Ransomware attacks are up over the last year 77% of retail organizations were hit by ransomware in 2021, up from 44% in 2020, demonstrating that adversaries have become considerably more capable of executing attacks at scale.
The retail industry was the second most targeted industry by ransomware attacks last year of all sectors surveyed after the media, leisure, and entertainment industry. A hit by ransomware was defined as one or more devices being impacted but not necessarily encrypted. As the percentage of retail organisations attacked by ransomware increased, so did the average ransom payment. In 2021, the average ransom payment was $226,044, a 53% increase when compared to 2020 ($147,811).
These are the findings from an independent, vendor-agnostic survey – The State of Ransomware in Retail 2022 – commissioned by Sophos of 5,600 IT professionals in mid-sized organizations across 31 countries, including 422 respondents from the retail sector.
The Sophos’ annual study of the real-world ransomware experiences has revealed an ever more challenging attack environment together with the growing financial and operational burden ransomware places on its victims. Over the last year, 55% of retail respondents reported an increase in the volume of cyberattacks, 55% reported an increase in attack complexity, and 51% reported an increase in the impact of attacks on their organization.
“Retailers continue to suffer one of the highest rates of ransomware attacks of any industry. With more than three in four suffering an attack in 2021, it certainly brings a ransomware incident into the category of when, not if,” said Chester Wisniewski, principal research scientist, Sophos.
Additionally, 92% of retail organizations hit by ransomware said the attack impacted their ability to operate and 89% said the attack caused their organisation to lose business/revenue. Organisations, therefore, need to augment security using layered defenses and the right tools with appropriately trained security experts to help manage their efforts.
There are also costs to remediate a ransomware attack as well as uncertainty over the amount of data recovered after paying the ransom.
It is, therefore, imperative for organisations to harden their IT environment and improve their cybersecurity posture. The security controls need to be reviewed regularly and make sure they continue to meet the organisation’s needs. However, the limited resources and the lack of required skillset as well as complex compliance requirements makes cybersecurity a tough cookie to crack.
Vulnerability Management as a Service, or VMaaS, aims to tackle this. At Simplex, our VMaaS is a technology agnostic, automated, and context aware managed service that helps organisations achieve compliance and improve overall security posture.
Photo by GuerrillaBuzz Blockchain PR Agency