As we know, cyber-attacks are on the rise as cyber criminals are targeting every industry, including businesses in the hardware, lumber, and building materials segment. Most recently, there was a cyber-attack that impacted Ace Hardware. This attack disrupted Ace’s warehouse management, phone, IT systems, scheduled deliveries, and even its member rewards. Fortunately, its point-of-sale (POS) systems and credit card processing systems were not affected. The company urged retailers to stay open to compensate for its online ordering and shipping systems that were down.
In addition to the original attack, this event also exposed a trend on the rise. Hackers continuously review cyber news and take advantage of adverse situations by launching secondary phishing attacks and other cyber hacking tactics. This activity can be performed by the same or other criminals. In this case, cyber criminals knew the company and its business partners were vulnerable. They contacted Ace hardware retailers to redirect payments to malicious accounts, taking advantage of the chaos of the initial incident. Ace warned retailers about phishing emails and calls from scammers claiming to be from the company or its contractors. They urged retailers to be vigilant and to report any suspicious activity to the IT department as additional actors attempted to take advantage of the confusing situation for retailers. This flurry of secondary activity demonstrates the speed at which additional bad actors can take advantage of a leaked incident.
While details of the attack are under review, the incident, like many others, serves as a good reminder of the vulnerability of all types of businesses and the importance of following the basics of cyber security.
Some important tips:
- Use strong passwords and multi-factor authentication
- Keep software and operating systems up to date
- Train employees on cybersecurity best practices
- Remain flexible during an incident to respond to novel threats and tactics
Most importantly, remember, if your company does experience a security breach, it is important to have a plan in place for responding to it and a business continuity plan for running your operations. The security incident response plan should include steps for containing the breach, notifying and communicating with affected customers, and recovering from the incident. Your business continuity plan should provide instructions to help your staff keep your business operations with secondary or manual processes.
Together, we can help defend ourselves as an industry by sharing experiences and best practices.