Ransomware is a real threat to retail: Here’s how to defend against it

Print Friendly, PDF & Email

Retail has been under attack from cybercriminals for years. The bad news is that things are as bad as they’ve ever been. The number of ransomware attacks was up 150% in 2020, with total ransoms paid increasing by over 300%. For many businesses, the COVID-19 pandemic required a rapid increase in the pace of digital transformation, as well as a switch to ecommerce as lockdowns curtailed in-store activity. And the criminals were there on opening day, looking for ways to exploit any vulnerabilities.

You might think that discussion of ransomware – a type of cyberattack in which a business’ data or systems are breached and held hostage – has been a bit overdone. But the threat remains. These attacks can take systems offline or render data inaccessible until the victim pays a hefty ransom. It’s difficult to overstate the importance of protecting against such attacks.

Cybercriminals aren’t letting up the pressure.

In January, multi-million dollar retailer FatFace was hit by an attack that locked them out of systems, with customers' details as well as employees' bank account and national insurance numbers being accessed. Such attacks are costly in more ways than one – in FatFace’s case, the Conti ransomware gang was talked down from an $8 million ransom to accepting a $2 million payout. The public nature of such attacks can also cause reputational damage that lasts long after the threat is neutralized.

Retail businesses have a huge attack surface area to secure: Many have multiple locations, ecommerce sites, and publicly accessible systems, such as kiosks, as well as POS systems, and complex supply chains to secure. This leaves criminals with multiple potential points of entry to exploit and, once in, they can withhold data, take websites and applications down, and hold data to ransom.

So, when is the right time to protect yourself from and fight against ransomware? The answer is simple: before it happens.

The good news is you can make a difference.

Barracuda can help you protect your organization from ransomware attacks, with support over three key steps to prevent cybercriminals from gaining access to and encrypting data or taking your systems offline:

  1. Secure your email and train staff. Email is the most common way for cybercriminals to get into your organization. This could be through infected links or via more sophisticated spear-phishing attacks that aim to steal credentials. Criminals can also use any of these 13 common ways to compromise your IT security via email. Implementing the right email protection can protect your organization from both external attacks and internal emails that have already been compromised. Train your staff to recognize these attempts – employees can and should be your first line of defense against ransomware.
  2. Protect your applications. Ecommerce web applications are a top vector for attackers and can be used to spread ransomware through supply chain attacks. Once an application is hacked, the ransomware can spread laterally across your entire network. Protecting your applications prevents this, saving a lot of the agony that would ensue if your applications became compromised.
  3. Prepare yourself for an attack. The best way to prepare for a successful attack is to back up your data – including data from cloud-based applications. Encrypt and keep copies of all your data in multiple locations, with restricted access and multifactor authentication.

These steps can knock back attackers. And if an attack succeeds, this approach can limit the damage and speed up your recovery. Assume that you will be targeted, and protect yourself against ransomware now, before it happens. For more in-depth information, read our ebook, Ransomware protection in the retail industry.



Scroll to top