Cyber attacks: Arrests made as industry fights back
Four people, including three teenagers, have been arrested in connection with cyber attacks on Marks & Spencer, Co-op and Harrods, in April this year.
The attacks, believed to have been carried out by notorious hacker group DragonForce, caused havoc for food and beverage retailers. Supply chain disruption led to empty shelves, online shopping was frozen, electronic payments were stopped, and customer data was stolen.
What we know so farThe UKâs National Crime Agency (NCA) confirmed that two 19-year-old men, a 17-year-old boy, and a 20-year-old woman have been arrested on suspicion of breaching the Computer Misuse Act, blackmail, money laundering, and joining the activities of organised crime.
The head of the NCAâs cybercrime unit, Paul Foster, made the following statement:
âSince these attacks took place, specialist NCA cybercrime investigators have been working at pace and the investigation remains one of the agencyâs highest priorities.
âTodayâs arrests are a significant step in that investigation but our work continues, alongside partners in the UK and overseas, to ensure those responsible are identified and brought to justice.â
The arrests come just days after Marks & Spencer chairman, Archie Norman, told Members of Parliament in the UK that two other large British companies had also been hit by cyber attacks in recent months, but they remained unreported.
And the threat continues to intensify.
Cyber threat getting worseâGlobally, cyber attacks are on the increase,â says Richard Werran, global director of Consumer, Retail and Food at BSI.
Whatâs more, the complexity of food and beverage supply chains, involving multiple stakeholders across the globe, means that an attack on one organisation can impact the entire food system.
Added to that, the food and beverage industry is becoming increasingly digitised, relying on technology for food production, processing and distribution.
âWhile this technology brings several benefits, including enhancing efficiency and productivity gains, it can also bring increased risk,â says Werran.
How can industry protect itself against cyber attacks?These, and other attacks, have led to a major shift in focus for stakeholders across food and beverage, with cyber security now topping the agenda for suppliers, manufacturers and retailers.
In fact, the cyber security industry has seen a 320% spike in interest since April.
âThe good news is weâre beginning to see organisations taking action to prevent cyber attacks, and de-risk their business, with larger organisations taking the lead,â says BSIâs Werran.
But itâs not just about company choice. The European Union (EU) is now regulating to ensure companies sufficiently protect themselves and their customers.
The EUâs NIS2 Directive, which came into force in October 2024, focuses on improving cybersecurity across national infrastructure, including food supply and production. This means that companies in the food production, processing, and distribution sectors, will be subject to the directiveâs requirements.
And companies are now starting to hold industry partners to account.
âFor the first time, we are seeing some major brands and retailers specifying in supply contracts that suppliers must demonstrate that they have the independently validated and certificated cyber systems and procedures in place as a pre-requisite,â says Werran.
This means that if businesses want to be considered, they must have the necessary safeguards in place to demonstrate digital trust and confidence.
What can industry do to protect itself?âTo help defend against cyberattacks, organisations should consider a multi-layered, proactive cybersecurity policy,â says BSIâs Werran.
Conduct a thorough risk assessment to understand the risks and exposureReview international best practice such as ISO/IEC 27001 (Information Security Management Systems), ISO 27701 (Privacy Information Management Systems) and ISO 22301 (Business Continuity Management Systems)Make the necessary changes to achieve best practiceâISO/IEC 27001 certification from an accredited body demonstrates and communicates that an organisation is taking the necessary steps to protect itself against cyber threats and ensure its information security is in line with global best practice,â says Werran. âIt can also be a key differentiator when negotiating contracts.â
Global Food Tech Awards 2025Are you a food and beverage innovator? Enter the Global Food Tech Awards to gain global recognition for you and your brand.
Free entry: Global Food Tech Awards 2025
