While covid lockdowns caused a step-change in ecommerce as businesses turned to and came to rely upon selling online, it also presented more opportunities for cybercriminals to disrupt retail services and steal data. Cybercriminals have been targeting the retail industry because retailers are more likely to pay off hefty fees to avoid cyber attacks that could instantly halt their sales operations.
According to Veritas research, cybercriminals were quick to exploit the new security challenges brought about by the pandemic. Respondent organisations experienced an average of 2.57 ransomware attacks leading to significant downtime in the past year. A further 14% have admitted to five, or more, ransomware attacks that have caused even greater downtime during the last (how long?).
In retail in particular, in the year from February 2021, the 2022 SonicWall Cyber Threat Report revealed that there was a 264% increase in ransomware attacks on ecommerce and online retail businesses. [TM1] Estimates suggest that over 40% of retail organisations suffered a ransomware attack.
Since the end of lockdown, online sales have endured a slight hit as shoppers returned to stores but despite this reopening, a further increase of £10 billion (9%) in online sales has been forecasted for 2022. The stakes also continue to rise for cybercriminals. The complex distributed IT environments where retailers operate, paired with access to a wide range of sensitive personal and financial data render the industry vulnerable to cybercriminals who are eager to make financial gain, irrespective of the consequences.
Gambling on consumer trust
When a fashion brand is targeted, we often see its e-commerce store taken offline, shipments are delayed and the posting of sensitive company and some customer data online can occur. [TM2] Such attacks are a blow for any retailer, and consumers are becoming increasingly intolerant towards ransomware-related outages. Any break in service, or trust results in customers seeking other services; consumers have no qualms about taking their business elsewhere when faced with disruptions, not least when it is borne of cybersecurity issues.
Retailers simply cannot gamble with consumer trust by being offline for too long or failing to adequately protect customers’ data. There is no safe haven from ransomware as the attacks are targeting data and applications in the cloud impacting both virtual and on-premises systems.
Perhaps what’s more damaging to retailers is the reputational damage these attacks entail. Issues such as failed POS transactions and the perception of an ‘unsafe’ business can possibly turn customers towards competitors who are perceived as offering a better and more secure shopping experience.
Defending against ransomware attacks
Although ransomware comes in different forms with different capabilities, the methods used to gain access to a target machine remain relatively unchanged – via phishing emails that contain malicious attachments or through drive-by downloading.
Businesses need to raise their stance on cybersecurity by having a robust data back-up and recovery protocol in place so that retailers can easily deploy a multi-layered approach in the unfortunate event of a ransomware attack. Some recommendations on how retail organisations could better protect themselves from ransomware attacks include enhancing monitoring for swift action, backing up data regularly and keeping at least one copy of the backup offline and setting retention policies to expire data over time to ensure data that is no longer needed does not fall into the wrong hands of cyber felons.
Retailers are under almost immediate pressure to pay ransoms in order to get the business operational again. There is no guarantee, even if you pay the ransom, that you will get all your data back. To stay one step ahead of the game, it is imperative for retailers to start practising incident response and business continuity plans. Hardening backup platforms to block attackers at as many points as possible across their environment and deploying robust recovery measures to ensure data and applications can be restored quickly and seamlessly across business networks and operating systems – is all essential before it is simply too late.
In short, keeping data safe improves loyalty and generates ROI.
The future of retail is reputation
While a retailer can eventually recover its data or financial resources post-attack, the loss of trust among customers and partners will be hard to regain. A ransomware attack on a retailer can have a long-lasting impact on consumer loyalty and their purchasing decisions. The potential damage will multiply as consumers are likely to share their negative experiences with others, be it online or otherwise. Industry research reveals that 90% of online shoppers have chosen not to purchase from a company because of its bad reputation.
As recent research from the University of Bournemouth also suggests, “It can certainly be argued that a cyber-attack has an eroding effect on consumer trust and therefore their spending habits…consumers are now open to taking their business elsewhere due to the immense choice of retailers and service providers online.”
The ecommerce industry relies on always-on systems to meet customer demand, but this leaves them vulnerable to attack as criminals know they are hitting retailers where is hurts.
As retailers prepare themselves for busy periods like end of Summer sales, Black Friday and the festive season, they must also keep in mind that this is when many ransomware attacks take place. During sales peaks cybercriminals will pounce on the opportunity to cause as much disruption as possible and so force retailers to pay up. To protect themselves from such attacks, retailers need to have robust security measures in place. This includes ensuring that their systems are up to date and that they have adequate backup procedures in place.
As cybercriminals are on a journey to deploy more effective and potentially devastating means of holding retailers’ data and workloads hostage, the time to act is now. Retailers need to urgently review their resiliency approach and close the gap by making their backup and disaster recovery processes more robust, audit their sites and apps to ensure they’re as secure as they can be, to win and maintain consumer trust. Today’s retail world is highly interconnected and digital – consumer data must remain protected and secure or retailers risk destroying trust and losing business.
Head of Technology UK&I
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.