WH Smith Branch
WH Smith PLC recently reported a cyber security incident WH Smith PLC

High-street retailer WH Smith was hit with their second cyber-attack in the space of a year last week, becoming the latest high-profile business to be hacked in recent months.

The leading retail company, which operates at over 1700 locations across the UK, confirmed in a statement that they had suffered an online data breach, exposing personal information to cybercriminals who gained access to their system.

"WH Smith PLC has been the target of a cyber security incident which has resulted in illegal access to some company data, including current and former employee data," reads the company's cybersecurity notice, filed with London's Stock Exchange.

The books and stationery chain employs over 12,500 people, reporting a revenue of $1.67 billion in 2022.

However, WH Smith claimed that customer data was not affected because the information was stored on separate systems that remained protected from unauthorised access.

"The breach will not impact trading business or customers," noted WH Smith.

The latest incident serves as a reminder that no business is safe, according to John Davis, Director of the SANS Institute for Cyber-Security.

He said, "As another well-known name falls victim to a cyberattack, both new and established businesses must act now to protect their systems - everyone has a role to play in digital fortification."

Last April, WH Smith's online greeting card brand Funky Pigeon was also the victim of a cyber-attack, which forced them to suspend all customer orders.

In January alone, retailer JD Sports said that around 10 million people may have had their addresses, phone numbers and email addresses stolen in a hack, while Paypal announced that 35,000 client accounts were compromised in a credential-stuffing attack.

Experts are warning that the increase in high-profile breaches means companies must step up their security solutions.

"Organisations must put in place and update security infrastructure constantly, as one chink in the armour could lead to a killer blow for the entire company," said David Nelson, Cybersecurity Product Lead at Maintel.

The best way to ensure security is to "reduce the time to detect, contain and mitigate breaches", according to Nelson. He believes this is a key strategy given those trying to gain access are now very skilled in delivering multi-layered attacks using diversion techniques.

"The only way to go about this is by regularly scanning your environments for vulnerabilities, applying emerging technologies like predictive analytics with techniques such as machine learning and modelling as additional layers of the already complex security stack," he said.

Hacker
NGO counted nearly 450 online attacks carried out by 57 different entities Ozrimoz/Shutterstock

National security is also increasingly vulnerable to highly-sophisticated cyber-attacks.

A 2021 ransomware attack on the US Colonial Pipeline resulted in a lack of fuel supply for aeroplanes and local gas stations and led President Joe Biden to declare a national emergency.

Last year, Iran attempted to carry out a significant cyber-attack on the Albanian Government, with the intent of knocking the Baltic nation back into the last century.

As of mid-September, the Cyber Peace Institute, an NGO based in Switzerland, counted nearly 450 online attacks - roughly 12 a week - carried out by 57 different entities on either side of the Russia-Ukraine War since the invasion was launched in February.

Lloyd's of London, in a report published along with cybersecurity analytics platform provider Cyence, found that cyberattacks heavily relied on services like cloud platforms could lead to billions of dollars of losses around the world - costs on par with those associated with natural disasters.