Australia’s retail sector, a key pillar of the country’s economy, is facing an increasing and potentially costly challenge: ransomware attacks.

These cyber assaults, where malicious software encrypts critical data and holds it hostage until a ransom is paid, are becoming an increasingly common occurrence, disrupting everything from online purchases to store deliveries.

The retail sector is a prime target for cybercriminals due to the large volume of data that retailers collect. This can be anything from customer identity and addresses to credit cards and bank account numbers. Such data is highly valuable on the black market.

Additionally, many retailers often have complex IT systems with legacy infrastructure, making them more vulnerable to attack.

Recent attacks highlight the problem

The past few years have seen a rise in high-profile ransomware attacks against Australian retailers.

In January this year, major car dealer Eagers Automotive suffered a significant ransomware attack. The attack caused system outages and halted sales. In the same month, The Iconic also reported a cybersecurity breach. 

In February, Australian point-of-sale software company GaP Solutions reported an attack.  The extent of the attack is unclear however it is understood the attackers threatened to leak sensitive data onto the dark web if a payment was not made.

Also, back in September 2023, Pizza Hut revealed that nearly 200,000 customers had their personal details exposed in an attack. The incident served to highlight the vulnerability of customer data in the food retail sector.

The causes of vulnerability

There are a range of factors that contribute to the heightened vulnerability of Australian retailers. Firstly, the sector continues to experience rapid digital transformation, with increased reliance on digital shopping and backend support services. This is creating a larger attack surface for cybercriminals to exploit.

Secondly, many retailers have limited cybersecurity budgets and expertise. Many firms tend to prioritise sales and marketing activities over IT security investments. This leaves them with outdated systems and inadequate security protocols.

Thirdly, the COVID-19 pandemic exacerbated the problem. With increased reliance on remote work and online commerce, the potential entry points for attacks grew. Additionally, the urgency of the pandemic may have led to relaxed security protocols in some organisations.

Boosting defences

Fortunately, steps can be taken to mitigate the risk of ransomware attacks. Some of the key preventative measures include:

Implementing a strong cybersecurity stack:
A cybersecurity stack comprises many tools and processes that are put in place to strengthen the security of the organisation. After understanding the risks retailers face, a stack targeted to reduce that risk to the lowest would be a priority for CISOs. One of the critical tools would be the Security Information and Event Management (SIEM), which help identify security incidents, offer real-time monitoring, correlation, and alerting capabilities by collecting and analysing security logs from multiple systems and applications.

Fostering a culture of security awareness:
Retail staff need to be aware of the ever-present cyber threat. Regular training on phishing scams, social engineering tactics, and safe credential practices can significantly reduce the risk of human error leading to an attack.

Enforcing strong password policies:
Implementing complex passwords and enforcing regular password changes are essential in preventing unauthorised access to systems. Multi-factor authentication (MFA) adds another layer of security.

Patching systems regularly:
Software vulnerabilities often provide a gateway for attackers. Implementing a rigorous system of identifying and patching vulnerabilities promptly helps to keep these entry points closed.

Conducting regular data backups:
Having a robust data backup system allows for swift recovery in case of a ransomware attack. Backups should be stored securely and disconnected from the main network to prevent them from being encrypted.

Collaboration is essential

The fight against cybercrime requires a multi-pronged approach. Retailers need to work collaboratively with cybersecurity experts to share best practices and develop robust defence strategies. Open communication and information sharing is crucial in identifying emerging threats and coordinating responses.

As the retail sector continues to embrace technology, cybersecurity needs to be prioritised. This requires investment in secure infrastructure, training programs, and skilled IT personnel.

By taking a proactive approach, retailers can build a more resilient IT infrastructure and ensure the continued operation of the sector in the face of evolving cyber threats. The result will be satisfied customers and stronger national economic growth.

Matthew Lowe is country manager for ANZ at LogRhythm.