Cyber ​​attack on London Drugs: What companies can learn from the week-long closure

The cyber attack on London Drugs made headlines across the country. What makes this breach unique is the impact it had on operations and customer access. Following the attack, all 79 London drugstores were closed for over a week. This leaves their customers struggling to access prescriptions and other medical needs.

Like all security breach reports, this headliner can be used to the advantage of security managers. Use this story as a case study to teach your leaders, team members, and yourself lessons about the current state of cybersecurity. In today’s blog we will review the story of the London Drugs cyberattack and what companies can learn from it.

What happened?

On April 28, Canadian pharmacy London Drugs closed all 79 stores following a cyberattack. The cause of the attack is still unknown as the company refuses to release information as possible.putting them at further risk“. However, company leaders have mentioned social media, international threat actors and customer logins in their speeches to the press. London Drugs says it does not believe customer data has been stolen but can never be 100% sure.

The biggest impact of the breach was felt afterwards when stores remained closed for over a week. This led to concerns among many Canadians about access to medications and prescriptions. London Drugs created a solution by having pharmacists available at all locations to answer emergency calls for prescriptions.

To secure and reboot their systems, London Drugs hired a third-party security company, which they cite as the reason for the long shutdown. The company continues to work to bring all systems back online and find the cause of the breach.

Lessons to be learned

There are many lessons to be learned from this security breach story. Whether you’re a security awareness manager or an employee in another department, here’s what you can take away:

Create a security breach response plan

It is imperative that all organizations have a security breach response plan in place. More importantly, employees know what to do if they notice unusual activity and are alerted to a cyberattack.

Security teams should create a comprehensive breach plan that includes:

• What constitutes a data breach? – What are the signs and requirements that constitute a data breach? Is it like this as soon as someone clicks on a malicious link? When will something be detected on your network?
• How is a data breach reported? – How can an employee report suspicious activity? Accidental link clicks? What other methods or tools does your security team use to detect suspicious activity on your network?
• What is the security team’s immediate response? – We recommend following this 5 step action plan after an employee clicks on a link or you discover suspicious activity on your network.
• What is the immediate reaction of the employees? – Educate your employees about what actions they should take after a violation. How do they know when a violation has occurred? What three to five steps should they take after being notified of a violation? How do you stay in touch with your team when all systems go offline?
• How does communication with customers take place? Finally, determine who is responsible for notifying all customers of the breach. Decide what the communication should look like, how soon after the breach the communication should take place (preferably as soon as possible), and what information you want to share. Critics say London Drugs could have done better.
• How will the security team meet after the breach? – If all systems go offline, how, where and when will the security team meet to continue working to bring the systems back online? Deciding this in advance will save your team a lot of trouble in the event of an actual breach.

Create a plan for offline service

In addition to your security breach plan, your operations team should have a plan in case your system ever goes offline. Your plan should consider the following:

• How is this communicated to customers?
• What is necessary for our company to function?
• What do we need access to even when we go offline? How can we make this available when we are offline?
• What will our internal process look like offline? Who will continue to work?
• What will our external process look like? How will customers continue to use our product/service?
• What would that look like for a few days? 1 week? 2 weeks? A month?

This is another crucial step to surviving a breach. London Drugs is likely to suffer a major loss in sales as a result of the week-long closure and could lose even more customers due to reputational damage. Taking time to plan your offline service plan can save your business money and loyal customers.

Think about the personal information you collect and store

The reason many of these breaches are so alarming to customers is because they were unaware of what data the company was storing. As a pharmacy, London Drugs has access to medical records and personal information. Cybercriminals know this and have likely targeted London Drugs based on this data.

Companies need to think about the data they collect and store. Is it really necessary for your business? If so, how do you store and protect it? Do you clearly communicate to your customers what data you store?

Answer these questions and reduce your data storage to only include customer data that is essential to running your business. Anything else is just additional liability that you don’t have to be responsible for.

Educate your employees about threat detection

This story is also an important reminder for companies to educate their employees about threat detection. We don’t know the official reason for this breach, but based on the company’s mentions of social media and logins, we can assume there were human components involved.

The more you educate your employees about security awareness, the stronger your first line of defense is to protect your business. Use this story as a case study to prove to your leaders that safety training should be a priority and deserves more resources and budget. Then implement engaging, interactive training on topics relevant to your business, such as social engineering, passwords, and phishing.

If anything, this story should be a sign that your company needs to start taking cybersecurity seriously. Due to an attack, London Drugs has been out of business for over a week and is still not operating at full capacity. Don’t let this happen to your company. Stay safe by planning ahead, using appropriate data storage techniques, and training your employees.

The article “London Drugs Cyber ​​Attack: What Businesses Can Learn from the Week-Long Closure” appeared first on Click Armor.

***This is a syndicated blog from Click Armor’s Security Bloggers Network, written by James Tobias. Read the original post at: https://clickarmor.ca/2024/05/london-drugs-cyber-attack-what-businesses-can-learn-from-its-week-long-shutdown/