• Home
  • Blog
  • Facebook
  • LinkedIn
  • Twitter
Menu

Peter Cavicchia

Street Address
City, State, Zip
Phone Number

Your Custom Text Here

Peter Cavicchia

  • Home
  • Blog
  • Facebook
  • LinkedIn
  • Twitter

Retail Companies Should be on High Alert for Ransomware

August 29, 2021 Pete Cavicchia
ransom.jpg

Out of all of the sectors of our global economy that should be especially vigilant about cybersecurity threats, the retail industry ranks toward the top. A recent global survey from Sophos showed that ransomware attacks have been on the rise for retail companies. During the past year-and-a-half, the COVID-19 pandemic gave hackers the perfect environment of chaos to wreak havoc.

For the survey, Sophos reached out to 5,400 IT professionals — 435 retail IT managers among them — throughout 30 countries. The participants extended from North and South America, Asia-Pacific, Europe, Central Asia, Africa, and the Middle East, according to Cybernews.

The survey shows that 44 percent of retail and education organizations were victims of these cyberattacks.

‘An attractive target for cyberattack

“The retail sector has always been an attractive target for cyberattacks, with its complex, distributed IT environments, including a multitude of connected point-of-sale devices, a relatively transient and non-technical workforce, and access to a wide range of personal and financial customer data,” said Chester Wisniewski, a principal research scientist at Sophos, in a Sophos release cited by Cybernews. “The impact of the pandemic introduced additional security challenges that cybercriminals were quick to exploit.” 

A lot is on the line when it comes to these attacks. The average amount it costs for a retail company to respond to — and attempt to undo the damage caused by — these ransomware attacks totals a high $1.97 million. For reference, the average cost across all industries highlighted by the report was $1.85 million.

The nature of what was stolen is also significant and should give pause to any retailer who has yet to implement proper cybersecurity defenses across their systems.

About 54 percent of the retail companies said the ransomware hackers succeeded in encrypting their data. Beyond this, 32 percent who reported this data was encrypted ultimately paid the high ransom requested.

A lot at stake

An average ransom payment for these companies was $147,811. Even more crushing for retailers was that even paying these high ransom bills failed to regain all that was lost. On average, companies that paid a ransom only got back about 67 percent of the stolen data.

Only 9 percent of these businesses got all of their stolen encrypted data back.

Sophos’s Wisniewski said it wasn’t completely negative news for retailers.

“While enabling, managing, and securing IT during the pandemic increased the overall IT workload for three-quarters of retailers – the sector was also the most likely — at 77 percent — to see a positive return in terms of enhanced cybersecurity skills and knowledge,” he added.

Essentially, this current era of intense cybersecurity awareness can ultimately ensure retail companies are in a better position than they were in before. If they put the protection of their data at the forefront, they will be better equipped to handle the demands of the ever-complex demands of 21st century data protection and security.

Tags Sophos, ransomware, ransom payments