trying to trick you and break through a businesses defences.”
The common value of a profitable cyberattack for a small business is $26,000, she mentioned.
“These attacks can be devastating for organizations,” Finlay mentioned. “A significant proportion of businesses that suffer serious cybersecurity attacks do not survive.”
Cyberattacks can stop organizations from finishing transactions in addition to tarnish an organization’s relationship with prospects and staff, he mentioned.
“They lose the value of the transactions that they can’t complete. There’s a significant cost to restoring systems. There’s disrupted relationships with consumers. There’s disrupted internal processes. There’s impact to employee morale. There’s regulatory scrutiny,” Finlay mentioned. “Cyberattacks are incredibly destructive.”
The Office of the Privacy Commissioner of Canada has mentioned it is conscious of the Indigo cybersecurity incident and is in communication with the group “in order to obtain more information, including a formal breach report, and to determine next steps.”
This report by The Canadian Press was first printed Feb. 13, 2023
