Latest news with #CharlotteWilson
Yahoo
4 days ago
- Business
- Yahoo
Retail cyberattacks: AI making threats 'more advanced and personalised'
The use of artificial intelligence (AI) by perpetrators of cyberattacks is increasing the threat to retailers and their customers, according to a cybersecurity industry leader. Speaking on an episode of GlobalData's Instant Insights podcast, Charlotte Wilson, head of enterprise sales at cybersecurity company Check Point Software, said that while the form that cyberattacks take has not changed a great deal, AI is being used to make them more effective. This embedded content is not available in your region. 'I think they're getting far more advanced and highly personalised because of AI,' said Wilson. 'If you take this retail attack, any of the retailers right now, the primary attack is to get the money from the retailer to free up access back to their information, and that's the ransomware itself for the company, the retailer, to pay or not pay or negotiate. 'The secondary attack is all that information that has been gathered can then be sold to other people that then might do a secondary activity with it. And that's where some of the sophistication comes in. That's where social engineering comes in.' Social engineering is the practice of deceiving and manipulating individuals into performing specific actions. It is a well-known tactic of email scammers who purport to be people or companies that they are not to trick victims into giving them personal information. Of the role of retail cyberattacks in facilitating this, Wilson explained: 'There's the first attack, which is to the retailer. The secondary attack is to you and me, the mums and dads, brothers and sisters, the consumer – and AI is making them something you're more likely to click on because they're much more personalised. 'It could be so much as, 'I see that you bought this in the last time that you visited our store. We hope that was great for you. Here's some personalised offers for you based on what you like to shop for,' and if I've got access to you as a loyalty scheme customer, I probably know quite a bit about you.' Wilson was speaking on the episode following the recent spate of cyberattack targeting UK retailers including Marks and Spencer, Co-op and Harrods. They are thought to have been perpetrated by a group known as Scattered Spider using a ransomware-as-a-service platform called DragonForce, of which Wilson says: 'There will be operators that design the ransomware attacks and the malware, and then there are affiliates that will go and use those and exploit it and hold people to ransom. They sometimes have a profit-share model, so it's a profitable way of doing cybercrime.' Despite widespread coverage of the recent attacks, Check Point, which carries out its own cybersecurity research, finds retail to be only the fifth most hacked industry at present. 'It's way, way behind education, government and healthcare,' said Wilson. 'So, it's actually not the biggest attacked. We think they're dealing with about 300 attacks per week. It starts to get into the 1000s when you start to get into the other industries. 'However, obviously once you're in you can hold to ransom at a higher rate because it's so much more public, and you can see just the press at the moment is reporting the retail hacks pretty much every other day.' Wilson went on to explain that retailers are at a particular disadvantage as they typically have a much larger potential attack surface than businesses in other industries. 'Retailers have an incredibly hard job because they're dealing with so many different suppliers of varying degrees,' said Wilson. 'The networks are dynamic. They have lots of things attached to them, so I think they have a really complex job, and, from a hacker's perspective, the path of least resistance is the one they'll choose. 'If you've got lots of things that you have to maintain, you have to make sure are patched, secured and controlled across many different interfaces, it's much easier for you to have something that isn't as up to date as it should be, or isn't as protected as it could be, they're much more susceptible to mistakes.' Wilson gave two main recommendations for retailers to help keep their cybersecurity tight. 'One clear thing they can do is monitor the third-party access to their networks,' she said. 'One challenge that retailers have that is unique is that some of the suppliers to them might be quite small, and so may not hold the same level of security in their organisation as maybe the retailer is.' In addition, she noted that collaboration between security and IT teams when patching vulnerabilities is required is not always adequate. Wilson is of the opinion that the handling of common vulnerability exploits (CVEs) – vulnerabilities that are identified and need to be patched – often fails as a result of miscommunication or misunderstanding between the two teams within a business. 'I just think the CVE part never really gets taken all that seriously,' she explained. 'That bit, for me, is a big thing. If it's being handled by your IT team as opposed to your security team, I think it's important that the security team stress the need for those certain CVEs that are critical to get patched and sorted, or to put those people outside of a blast zone.' "Retail cyberattacks: AI making threats 'more advanced and personalised'" was originally created and published by Just Food, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site.
Sky News
14-05-2025
- Business
- Sky News
What should M&S customers do after criminals stole personal data in huge attack?
The personal data of M&S customers has been stolen by hackers during a huge cyber attack that may have cost the company millions. So what should those customers do now? The retail giant admitted on Tuesday that some data had been stolen but reassured customers that no "usable payment or card details" were taken. Passwords were also not included in the stolen data but there are reports that contact details like names, addresses and phone numbers were taken. There is no evidence the data has been shared, M&S confirmed to Sky News on Wednesday. Despite M&S saying customers "do not need to take any action" aside from changing their password next time they log in, cybersecurity experts are worried. Here's what they want you to do if you have an M&S account. Watch out for phishing scams "We often see a spike in phishing emails, fake delivery texts and scam calls after breaches like this, particularly when order history or usernames are involved," said Charlotte Wilson, head of enterprise at cybersecurity firm Check Point. "This is not about panic, but it is a reminder that cybersecurity is not just about technology," she said. These scams can appear more convincing because hackers can include personal details like your name, address or phone number, stolen in attacks like the one on M&S. "Some criminals may impersonate a well-known organisation and convince victims of their credibility by providing their name, address and date of birth - before using this false credibility to scam the victim out of their money," said Sam Kirkman from NetSPI. 1:21 In fact, the criminal group reportedly behind the M&S attack is known to use tactics like this to scam people. Rather than using software to hack past company firewalls, Scattered Spider hackers target human vulnerabilities and trick people into giving them access. "Remember that we will never contact you and ask you to provide us with personal account information, like usernames, and we will never ask you to give us your password," said M&S operations director Jayne Wall in a message to customers. Stop, challenge, protect Mr Kirkman recommends following the "stop", "challenge" and "protect" steps of Take Five, a national campaign aimed at protecting people from cybercrime: Stop: Take a moment to stop and think before parting with your money or information. It could keep you safe. Challenge: Ask yourself, could it be fake? It's ok to reject, refuse or ignore any requests. Only criminals will try to rush or panic you. Protect: Contact your bank immediately if you think you've been scammed and report it to Action Fraud at or on 0330 123 2040. Change passwords M&S said no passwords were stolen in the data breach but Clare Loveridge from cybersecurity firm Arctic Wolf still says it is a "good idea" to change their passwords across all online accounts. "Likewise, taking additional steps like activating two-step authentication will also improve protection, if it's not been done already," she said. This is because attackers may test reused passwords or login credentials stolen in previous data breaches.
Gulf News
02-05-2025
- General
- Gulf News
Stop telling people to be grateful — it's emotional gaslighting that silences grief
I'll be grateful as long as you don't tell me to be so. Dubai-based Kitty Crenshaw is grateful that she survived a fire in her previous apartment back home in London, but it still doesn't heal the burn marks on her arm or bring back the many possessions that she lost in the fire, which include her grandmother's cards, letters, and her own jewelry sets. 'Whenever I complained that my hands hurt, or I was upset about the fire, some of my friends would snap at me, 'You're alive, just be grateful'.' She is glad that she survived the fire. She just wish that it had been without so much loss. 'So, after that I kept quiet. I felt awkward if I shared anything about it. But everything hurt and ached for a long time, but I just kept thinking that I needed to feel grateful.' No doubt, gratitude is generally beautiful thing; it helps you appreciate what you have. It's healing and comforting. And gratitude journals are wonderful tools, especially when you're rebuilding yourself. Yet, when gratitude is used carelessly or manipulatively, it becomes something far more harmful. It dismisses accountability, silences discomfort, and i nvalidates real pain. Telling someone to 'just be grateful' can, intentionally or not, erase their needs and deny them the space to grieve or process their experience. People don't do it intentionally. Yet, it all comes down to a concept and phenomenon called weaponised gratitude, as Psychology Today explains it. So, what is weaponised gratitude? It's when gratitude is used as a tool to silence or shame someone's pain, intentionally or not — dismissing their need to grieve or seek support Gratitude needs to come from within. It shouldn't be an order. Charlotte Wilson, a clinical psychologist based in Abu Dhabi, puts it plainly: 'When you tell someone to be 'grateful' right after they've opened up about their struggles or doubts, it can make them feel like a burden. It sends the message that their pain is invalid, that they shouldn't speak up because someone else has it worse.' This statement is often used in varying scenarios, from inter-personal to professional. For instance, Ryan Sheffield, a corporate communications professional remembers finally pushing for an increment after two years and was told, 'Look just be grateful that you still have your job. There are layoffs happening.' You cannot force gratitude into someone's life, and in such cases it can be perceived as gaslighting. You aren't taking accountability for your actions and are dismissing someone's rightful concerns as invalid. And so he didn't try asking again for another year, till he had enough. But the truth is, people build walls. Sometimes, they pretend to be excessively thankful and grateful, because they fear they might be shut off if they're not. 'It fosters this idea of toxic positivity, and undermines a person's actual feelings,' says Wilson. Sure, gratitude journaling and thank-you rituals help, but that's later: First, you need to get to a place to feel as if you can appreciate these rituals. How do you write about gratitude and joy, when you are feeling so empty? In order to fight this emptiness, people force conversations about gratitude that disrupts actually honest and heartfelt communication, explains Wilson. And if not, we start following the 'they-have-it-worse' route. But as Wilson points out, everyone has it worse, by that logic, no one would ever have the right to grieve. 'You can't quantify pain or anguish. Even if someone's suffering seems small or superfluous to you, it's very real to them. And that matters. There's always a more compassionate way to respond.' Everyone has it worse The problem arises, when we internalise such beliefs and start thinking. We start believing that 'someone else has it worse', and so, they suppress their suffering. For instance as Wilson recalls, one of her friends had lost her job suddenly. It was a sudden shock, and she wasn't quite able to come to terms with it for a few days. However, a few days later, another friend had another devastating loss: Her relationship ended, too. The first friend felt awkward about sharing her grief with the second, afraid that it wasn't 'much' and she would look like whining. 'And so, I was just between two people grieving, one openly doing so, while the other was quiet and repressed, but trying to make the other one feel better.' Weaponised gratitude does extensive emotional damage, almost rewrites your psyche, compelling you to suppress your hurt, rage or resentment, which leads to emotional burnout, explains Diana Matthews, a Dubai-based psychologist. 'It leads to emotional burnout, maintaining unhealthy dynamics where expressing what you need is seen as ungrateful.' Worse, it creates the web of an illusionary positivity, which can gradually fracture a person's sense of self. So, what can we do? Listen to a person. Yes, they still have a roof though they've lost their job, but they need to be heard. Acknowledge what they feel, explains Sumeira Tariq, a wellness practitioner. Moreover, both gratitude and sadness can exist at the same time. You can be grateful that you have friends and also sad that your relationship ended. 'Ask a person, what support they require at this time. If you fear trauma dumping, that is valid too, but that's a different matter altogether that requires certain boundaries, not dismissing someone's grief as unnecessary,' says Tariq.
