3 Ways Retailers Can Repel Cyber Criminals and Avoid the Perils of Ransomware


By Byron Horn-Botha, Business Unit Head, Arcserve South Africa

It’s holiday time again. Unfortunately, cybercriminals never take a day off, and the explosive growth of online shopping has made retailers a primary target for cyberattacks. According to the Sophos State of Ransomware in Retail 2022 report, retailers saw a 75 percent increase in ransomware attacks over the previous year.

The report also found that 77 percent of retail organizations were hit by ransomware in 2021, up from 44 percent in 2020. And only 28 percent of retail respondents said they could stop an attack before hackers encrypted their data. Even worse, the retail sector was hit by an average ransomware recovery cost of $1.27 million, and the average ransom payment was more than $200,000.

Regardless of where your company is located, these statistics should make you sit up and take notice. That’s because retailers are a high-value target for attackers. After all, any downtime can be incredibly damaging. And that makes them more inclined to pay the ransom—and fast—if an attack brings down their systems and sales come to a screeching stop.

Attackers also target retailers because they can acquire customer payment details and other personal data that they can use to commit fraud and identity theft or sell to scammers on the Dark Web. With ransomware attacks on the rise and their impacts becoming more severe, you need to ensure you can respond quickly and effectively to limit any damage.

With that in mind, here are three ways to repel bad actors from your retail business and have a happy holiday season.

1. Practice Good Cyber Hygiene

Good cyber hygiene requires ongoing effort. So put a program in place that regularly keeps employees informed and aware of threats and security best practices. And monitor your operating systems and software to ensure they are always patched and up to date.

You also need to protect your network with best-in-class security solutions, including firewalls, endpoint security, multi-factor authentication, and privileged access management, to name a few.

Most importantly, you need to implement an effective backup and recovery plan. Check out this post for a step-by-step planning guide. If your plan is updated, you’re much less likely to suffer significant damage and data loss from an attack.

2. Get Ahead of Risks and Be Ready for Anything

A solid disaster recovery plan includes regular testing of backup images so issues can be identified and fixed before they become problems. And always expect the worst—and prepare for it.

According to IBM, today's global average data breach cost is $4.34 million. That’s going to have a significant impact on any company. Cyber insurance offers to compensate policyholders for losses and penalties that result from cyber attacks, and in today’s environment, it’s a must-have for your business.

While the Sophos report noted that most retailers are upgrading their defenses with cyber insurance coverage, it’s getting harder to find for those who don't already have it. Cyberattacks are so common and costly that insurance companies are starting to balk at issuing policies. The numbers don’t pencil out because their payouts may exceed the premiums they charge.

So, providers are cutting back on the number of insurance policies they write—and growing more selective in choosing the companies they will insure. Now, many companies are denied cyber insurance because they don’t meet increasingly stringent requirements—including effective cybersecurity solutions and a well-thought-out data backup and recovery plan. Putting these defensive and disaster recovery measures in place can go a long way toward convincing an insurer that your company does not present a significant risk.

Like all businesses, retail organizations should look for a data backup, recovery, and immutable storage solution that continuously safeguards your data by taking snapshots every 90 seconds. Immutable backups can’t be altered or deleted, so cyber criminals can’t overwrite them, and your data can always be recovered.

3. Put Your Trust in Zero Trust  

As a retailer, you already face a heavy security burden. You’ve got to protect your organization from both external and internal threats. You must ensure your employees follow security protocols and that your customers are not really hackers out to harm you. But you also need to make it easy for your customers to shop or risk losing them to a competitor. And you’ve got to protect customer data, like credit card numbers.

That’s where zero trust comes in. Zero trust is an increasingly popular cybersecurity approach that can help you handle that security burden. The zero-trust model assumes all users are unauthorized and only grants permission to let them perform specific tasks and operations and nothing more. With zero trust, these permissions are immediately revoked once the activity or transaction is complete.

Zero trust also protects your backups, and the good news is that implementing it for backups can be accomplished simply by expanding your existing network security measures. By adding this extra layer of security, you can minimize damage to your organization if a data breach or cyberattack occurs because, even if determined cybercriminals access your database and get hold of usernames and passwords, they likely won’t be able to penetrate your zero trust defense layer.

Make Fighting Ransomware Your Resolution for the New Year

There’s a lot that goes into building an effective defense against ransomware. Arcserve technology partners offer expert help, guiding you as you put the right solutions in place for your retail business. To learn more about Arcserve's immutable storage solutions, check out our free demos on demand.