Strengthening retail’s resilience against ransomware

November 18, 2022 Windstream Enterprise 6 min

Editor’s Note: The retail industry runs neck and neck with public education as the most targeted industry by ransomware fraudsters, and developing resilience to this type of cybercrime is paramount for today’s retailers. Ransomware is especially tough because retail organizations are multi-site and multi-channel with numerous entry points, have many non–tech savvy employees and operate with a single-minded customer focus.

Ransomware resilience begins with educating the C-suite and all organization employees on cyber threats and creating a plan of action in the event of a ransomware attack. Everyone in the organization should be aware of ransomware risks starting with the downtime from a breach, the impact of downtime, lost opportunities with customers, financial costs of attack and the all-important loss of customer confidence.

Today’s retailers must acknowledge the strong possibility of a future ransomware attack and develop a robust plan based on education, preparation and security.


The rising tide of ransomware attacks has resulted in the collective global loss of billions of dollars and untold brand damage. In retail, ransomware represents a unique set of challenges and risks to which retailers must become more resilient.

Organizations of every size and sector are experiencing a rising tide of ransomware attacks, resulting in the collective global loss of billions of dollars and untold brand damage. Leaders are learning firsthand the ways ransomware has become a scourge on smooth operations and financial well-being.

Nowhere is this more true than in retail, where ransomware represents a unique set of challenges and risks. For retailers, becoming more resilient in the face of ransomware is paramount.

Why ransomware presents significant challenges for retail

In contrast to most industries, retail organizations are multi-site and multi-channel in nature, which means there are many more points of entry for ransomware attacks. Retail operation also embodies an extraordinarily diverse set of endpoints, above and beyond traditional computer endpoints, such as item-level RFID-based packages and pallets, vehicle-mounted computers, handheld scan-based computers, smart shelves, IP cameras and more. It’s a massive surface to protect.

Additionally, retailers are challenged by the fact that many employees using technology devices and services are non-technical staff. In fact, that’s often a retailer’s weakest point—its own user base. Retail employees are there to sell the candy, clothes, or canned food, not be IT or InfoSec specialists. So retailers have the challenge of properly training a large number of full-time, part-time and seasonal staff, to ensure every employee is aware of any risks and how to avoid them.

Once retailers lose a customer—for any reason—that customer is likely to be gone for a long time.

But probably the single biggest factor that makes ransomware a challenge in retailing compared to other industries is retailers’ single-minded focus on the consumer. Retailers are well aware of what happens when a ransomware attack compromises consumers’ identity and other personal, private information. Once they lose a customer for any reason, that customer is likely to be gone for a long time. Even if the retailer does regain customers’ trust, doing so is an expensive re-acquisition effort; it’s well documented that regaining a lost customer costs many times more than acquiring a new one.

Add to all of these considerations a stark fact: Retailing is tied with public education as the industry most targeted by ransomware attacks. According to research from Unit42, the average business downtime caused by a ransomware attack in 2021 is 23 days, and the cost of downtime is estimated at 50 times the initial ransom demand.

How retailers can become more resilient against ransomware

First, it’s essential that retailers practice their responses to an attack. What you often discover in those exercises is that members of your executive team or board may need to be educated on cybersecurity technology and best practices.

Each employee in the retail organization must understand that they play a key role in promoting cybersecurity best practices.

This C-level education is important, but it’s also tough. There are a thousand things going across executives’ minds at any moment in time—strategy, operations, running the business. When you bring something as technical as cybersecurity to top leaders, they may simply shut down because of everything else on their minds. This is an important communication challenge to overcome. You can do it by speaking the language of business.

Beyond educating your leaders on good cyber hygiene, ensure they understand the impact of a ransomware attack on the business. That understanding helps to drive greater investment—figuratively and literally—because they know the true cost of a breach. One thing that all executives and board members understand is the concept of risk, so I like to lean into that bias by helping them understand their responsibility in the event of an incident. Once they see everything in a familiar risk context, they often instinctively ask, “What can I do to help you?”

It’s also important for leaders in your organization not to fall into a false sense of comfort and think the information security team or the IT organization has it all covered. It’s not. We are there to make sure the organization, employees, business partners and customers are protected. We are there to manage an incident when it occurs, and to do everything we can to spot problems before they pop up. But we cannot do it alone.

Everyone must be appropriately trained to understand ransomware and other cyber threats, and act appropriately. Each employee in the retail organization, from store operations and merchandising to shipping and receiving, must understand that they play a key role in promoting cybersecurity best practices and stopping ransomware from getting inside the walls. This kind of training should be delivered in small snippets and nuggets, short videos and email so you don’t lose the audience.

And repetition is key. Everyone needs to know what happens when they take a risky action like clicking on a spam email link, and how to report it when they discover a risk. In the event of a ransomware attack, there are critical decisions to be made, and a key job for security leaders is to ensure that the C-suite and the board are ready to act.

5 considerations for ransomware defense strategies

There are 5 key elements to understanding the impact of a ransomware breach on a retail organization.

What is the downtime that is going to occur throughout the organization at headquarters, in the stores and in the supply chain? If your point-of-sale system is down and you have hundreds or thousands of stores, there’s no way you can go to manual processing. Customers are going to leave the stores, and they may not come back for a long time. When everything takes place on a digital platform, the operational impact of downtime must be calculated before a breach even happens.

How long can we withstand the impact of downtime? Revenue will be lost; reputation will be damaged. Also, an attack is going to impact associates’ productivity, but we still have to pay these associates.

Lost opportunities with our customers. If you can’t service a customer, they’re going to your competitor. If they get great service there—and when your competitor discovers why the customer has left your store and gone to theirs, they will get great service—you’re going to lose that customer for a long time.

What are the bad actors asking for? Is it a nuisance attempt, maybe a small amount (initially)? Or are they asking for a million dollars? You’ll need to determine what will cost you more in the long run: paying the ransom now, or not paying the ransom?

Customer confidence is the key. Simply put, customers who are not confident that you will treat their personal information safely and securely will likely walk away. If you lose a customer’s confidence, you’ve lost the customer.

Retailers should acknowledge and accept that their organizations are likely to be confronted with a ransomware attack at some point in the future. While that doesn’t mean the attack will be successful, it means you have to operate with an understanding that you need to have a plan, you need to practice that plan, you need to train your employees, and you have to give your C-suite all the information they need to make the right decision for the organization.

This article was from CIO and was legally licensed through the Industry Dive Content Marketplace. Please direct all licensing questions to [email protected].

See how your organization can support this plan by engaging Windstream Enterprise to defend against ransomware.

Learn more

Key Takeaway
It’s important for retailers to acknowledge that their organizations are likely to be confronted with a ransomware attack at some point—and to be ready by implementing a plan, practice and training.

The network’s role in the retail customer experience