Data security and that of online systems continues to be under threat with some sectors becoming notable targets.
In 2021, the retail sector was identified by Sophos as one of the most impacted and at-risk areas of industry for cyber-attack. The only other sector equally as impacted was education.
As the businesses continued to further embrace the opportunities of online shopping and consumer demand due to the pandemic, it further increased their risk to potential vulnerabilities.
World leading cyber security experts Sophos investigated the situation in the sector to help identify the current situation and help advise what can be done to help protect against this increased, targeted threat*.
What is the current cyber security situation in retail?
In 2021, 44% of retail organisations worldwide reported they were hit by ransomware over the past year.
Of those affected, 54% of organisations confirmed cybercriminals succeeded in encrypting data, preventing the organisation accessing their data. 56% of those affected restored their data using backups.
32% of organisations who could not restore a backup, paid the ransom to get their data back while the average ransom payment was $147,811. However, of those who paid, they gained on average only 67% of their data back.
91% of retail organisations who took part in Sophos investigation had a malware incident recovery plan.
34% of retail organisations surveyed by Sophos had not been hit by a ransomware attack but expected it to be likely in the future. While 21% do not feel they will be at risk of such attacks.
What are the recommendations for the retail businesses?
Attacks – when not if
Understand attacks are likely in any sector and are recognised to increase as hackers continue to become more competitive. However, with this in mind you can work to ensure your organisation is protected for when it happens to avoid damage, not recovering from the result of an attack.
Cyber security threats are becoming increasingly sophisticated and so must your protection tools. Ensuring your organisation keeps up to date on the latest security trends and maintaining your IT hygiene can be clear actions for a safer future.
Implement a range of data security tools and processes throughout your organisation to ensure you have the best resources in place to keep your business safe.
Understanding the risks and ways to avoid them is best practice to help protect your business. Your staff are potentially the first point of contact for vulnerabilities and can be one of the first forms of defence.
Through clear training, processes, and procedures, along with a range of data security tools, you can help keep your organisation protected from future threats.
Have a backup plan
Attacks will likely happen and if they do, it is essential to have a plan. If the effect that a ransomware attack does happen, as seen with the 56% of those surveyed, a data backup can help limit business disruption and save on costs in the longer term.
This is not to say other security measures should not already be in place, but by maintaining a backup solution, you are ensuring a business continuity approach should the worst ever become possible.
Do not pay the ransom
Though the impulse may be to pay to recover what you can, as seen in the investigation results the likelihood is your organisation will not recover all that was lost. It is recognised in the data security industry as one of the most ineffective ways to regain your data.
If your organisation is still inclined to pay, implement a cost/benefit analysis to aid the decision. With the expectation based on the average results reported only retrieving two-thirds of their data consider if the financial outlay in addition to the additional costs because of the data breach are a viable decision as an organisation.
Have a malware recovery plan
Through preparation, organisations can prevent a cyber attack becoming a full data breach. Organisations often realise that they could avoid a lot of cost, pain, and disruption by having a response plan in place.
Contact today to find out more of how we can help and ensure your business, staff and your customers are supported and protected.
*Organisations included in the investigation were confirmed as having 100 to 5,000 staff users and located across 30 countries worldwide.