Coming off of a record breaking holiday season with 2022 pre-Christmas sales hitting a whopping $74.5 billion, the Australian retail sector is undoubtably on a high.

With little fanfare in regard to cyberattacks during this period, it is easy for small and midsize businesses (SMBs) to let their guard down. However, it’s important for them not to forget that just prior to the start of the holiday season the Australian Cyber Security Centre (ACSC) reported a 14 per cent rise in cybercrime among SMBs, with SMBs losing an average of A$39,000 ($24,540) per incident.

Research from OpenText Cybersecurity further confirms that SMBs are an attractive target for threat attackers. Nearly half (46%) of SMBs reported having experienced a ransomware attack. Meanwhile, 66% of survey respondents cited they are not confident or only somewhat confident that they can fend off a ransomware attack. Budget constraints and small security teams were listed as the primary roadblocks.

With the New Year underway, it’s important that SMB retailers remain vigilant and strengthen their cyber resilience to looming threats.

To ensure cyber resilience, organisations must deploy strong multi-layered security and data protection policies and technologies to prevent, detect and respond, and quickly backup and recover from threats.

Six steps to cyber resilience

The impact on business continuity from cyber incidents makes it critical for retailers to be proactive. While reducing cyber risk doesn’t guarantee there won’t be a creaky back door for malicious actors to slip in between, it decreases the opportunities for an attack and can accelerate the retailer’s recovery rate.

There are six steps retailers can leverage when creating a multi-pronged cyber framework to achieve cyber resiliency.

Identify and Protect

With retailers’ data coming from brick-and-mortar stores and e-commerce websites, it places a greater emphasis on the need for IT teams to scan the entire IT footprint. These regular scans should include endpoints, servers, and cloud, which will enable retailers to identify suspicious activity.

Detect and Respond

While prevention is the name of the game to reduce cyber risks, something can be said about malicious actors – they are persistent. If they are met with a closed cyber door, they will try another. For retailers to strengthen the locks to their cyber doors, the reliance on threat intelligence is essential. Threat intelligence can notify the retailer’s IT team of a cyberattack attempt. In a situation such as this one, having a response plan will reduce panic across the business. 

Recover and Educate

In many cases, a malicious actor will create their own cyber backdoor to infiltrate a retailer’s system and collect information to hold for ransom. If a business does experience a ransomware attack, this is where having a back-up solution becomes useful as it can be used as a lifeline to business continuity. Encouragingly, OpenText Cybersecurity’s research found 92 per cent of businesses use cybersecurity solutions to protect their business and over half use backup solutions.

While security and data management technology can help mitigate a ransomware attack, a retailer’s first line of defense is their employees.

Security awareness training empowers employees with the knowledge to recognise phishing scams. Effective cybersecurity awareness training combined with technology can significantly boost a business’s security posture and steer retailers towards greater cyber resilience.

Grayson Milbourne is security intelligence director at OpenText Cybersecurity.