The Empire Company, which owns 1,500 stores across Canada, including Sobeys, Lawtons, IGA, Safeway, Foodland, Needs and other grocers, said Monday that an “IT systems issue” caused some of its pharmacies to face difficulties in filling prescriptions. Signs posted at some stores also said the gift card and Scene points systems were down. The company has not released further information about the issues affecting the chain and did not respond to questions raised by CBC News on Tuesday. Meanwhile, Maple Leaf Foods says it continues to grapple with the fallout from a cyber incident that began affecting its operations over the weekend. The company says it is working with cybersecurity experts to resolve the issue and investigate the root cause of the incident. “Our team is working tirelessly to create solutions for the affected systems and processes and all of our websites were up and running yesterday,” the company said in a statement Tuesday morning. “However, the outage continues to create some operational and service disruptions that vary by business unit, plant and location.” The company did not explain the exact nature of the cybersecurity incident, nor did it specify how it affected operations.
Silence can tell
Ritesh Kotak, a cybersecurity consultant and technology analyst, told CBC’s Information Morning Nova Scotia on Tuesday that he suspects both companies have been breached. “Sometimes it’s not the information they give us, it’s what they don’t give us. And when you use such vague language like an ‘IT incident’ and then Maple Leaf Foods comes out and says no, it’s a cybersecurity incident and we have hire recovery experts, makes me think it’s probably a third-party system used by grocery chains that had some kind of vulnerability that was exploited by hackers and hit with ransomware.” Kotak said sometimes it doesn’t take much to compromise an entire system. Cybersecurity expert Ritesh Kotak says he suspects both companies have been breached. (submitted by Ritesh Kotak) “I would say the most dangerous thing you’re probably going to do today is open email.… Sometimes it’s literally as simple as clicking on a link, downloading something, and before you know it, your system is infected. a ripple effect where it literally goes and jumps from computer to computer, server to server, locking up and infecting entire infrastructures.” If ransomware — malware that locks a system’s data until a ransom is paid — is indeed the problem facing Maple Leaf or Empire, Kotak said he believes the companies should resist paying the ransom because there is no no guarantee that hackers will relinquish control of the system. may require even more payments and the money is often used to finance organized crime or terrorist activities. “This money, it’s not going to somebody in their basement. It’s organized, it’s sophisticated, there are whole networks and they continue to finance nefarious activities.”
“No one wants to admit it”
Most companies are reluctant to admit they’ve been hacked, says Carmi Levy, an independent technology analyst based in London, Ont. “If you admit you’ve been hit by a ransomware attack, then you’re admitting you didn’t invest enough in cyber security and didn’t take your customer and stakeholder data seriously enough. And nobody wants to admit that – it’s like the modern equivalent of the Scarlet Letter” . Analyst Carmi Levy says companies are often reluctant to talk about cyberattacks. (CBC) Robert Hudema with the Ted Rogers School of Management at Metropolitan University of Toronto agrees. “This is completely embarrassing for a company, saying I was being held hostage and had to pay a fine,” Hudema said. “A lot of companies are reluctant to spend money on things that amount to fire extinguishers or alarms or things like that to prevent bad things from happening and as a result bad things happen.” But Levy said he thinks it’s good when companies talk about cyberattacks because it normalizes the issue. “It’s a matter of when, not if, every company we do business with will potentially be affected by some sort of cyber security incident. So let’s not write off the companies that are being targeted. Let’s recognize that this is a common fact of life in the modern digital age and we will we could be victims just as easily as anyone else.”
Lack of transparency
Cybersecurity expert David Shipley of Beauceron Security said he has a lot of empathy for IT teams and senior executives who have to deal with cyber security issues. “This is probably the worst week of their lives,” he told Information Morning Fredericton. He said companies tend to sue because they face pressure from their insurers, lawyers and regulators, and concerns about stock prices may also be hanging over their heads. David Shipley of Beauceron Security says there should be more transparency from food industry regulators about cyber attacks. (Jennifer Sweet/CBC) Shipley said there is also a tendency to “blame the victims” of companies targeted by well-funded cybercriminals. “The reality is, if it’s a ransomware attack, these groups are run like international businesses and they’re damn good at what they do, and it’s almost impossible to protect any organization 100 percent.” Shipley praised Maple Leaf for being transparent about the cybersecurity issue and said publicly traded companies like Empire may be required to disclose any financial losses resulting from its IT release in its quarterly or annual statements. . But he said there should be more disclosure and accountability from regulators, similar to the airline industry which must report incidents affecting safety and security. “The reality is there’s not a single law on the books that says Canadians deserve to know what’s going on with this,” he said. “But we depend on food delivery even more than we depend on the airline industry, and it affects Canadians every day. But we have no responsibility for that.”
