Preparation: The best way to defend yourself against ransomware in retail

You might think the only one who should be concerned with potential ransomware attacks is your CIO— but think again. Ransomware threatens every part of your organization, and every retail leader should pay attention and prepare.

In ransomware attacks, bad actors lock a company out of its systems through encryption and demand payment to restore access. Cybersecurity Ventures predicts that by 2031, ransomware will cost victims $265 billion annually, and it will attack a business, consumer or device every 2 seconds.

High-profile retailers like Target and Forever 21 have been victims of ransomware in the past. Attackers found their way to Target’s systems through a third-party vendor in 2013, costing them $290 million. In 2018, bad actors used malware to gather credit card data from Forever 21’s POS system and the retailer later admitted it had not previously encrypted some of its POS devices.

Whether you’re an ecommerce retailer or have brick-and-mortar stores, attackers will try to find their way into your systems any way they can. But with the right prevention measures, you can stop trouble before it starts.

Four ways ransomware endangers your business

Retail is a prime target for ransomware attackers. According to Forrester analyst Allie Mellen, retailers are so attractive because they depend on consistent uptime to serve customers, making them among the most likely to pay the ransom to avoid disruption. Whether you pay the ransom or not, there are a host of costs involved:

1. Loss of funds for ransom itself. Though the FBI recommends not paying a ransom in the event of an attack, many companies do—at a big cost. In 2021, the average ransom payment was $226,044, a 53% increase from 2020 ($147,811).
   
   
2. Loss of data. Even when you pay the ransom, you’ll likely find that you’ll be missing vital data after you decrypt. In 2021, the average amount of data recovered after paying the ransom was just 62%—and only 5% of companies got all their data back. Depending on what data is lost, you still might not be able to operate normally after decryption.
   
   
3. Loss of revenue. Retail stores lose an average of $855 an hour when systems are down in stores. The cost can be even more devastating for online retailers, which rely solely on electronic systems for customer payments. More than half of companies say it would take days to get back to normal in the event of an attack—potentially meaning hundreds of thousands of dollars in lost revenue.
   
   
4. Brand damage. Of course, the longer your stores can’t operate as normal, the more your brand image can suffer. Putting their personal and financial data at risk will almost certainly cause customers to lose trust in your brand. More than half of customers will leave a brand after a single bad experience, and in today’s competitive retail industry, you can’t afford to lose that kind of business.

Prepare your team at every level

In case you fall victim to an attack, prepare your team by ensuring every employee is trained to recognize a ransomware attack and learns the best practices for what to do if one happens.

• C-Level: At the highest level of your organization, across every area of your business, you must lead by example. Be a strong voice in support of proper protections against ransomware and prepare yourself to make quick, informed decisions if an attack occurs. Review your company’s plans for before, during and after an attack to ensure that you know exactly the role you should play.
  
  
• Directors and managers: Ensure your mid-level leaders have the resources and training they need to take the right actions if an attack happens. Stress the importance of training both for them and for store-level managers to avoid letting attackers gain entry through store endpoints.
  
  
• Frontline workers: Ensure store-level employees know what a ransomware attack could look like in a store and the steps to take if something happens. Offer training on how to handle outages with customers in real time at the store to keep operations as smooth as possible.

Invest in the toughest security measures

To protect your customers—and your retail business—you need to ensure your company leadership makes security a top priority with a layered defense system.

• Support your CIO and their team in securing next-gen investments in threat protection to keep your data and systems safe from ransomware.
  
  
• Talk to your tech leaders about systems and policies in place to prevent attacks in the first place, like intrusion prevention and zero trust network access.
  
  
• Look for effective ways to consolidate the various components within your security stack into one fully comprehensive and cloud-native offering for easier management, an architecture that can work with your existing network environment without disruption.
  
  
• Ensure your team practices what to do if an attack occurs and takes the threat testing your IT team enacts seriously.

Create sufficient prevention measures and varied backups

In addition to robust prevention measures, you also need to think about damage mitigation. And that’s where your data backup strategy is crucial.

If your retail company is not one of the fortunate 5% to get all your data back, you’ll need backups to restore operations quickly—but you won’t be able to if you don’t have a documented backup plan.

Talk with your IT leaders to find out how your data is backed up, how often and whether it’s well isolated from the rest of your network so it’s protected from an attack. Ask about both full and incremental backups.

Full backups create copies of all your data and are done less often, while incremental backups only update the data that has changed since the last full backup was done. Having both protects your organization more thoroughly—a full backup can be supplemented with an incremental backup to restore data to the most current and complete version possible.

Preparation is protection

To protect your profits and brand image, every retail leader needs to take action to prepare themselves and their teams for possible ransomware attacks. Connect with your CIO to discuss what steps they’re taking to prevent and address ransomware—and what you can do to help.

Financial Services Industry Analyst

Bucky Porter

Bucky has more than 20 years of banking experience in roles such as regional branch leadership, technology consultant and senior lending officer. Prior to being a Financial Services Industry Analyst at Windstream Enterprise, Bucky led a large branch network, built the bank's small business banking sales strategy and worked on cross-functional marketing and product development at Simmons Bank.