Why ransomware is such a big risk to retail

Will Morrish
14 February, 22

2021 wasn’t easy for retailers. With the pandemic, lockdowns and enduring uncertainty, retailers have had to adapt to ever-changing circumstances. In many cases this has heralded an online migration at a faster pace than they may have been comfortable. It is a land of opportunity in the post-Covid world, but is not without its challenges. 

Cyber-attacks – especially ransomware attacks – have exponentially increased across all sectors, but our latest research has shown that retail is the second most targeted industry, second only to the tech sector. There are several reasons for this (and several solutions too). 

An enormous attack surface 

The first big problem with retailers is that they’re a big target. They’re unlike a typical enterprise in that they’re usually partially or fully online, so their digital footprint is inherently online and completely public.  

What makes this digital footprint ten times more accessible is that they are typically Business to Consumer (B2C). When you’re a consumer-facing organisation, there are a huge amount of additional risk factors. You need scale to look after a large volume of consumers and with that comes a customer services department, shipping, accounts etc. All of a sudden, you have a large amount of people internally and externally engaging with your company. 

This can be a problem for cybersecurity issues such as phishing. It also means a large group of people to deal with lots of delicate information. And having a huge workforce makes it a lot harder to educate staff on cyber-attacks and encourage cybersecurity awareness. 

The race to be digital 

As we’ve already covered, the pandemic changed the way retailers work dramatically. Retailers that shifted to eCommerce due to the pandemic had to almost move their entire stock online overnight – and this hasn’t helped from a cybersecurity perspective. 

It has meant that a retailer’s digital presence has grown to meet the need rather than through a thought out, pragmatic, and perhaps more secure approach. It does what it needs to (sell stock), but because it’s been carried out so quickly, it’s not been the most safe and secure move. 

The pressure from the pandemic hasn’t just resulted in retailers racing online. It’s clearly been a terrible year in finances for some of these organisations, and one consistent correlation is that the more you invest in cybersecurity, the less incidents your company will experience. 

So, cash-strapped organisations with no customers coming through the door, building staff for an online presence at an incredibly fast pace is less likely to invest adequately into cybersecurity, presenting yet another risk caused by the pandemic. 

The threat of ransomware 

Retailers also face problems with ransomware specifically. With ransomware, cybercriminals encrypt your systems which means you can’t run your business until you pay their ransom. This is applicable to all sectors and indeed all businesses face the threat of ransomware – but the problem is posed differently for retailers. 

The timing of an attack is a lot more strategic in this sector. Typical non-retail businesses are often consistently busy throughout the year with only minor lulls and peaks, this is nothing like retail.. During Black Friday and the Christmas period, retailers make a significant amount of their annual revenue. If they’re attacked with ransomware during this period, attackers know they’ve got a knife to that company’s throat. If they don’t pay the ransom, they’re going to miss out on the most important time of their year. 

This is exacerbated by the fact that operational capability and sales are the lifeblood of retail. Where in some business models one is more important than the other, both are equally crucial to a retailers’ success.  

In a B2B model for example, it doesn’t really matter if you can’t invoice for a few days. Your finance department won’t be too pleased, but you’ll still get paid eventually. For retailers, a sector that primarily follows a B2C model, if their systems are down for even half an hour and they can’t take card transactions, they have lost that income. As consumers, we will not wait for the retailers’ system to get back online – we just go back to the search engine to find what we’re looking for somewhere else. You’ll often see the headlines of when this happens with any retailer that has been hackd, and the vast sums that are lost during downtime. 

The problem doubled 

We’re seeing double extortion ransomware attacks more frequently too. This is where the data is encrypted, the ransom is paid and then the retailer is told that the attacker also has in their possession the retailer’s entire customer database. They are then told that if they don’t want this to be released, they will have to pay another ransom. Of course, you’re dealing with criminals here so there’s no guarantee that at any stage the data won’t be published, or your systems will be returned to you. 

Fortunately, retailers have options available to them that will lower the risk of an attack occurring and limit the impact if/when an attack does occur. 

Lower the risk 

It’s important for retailers to lower the risk of a cyber-attack as much as they possible can. They can do this through several strategies. 

First of all, protect your applications and infrastructure better. You can do this through patching and updates, and ensuring you’re using the right people, process & technology. 

Secondly, secure email. This is an area where retailers are highly exposed. Ensure staff are regularly trained on cybersecurity awareness, and use technology that will highlight and block areas of risk within organisations like Encore. Having full visibility on your risk, exposure and security coverage is incredibly important. 

Limit the impact 

As is clear in this article, retailers do not have the odds in their favour when it comes to cyber-attacks. In fact, for most organisations, it’s more a case of when will an attack than if. 

To limit the impact when an attack does occur, make sure you back up and encrypt your own data. Store good offline copies of your own data so that if the primary servers are encrypted, you have a backup to pull back from. 

Plan and prepare for an attack, monitor and defend against one and always have a plan B just in case (that’s B for backup). 

Cybersecurity expertise 

With external cybersecurity professionals, you will always be best placed to defend your organisation. They will advise, help to build and help to right-size your infrastructure, as well as fix what might not be in the best state. 

But importantly, they’ll run 24/7 cybersecurity operations. More than 70% of successful breaches are carried out outside of office hours. With online retailers and customers operating 24/7, this is needed in retail. Cybersecurity professionals can be the eyes and the ears on all operations to protect you at all hours. 

Related posts


Latest posts

19 April, 24
British fashion label AllSaints has joined the line-up at leading retail and leisure destination Silverburn, representing a fashion coup for the centre which has secured a raft of new names in recent months.