Security Market Segment LS
Wednesday, 11 August 2021 11:36

Retail sector hit hard by ransomware, data-theft extortion attacks Featured

By Staff Writer

The retail sector became a top target for ransomware and data-theft extortion attacks during the pandemic in 2020, according to global cybersecurity company Sophos.

In its State of Ransomware in Retail Sophos says the results show how retail organisations became a prime target for ransomware during the COVID-19 pandemic, when many retailers started trading online for the first time simply in order to survive, while others saw a huge increase in their web traffic and online transactions.

The survey findings reveal that retail organisations were particularly vulnerable to a small but growing new trend - extortion-only attacks - where the ransomware operators don’t encrypt files but threaten to leak stolen information online if a ransom demand isn’t paid.

More than one in ten (12%) retail ransomware victims experienced this, nearly double the cross-sector average of 7%. Only central government, at 13% was more affected.

 Other key research findings include:

  • Retail, together with education, faced the highest level of ransomware attacks during 2020, with 44% of organisations hit (compared to 37% across all industry sectors)
  • The total bill for rectifying a ransomware attack in the retail sector, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid, and more, was US$1.97 million on average – compared to a cross-sector average of US$1.85 million
  • Over half (54%) of the retail organisations hit by ransomware said the attackers had succeeded in encrypting their data
  • A third (32%) of those whose data was encrypted paid the ransom. The average ransom payment was US$147,811 (lower than the global average of US$170,404.) However, those who paid recovered on average only two-thirds (67%) of their data, leaving a third inaccessible; and just 9% got all their encrypted data back

“The retail sector has always been an attractive target for cyberattacks, with its complex, distributed IT environments, including a multitude of connected point-of-sale devices, a relatively transient and non-technical workforce, and access to a wide range of personal and financial customer data,” said Chester Wisniewski, principal research scientist at Sophos.

“The impact of the pandemic introduced additional security challenges that cybercriminals were quick to exploit.

“The comparatively high percentage of targets hit with data-theft based extortion attacks is not entirely surprising. Service industries such as retail hold information that is often subject to strict data protection laws, and attackers are only too willing to exploit a victim’s fear of fallout from a data breach in terms of fines and damage to brand reputation, sales and customer trust.

“It’s not all bad news for retail IT managers, however. While enabling, managing, and securing IT during the pandemic increased the overall IT workload for three quarters of retailers – the sector was also the most likely (at 77%) to see a positive return in terms of enhanced cybersecurity skills and knowledge.

“To secure retail IT networks against ransomware and other cyberattacks, we advise IT teams to focus resources on three critical areas: building stronger defenses against cyberthreats, introducing security skills training for users including part time and temporary staff, and, where possible, investing in more resilient infrastructure,” Wisniewski concluded.

The Sophos State of Ransomware in Retail, 2021, survey polled 5,400 IT decision makers, including 435 retail IT managers, in 30 countries across Asia-Pacific and Central Asia, Europe, the Americas, the Middle East, and Africa.

 The full “State of Ransomware in Retail” report is available here


Subscribe to ITWIRE UPDATE Newsletter here

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments