Connect with us at the Gartner® Security & Risk Management Summit June 9-11. Learn More

Request a Demo

Connect with us at the Gartner® Security & Risk Management Summit June 9-11. Learn More

Request a Demo
Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
Trustwave SpiderLabs Team
Global researchers, ethical hackers, and responders
Trustwave Fusion Security Operations Platform
Unprecedented security visibility and control
Trustwave Security Colony
Access to cybersecurity threat protection resources
Partners
Microsoft Security
Unlock the full power of Microsoft Security
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP

Why Offensive Security Is Crucial for Retail Resilience

3 Minute Read
  • Retail Cyberattacks: How recent incidents highlight the need for proactive security.
  • Offensive Security Tactics: Key strategies to identify and mitigate retail vulnerabilities.
  • DFIR Best Practices: Responding to cyber incidents with speed and precision.

The three high-profile UK retailers struck with cyberattacks in the last few weeks are each still feeling the impact of the attacks and attempting to regain full functionality across all their systems.

These incidents highlight the need for retailers, and in fact all organizations, to have a multi-point Offensive Security process in place to determine possible security soft spots, but to also actively hunt for known threats, and finally a well-though out and thoroughly rehearsed digital forensics and incident response (DFIR) plan.

 

UK Retail Under Attack

The details on each attack are still not fully known, but published reports state that Marks & Spencer (M&S), Harrods, and Co-op were all struck, with the Marks & Spencer incident being confirmed as a ransomware attack. Co-op has confirmed that customer data was stolen, while Harrods noted it was dealing with an attempt at unauthorized access.

The threat group Scattered Spider, which Trustwave SpiderLabs has been tracking for more than a year, has been attributed to the M&S attack. Attribution for the others is not confirmed, although the ransomware group DragonForce has claimed responsibility.

 

Going on the Offense

Offensive Security is a proactive and adversarial approach to fortifying computer systems, networks, and individuals from cyberattacks. It involves using active, hence offensive, measures to outsmart and defeat attackers.

These include penetration testing, ethical hacking, and Red Team exercises to find vulnerabilities before the bad guys do.

In addition to relying on more defensive-oriented cybersecurity measures like managed detection and response (MDR), email security, firewalls, or database security, offensive security has security teams actively hunting not only for intruders in a system, but also testing for weaknesses and paths an adversary can take to gain entry using techniques such as, penetration testing, ethical hacking and Red Team exercises to find vulnerabilities before the bad guys.

The goal is to get ahead of an attacker, block possible routes before they become an issue, and provide an organization with a realistic view of its security posture from an attacker's perspective.

Iron-clad security and proactive risk reduction with Trustwave Offensive Security.

Learn More

While implementing all of the following programs would be best, adding just a few will go far toward helping you better understand your security posture.

  1. Penetration Testing, or pen testing, is a method to test a computer system, network, or application to find vulnerabilities that an attacker could exploit. It involves simulating a cyberattack to evaluate a system's security and identify weaknesses.
  2. Red Team Exercise is a laser-focused cybersecurity engagement designed to make an organization's nightmare come to life in a simulated attack. Rather than focusing solely on the technical controls, Red Teams aim to find flaws in people, processes, and technology.
  3. Threat Hunting comes in two forms at Trustwave. Advanced Continual Threat Hunting (ACTH) and the more traditional variety. Threat Hunting is the proactive identification and elimination of active threats in your environment. Trustwave SpiderLabs inspects systems looking for weaknesses such as outdated and vulnerable software, policy violations, insider threats, and unprotected databases. ACTH hunts for unknown threats based on indicators of behavior continuously, not just on a timetable.
  4. Threat Intelligence is gathering and analyzing data on the cybersecurity threats targeting an organization. This information can be found by inspecting an organization's network, studying attacks conducted on others, and researching information on the Dark Web.
  5. Vulnerability Scanning is the ability to examine an organization's systems in depth to uncover database configuration errors, assess risk levels, identify network-connected assets across an infrastructure, assess application security, and meet and maintain audit and compliance requirements.
  6. Ethical hacking, also known as white-hat hacking, involves using hacking skills to identify vulnerabilities in a system. The goal is to find security weaknesses that a malicious hacker could exploit. Ethical hackers use the same techniques as cybercriminals but do so legally and ethically to improve system security.

Digital Forensics and Incident Response is the last chess piece that needs to be placed on the board.

According to the 2024 Gartner® Market Guide for Digital Forensics and Incident Response (DFIR) Retainer Services, DFIR vendor solutions should include the following:

  • Pre-incident design and assessment
  • Post-incident response assistance
  • Prepaid retainers

Additionally, to effectively prepare for and respond to security incidents, Gartner® suggests that DFIR providers offer a comprehensive suite of services, such as red teaming and tabletop exercises, penetration testing, and training workshops, to further enhance an organization's security resilience.

 

What Trustwave DFIR Delivers

Trustwave's DFIR approach delivers clarity amidst the chaos of a cyberattack. Our expert consultants swiftly pinpoint the cause and scope of a breach, empowering organizations to prepare for the inevitable.

By leveraging our DFIR consulting retainer, clients gain immediate access to Trustwave SpiderLabs' elite team, acting as the first line of defense. With a global presence, expert responders are on call 24/7 to initiate forensic investigations instantly.

A Trustwave DFIR retainer offers:

  • Rapid Response: On-call DFIR experts with a 2-hour remote triage guarantee and on-site deployment within 24 hours.
  • Priority Service: Retainer clients receive top priority, ensuring swift incident handling.
  • Cost Efficiency: Pre-negotiated rates provide significant savings compared to standard consulting fees.
  • Flexibility: Unused retainer hours can be allocated to other IR readiness services.

Trustwave's Offensive Security program cuts through the complexity of cyber incidents, providing insights, expertise, and the support needed to minimize impact and preserve critical evidence.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

News Data Breach Database Protection DFIR

Latest Intelligence

From Facebook Ad to Near Breach: The Power of Threat Hunting in Modern MDR
UK Cyber Security Survey 2025: Ransomware on the Rise, Phishing Still Reigns
Migration Made Easy Using Trustwave’s Microsoft Security Migration Program

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo