Having a backup solution for your business is paramount to survival and to combat any unforeseen system failures, incidents or even attacks.
From system failures to cyber-attacks, businesses can suffer breakdowns at almost any moment, with the level of impact anything from minimal to a total crisis. Take the recent event at London’s Heathrow Airport. It actually provided a real-life lesson of Murphy’s Law – if something can go wrong, it will. In this case, a single point of failure caused by a fire at a major electrical substation caused the complete collapse of power across the area – shutting down the airport for the day. It was one of the UK’s worst air travel disruption incidents in years.
Last year also saw a number of system failures, including a nationwide issue with trains that were delayed due to fault with a communications system. The problem was caused by a new hardware card installed used by drivers and signallers as part of an upgrade. The disruption wasn’t as catastrophic as the aforementioned example, but a disruption nonetheless.
Another example, and one at the highest level of seriousness, was that of the NHS where a BBC News investigation found that IT system failures were linked to the deaths of three patients and more than 100 instances of serious harm at NHS hospital trusts in England.
Moving onto cyber-attacks, in 2023-24, UK businesses experienced approximately 7.78 million cybercrimes of all types, with an average of 21,315 attacks per day, and around 116,000 non-phishing cybercrimes. The UK Government Cyber Security Breaches Survey revealed that 50% of UK businesses experienced a cyber-attack or security breach in the previous 12 months.
Furthermore, according to data from the Office for National Statistics (ONS), there has been a rise in computer misuse incidents from 2019 (966,000) to 2024 (1,022,000) – a growth of 5.7%. This was broken down into different sub-categories that saw the number of unauthorised access to personal information (including hacking) incidents, rise from 522,000 in 2019 to 883,000 in 2024 – a growth of 69.1%.
With a focus on the furnishings industry, this area of system failure has seen some notable cases over the last few years. Global mattress manufacturer Tempur Sealy International, Inc. (now known as Somnigroup) previously identified a cybersecurity incident involving its IT systems back in 2023. Upon discovery of the event, the company activated its incident response and business continuity plans designed to contain the incident. This included proactively shutting down certain of the Company’s IT systems, resulting in the temporary interruption of the Company’s operations.
Meanwhile, the UK division of German furniture components and fittings supplier Hafele had been the victim of a ransomware attack. “There was a ransomware attacked on the IT systems of the Hafele Group from an external source,” the company said. “After the incident was discovered, the system landscape was shut down. Consequently, HUK had to revert to telephone only order taking and manual picking in our warehouse for several weeks. This situation led to sales losses in the high double digit percentage range in the month of February 2023.”
The group added that new systems have since been implemented and that the remainder of the year was “heavily focussed on restoring our creditability in the marketplace and winning back those customers that had to shop elsewhere in the period following the attack”.
Carpet retailer Carpetright, which has since entered administration, previously confirmed that it had been the victim of a cyber-attack in the UK, adding to an attack in Europe. The attack was understood to be a malware breach to gain authorised access to customer data. However, the retailer said that its network was taken offline, insisting that the virus was isolated before any data breach. It had also suffered a data breach within its Netherlands division as well as in Belgium where hashed passwords may have been stolen.
Carpetright said the breach took place on 19 February 2024 on the back-end of its website, which was infected with unknown malware. Information including customer names, addresses and contact details are at risk following the breach, which could include 30,000 Carpetright account holders.
Back in August 2023, software company Swan Retail suffered a criminal cyber-attack that resulted in the business going offline for days. Swan confirmed the security breach by an unauthorised third party, which impacted customers in the UK and USA, causing “significant disruption to services and impacting some of our customers’ businesses”.
With the impact of system failures and cyber-attacks monumental to businesses and its customers, its vital backup procedures are in place. The National Cyber Security Centre (NCSC) encourages all businesses to implement good practice. “A backup is a copy of your important data that’s stored in a separate safe location, usually on the internet (known as cloud storage), or on removable media (such as USB stick, SD card, or external hard drive).
“Once you’ve made a backup, if you lose access to your original data, you can restore a copy of it from the backup. You should backup anything that you value. That is, anything that would inconvenience you (for whatever reason) if you could no longer access it.”
The NCSC Cyber Essentials scheme protects against the most common cyber-attacks and appetite for certification continues to grow, with over 40,000 certifications issued in the past 12 months. New research into the impact of Cyber Essentials found that certified organisations are more protected against cyber threat, more cyber risk aware, more compelled to improve their cyber resilience further, and encouraged to cultivate more cyber secure supply chains.
NCSC Deputy Director for Cyber Growth, Chris Ensor said: “As the cyber threat landscape evolves, attackers continue to exploit the same vulnerabilities which they targeted back in 2014, when the Cyber Essentials scheme was first launched.
“That’s why I strongly urge all organisations to make Cyber Essentials a foundational part of their cyber resilience. For organisations lacking the necessary in-house expertise, support is readily available through companies offering the NCSC-recognised Cyber Advisor Service.”
