Indigo cybersecurity incident highlights mounting prevalence, sophistication of hackers, consultants say

A cybersecurity incident stretched into its fifth day at Indigo Books & Music Inc. IDG-T on Monday, illuminating the rising threat of cyberattacks on Canadian corporations and shoppers.

The continuing outage of the bookstore’s web site serves as a warning of the mounting risks going through organizations and people on-line, consultants say.

“These assaults have gotten extra prevalent and extra subtle,” stated Charles Finlay, government director of Rogers Cybersecure Catalyst at Toronto Metropolitan College.

“It’s not if however when these assaults will happen,” he stated. “Each group both already has been the sufferer of an assault, or would be the sufferer of an assault.”

Final week, Indigo stated it had skilled a “cybersecurity incident” impacting its web site and digital fee system. The corporate stated it was working with third-party consultants to research and resolve the state of affairs.

Though the bookstore is as soon as once more in a position to settle for debit, credit score and reward playing cards in shops, Indigo’s web site remained offline on Monday.

On social media, Indigo advised prospects it modified its in-store fee expertise as a part of its incident response.

The bookstore has stated prospects could expertise delays with half or all of on-line orders and returns, whereas its shops had been nonetheless unable to just accept returns in particular person.

Indigo spokeswoman Melissa Perri stated the corporate was persevering with to work with third-party consultants to research the state of affairs and perceive whether or not any buyer knowledge has been accessed.

Canadian retailers have skilled a rising variety of cyberattacks in current months.

Sobeys guardian firm Empire Co. Ltd. skilled a safety breach late final 12 months.

The incident in early November left prospects unable to fill prescriptions on the chain’s pharmacies for 4 days, whereas different in-store features like self-checkout machines, reward card use and the redemption of loyalty factors had been offline for a few week.

Empire later stated the assault was anticipated to value $25-million after insurance coverage recoveries.

“It takes time for firms to actually develop a complete cybersecurity plan,” stated Mark Hubbard, senior vice-president of knowledge expertise for First Onsite Property Restoration.

“There are corporations on the market which are ripe for the selecting and these menace actors are firing these assaults out and simply seeing what sticks,” he stated. “Some organizations recuperate pretty rapidly however it may be catastrophic for others.”

Whereas large corporations with deep pockets often survive cyberattacks, smaller companies usually don’t fare as effectively, consultants say.

Greater than half of small companies shut inside six months of a cyberattack, stated Mandy D’Autremont, vice-president of promoting partnerships on the Canadian Federation of Unbiased Enterprise, which gives a coaching program for enterprise homeowners and their workers on find out how to enhance cybersecurity.

“There’s a actual threat for the survival of small companies,” she stated. “Cyber criminals are at all times growing extra superior and complicated methods of making an attempt to trick you and break via a enterprise’s defences.”

The common value of a profitable cyberattack for a small enterprise is $26,000, she stated.

“These assaults will be devastating for organizations,” Mr. Finlay stated. “A big proportion of companies that undergo critical cybersecurity assaults don’t survive.”

Cyberattacks can stop organizations from finishing transactions in addition to tarnish an organization’s relationship with prospects and workers, he stated.

“They lose the worth of the transactions that they will’t full. There’s a major value to restoring programs. There’s disrupted relationships with shoppers. There’s disrupted inside processes. There’s impression to worker morale. There’s regulatory scrutiny,” Mr. Finlay stated. “Cyberattacks are extremely damaging.”

The Workplace of the Privateness Commissioner of Canada has stated it’s conscious of the Indigo cybersecurity incident and is in communication with the group “with the intention to acquire extra data, together with a proper breach report, and to find out subsequent steps.”