Hundreds of thousands of UK workers have been affected by an apparent ransomware attack on a widely-used payroll system, just days before Christmas.
As reported widely, firms such as Boots, Sainsbury’s and Jaguar Land Rover have had their HR and payroll systems impacted by a cyber attack on Kronos, a system used to log, store and process the hours employees have worked.
According to the BBC, Kronos confirmed at the weekend that it was dealing with a ransomware attack on its computer systems.
It warned that it could be "several weeks" before systems are restored fully, and warned told employers to use "alternative business protocols" to ensure their staff get paid on time.
At Sainsbury’s alone, around one week's worth of data for its 150,000 UK employees has been lost, according to the national broadcaster.
Will workers get paid this month?
Understandably, this situation has generated lots of anxiety among employees of companies that use the software.
However, many have been reassured that they will still receive their wages this month.
A Sainsbury's spokesperson told the BBC: "We have contingencies in place to make sure our colleagues continue to receive their pay."
Other affected firms have not commented on the matter.
An official from UKG, the parent company which runs Kronos, also told BBC News: "UKG recently became aware of a ransomware incident that has disrupted the Kronos Private Cloud, which houses solutions used by a limited number of our customers."
"It had taken immediate action to investigate and mitigate the issue, alerted affected customers and informed the authorities
"We recognise the seriousness of the issue and have mobilised all available resources to support our customers and are working diligently to restore the affected services.”
‘We deeply regret this’
UKG’s Executive Vice President Bob Hughes released a statement on the firm’s website in which he said: “We are working with leading cyber security experts to assess and resolve the situation, and have notified the authorities. The investigation remains ongoing, as we work to determine the nature and scope of the incident.
“Given that it may take up to several weeks to restore system availability, we strongly recommend that you evaluate and implement alternative business continuity protocols related to the affected UKG solutions."
Hughes added: “We deeply regret the impact this is having on you, and we are continuing to take all appropriate actions to remediate the situation.”
Many employees at affected businesses took to social media to share their frustrations at the situation. One user wrote: “To whomever pulled off the #Kronos #ransomware attack - you’re not hurting rich companies; you’re hurting people like me. I worked lots of OT last week, despite being physically disabled, so I could go out Friday and give my daughter a good #Christmas. Now I can’t.”
Outage comes ‘at terrible time’
Jake Moore, the former Head of Digital Forensics at Dorset Police and now Global Cyber Security Advisor at ESET said: “At a terrible time of year for disruption to services, the impact to Kronos is tremendous. Holidays, bonuses and a limited workforce all make this attack all that much worse plus the knock on effect to other businesses will also be felt more than usual.
“When you hear of attacks forcing companies back to pen and paper for trivial tasks such as monitoring timekeeping, it is shocking to think we are heading into 2022 with the same attack vectors as we have seen for much of the last decade.”
Firms concerned about cyber attacks
Although details of how hackers gained access to Kronos is unconfirmed, the incident certainly validates the fears of firms surrounding cyber security.
A recent study from HP found that, despite the danger of leaving sensitive information vulnerable to hacks from cyber attackers, 48% of workers surveyed stated that they saw security measures as a waste of time – a number that rises to 64% among 18 to 24-year-olds.
And whilst many workers may well be returning to offices with stronger security protocols, the future hybrid working approach does seem to be a cause for concern. 83% of IT teams believe the increase in home workers has created a “ticking time bomb” for a corporate network breach.
“The fact that workers are actively circumventing security should be a worry for any CISO – this is how breaches can be born,” said Ian Pratt, Global Head of Security for Personal Systems, HP.
“If security is too cumbersome and weighs people down, then people will find a way around it. Instead, security should fit as much as possible into existing working patterns and flows, with technology that is unobtrusive, secure-by-design and user-intuitive,” he said.
The report highlights that many security teams have made efforts to curb user behaviour to keep data safe. 91% have updated security policies to account for the rise in working from home, while 78% have restricted access to websites and applications.
Pratt concluded: “To create a more collaborative security culture, we must engage and educate employees on the growing cybersecurity risks, while IT teams need to better understand how security impacts workflows and productivity”.