Retailer’s Need to Up Their Data Security Game This Year on Black Friday & Cyber Monday

Black Friday and Cyber Monday mark two of the most important events for retailers in the United States, if not the world. In fact, November and December have historically accounted for nearly a third of the retail industry’s annual sales. However with cybercrime, particularly ransomware, growing in 2021 by as much as 900% IT professionals in the retail industry have no choice but to up their game. 

Of course, the retail industry has been chief among those to feel the ransomware pain. According to Sophos’s State of Ransomware in Retail 2021 Report, approximately 44% of retail organizations were hit by a ransomware attack in 2020, and more than half of those affected (54%) said cyber criminals had succeeded in encrypting their data. The research also indicated that 32% of retail organizations whose data was encrypted paid the ransom to get their data back. The average ransom payment was US$147,811 – lower than the global average of US$170,404.

I got some commentary from Surya Varanasi, CTO, StorCentric and JG Heithcock, General Manager (GM), Retrospect, a StorCentric Company on this topic. First up is Surya Varanasi:

Surya Varanasi, CTO, StorCentric:

“According to Salesforce, the 2020 holiday season broke records and online sales in 2021 are expected to continue to surge. Salesforce predicts ‘online sales will continue to grow, up to 10% in the U.S. and 7% around the globe. Put another way, between November and December, online shoppers will spend $259B in the U.S. and $1.2T globally. And thanks to better omni-channel experiences, you can expect shoppers to keep clicking ‘add to cart’ even past the shipping cutoff.’ While there is always a chance that ransomware will hit a smaller retail organization, the greatest likelihood is that it will target large organizations with operations, revenue and PII to protect, as well as the deepest pockets to pay. 

Our advice to these retail IT executives is to put aside traditional strategies and instead take their data protection and security to the next level — from basic to unbreakable. An Unbreakable Backup solution overcomes today’s most common cybercriminal strategy, which is to attack the backup first, and then come after the production data and operations. In this way, the retail IT executive loses their backup plan— excuse the pun — and is at the mercy of the ransomware demands. Instead, Unbreakable Backup creates an immutable copy of the data which cannot be deleted, corrupted or changed in any way. And it can do so for copies kept onsite, remotely and in the cloud. Then, it takes the admin keys and stores them in another location entirely — hidden from cybercriminals or even an insider threat. Once done, retail IT executives can rededicate their time to activities that ensure the optimum customer experience and premium sales, as well as safe, efficient and cost-effective back office operations.”  

JG Heithcock, General Manager (GM), Retrospect, a StorCentric Company: 

“Today’s mid-to-enterprise class retail organizations manage complex IT operations that depend upon numerous technologies, distributed across the HQ datacenter and each remote location, to provide customer-facing and back-office functionalities. This creates a vast attack surface for the would-be cybercriminal that only needs to be right one time to get in, versus the datacenter management team that must be right every time, every day, in every way. Today, it is not a matter of ‘if’ ransomware will get in, rather a question of ‘when?’

Consequently, while prevention and detection are critical, today’s top priority must be the recovery piece. Retail IT executives should choose a data backup solution that provides broad heterogeneous platform and app support. It should ensure automated backup protection across the entire IT environment from the central datacenter to remote offices to the edge and into the cloud. This feature is particularly important to retail organizations with numerous remote stores, which oftentimes do not have onsite IT expertise to ensure data and operations security and protection. Next, the backup solution must auto-verify the backup process. It should check each file in its entirety to make sure files match across all environments, which consequently ensures the ability to recover in the event of an outage, disaster or cyber-attack. And this one’s a deal-breaker — at least one backup must be immutable, unable to be deleted, corrupted or changed in any way, even if the ransomware has already infiltrated your organization, and integrated itself into the backup process.”

You should never, ever pay to get your data back from a ransomware gang. So hopefully a good backup strategy is part of an organizations defence against ransomware.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: