Ransomware in Retail Industry On The Rise

Ransomware is one of the most vicious cyber attacks out there. A ransomware attack occurs when malicious actors gain access to an unsuspecting company's data, either steal or encrypt the data, and offer to either return it or provide a decryption key once the demanded ransom is paid by the victim. In 2021, the average ransom demanded was $5.8 million. This is obviously no small price tag for a business of any size, but especially when all sectors of industry are factored in. Ransomware does not discriminate in who it targets, Fortune 500 companies and small businesses alike find themselves falling victim to the attack. Healthcare is one of the most targeted industries out there when it comes to ransomware, but another sector has found itself heavily targeted and it might not be one that we'd all expect -- retail.

According to the Sophos State of Ransomware in Retail Report for 2022, the retail industry saw the second highest rate of ransomware attacks with two in three surveyed companies having been hit last year. The report also found that the industry reported a 75% increase ransomware attacks compared to the rate seen in 2020; however, a similar rise in these sorts of attacks was seen across all sectors last year. Additionally, the State of Ransomware in Retail Report found that, rather than having most of the data simply stolen, the retail industry encountered an above average rate of their data being encrypted as well compared to other industries. This step of encryption can complicate and elongate the process of trying to regain access to the data.

Some companies opt to pay the ransom in order to regain access to their data, and others try to circumnavigate the ransom altogether by other means. Those companies in the retail industry are more likely to choose the option of paying the ransom compared to the average across all industries - with nearly 50% of retail businesses paying the ransom, compared to 46% of global companies.

To try and combat these rising ransomware threats, 97% of retail organizations have turned to cyber insurance, primarily to help them with the financial burden associated with an attack. As with any kind of insurance, this cyber insurance gives the retail organizations peace of mind that their insurer will be there in case an attack occurs. Despite these cyber insurance policies covering attacks such as ransomware, many retail companies have reported that the ransom payout is only 35% compared to an average of 40% seen among all sectors. Because of this, it is important to take other measures to try and prevent an attack altogether:

• Educate employees - Educated employees are empowered employees, and that applies even more in the world of cybersecurity. Untrained employees are highly susceptible to different cyberattacks such as phishing, which is often a method which cyber criminals use to perpetrate a ransomware attack. However, the reverse side of the coin comes in when you educate employees well on cybersecurity best practices. As the head of your retail company, it is up to you to act as a leader by communicating a strong and clear cybersecurity message, holding continuous trainings, and providing your employees with a dedicated team who they can go to with any questions or concerns at your company.
• Implement a data backup and recovery plan - Backing up your company's data is incredibly important when it comes to ransomware attacks. If you did find yourself as the victim of such an attack, the backup data allows you to continue operations seamlessly. Be sure to keep your backups on a separate network from your normal data so that it is not easily accessed by malicious actors. The recovery plan lets you and your team know how to handle an attack when it happens - obviously an attack would result in panic and stress, having a plan ahead of time helps you to get back to normal faster and easier.
• Keep devices up-to-date - Be sure to keep all of your devices updated as software updates are pushed out by the manufacturer. Additionally, keep your networks updated and password protected as well. These updates are meant to make your devices safer, more secure, and to patch any vulnerabilities that were previously present. This is a simple step that can make a huge impact on your business' cybersecurity defenses.  

Image by rawpixel.com for Freepik,