Analysis: Retailers and Ransomware 2023
Retailers may get some comfort from Sophos’ annual security report: The State of Ransomware 2023. But it also provides cause for concern.
The study surveyed 3,000 IT and cybersecurity professionals in over a dozen industries across 14 countries. Headline news for the retail sector is that ransomware attacks reported by retailers have dropped to 69% - an 8% decrease on the year before.
On the other hand, cybercriminals encrypting data remains a nasty and persistent problem for retailers, along with everyone else. A massive 71% of data was maliciously encrypted during last year’s ransomware onslaught on retailers.
Alongside the reputational damage a ransomware attack can cause a retailer, is the operational sabotage it causes. If you’re not willing to pay ransom fees to get your data back, then you need to rely on back ups and a savvy IT team to get your systems back online or face rebuilding from scratch.
For many businesses the loss of revenue caused by a system shut down can be catastrophic if you’re not able to get back online quickly. With the average recovery cost for businesses hit by ransomware attacks sitting at $1.82M for 2023.
The biggest cyber risk today
Sophos says: “ransomware is arguably the biggest cyber risk facing organisations today” due to the high level of attacks, which are also getting more sophisticated and persistent.
Sadly, 46% of organisations admitted to paying the ransom to get their data back last year. But it’s not just the extortion that’s a problem. Some attacks are pure industrial sabotage to stop businesses trading. And lost profits can cost more than lost data. The report found that, of the retailers hit by a ransomware attack, 38% “lost a lot of business or revenue” and 44% lost a little.
Criminals also use ransomware to acquire and sell personal employee data for ID fraud and aim to access systems and remain undetected for as long as possible to achieve this.
In 30% of ransomware attacks where data was encrypted, that data was also stolen, the report found. Examples of UK retailers who’ve been hit in this way over the last few years include Royal Mail and JD Sports.
Retailers taking cyber security seriously
Compared to the 2022 report, overall ransomware attack rates remain constant, but have dropped for retailers, as mentioned. There are three reasons for this.
Firstly, retailers are taking cyber security seriously. Secondly, there’s much stronger governance in place, especially in the US, where security protocols such as ANSI and ISO are being enforced on businesses. Thirdly, hefty fines and legal action can trouble retailers if an investigation reveals the attack was due to their negligence.
T-mobile is an example of a business that faced a huge data breach class-action pay-out of $350m to customers, plus an additional $150m to upgrade its data protection.
Good housekeeping thwarts attacks
For retailers, the root causes of last year’s ransomware attacks were exploited vulnerabilities (41%), compromised credentials (22%), a malicious email (15%), phishing (17%), a brute force attack (2%) and a download (1%).
So, what can we learn from this? Exploited vulnerabilities typically include things like not patching servers properly not running routine hardware and software updates or failing to keep antivirus or firewalls up to date. End point devices can also leave retailers vulnerable, especially if they’re not centrally managed and monitored by an experienced IT team.
As for compromised credentials, these tend to occur through employees not following protocols and re-using the same passwords across multiple devices or applications. To counter this, more stringent employee security training should be rolled out across organisations and multi-factor authentication, minimum password lengths and regular password renewals should be set up at a minimum.
7 top tips for retailers:
In conclusion: stay vigilant, keep up to date, educate staff and work with a trusted partner to strengthen your resilience against attacks.
Gareth Dew, Head of Platform, Infrastructure and Security at PMC Retail
As Head of Platforms, Infrastructure and Security, Gareth ensures PMC’s infrastructure and platforms are resilient, secure, and operating to the highest levels of availability. Prior to joining PMC, Gareth worked in the oil, gas, and renewable energy sector as a worldwide IT Manager, advising on all aspects of their technology performance, security and evolution.