The start of the peak shopping season is upon us again. Unfortunately, the season also means a greater likelihood of cybercriminals targeting retailers, thanks to the growth of online shopping. Independent research from Arcserve found that over half (54%) of retailers were targeted by ransomware in the past 12 months. About a quarter of the attacks resulted in compromised data, while a quarter confirmed paying ransom.
Retailers are a high-value target for attackers, given the appeal of their customer information —credit cards, birthdates, and so on. If an attack is successful, the resulting costs of downtime can be devastating.
But the damage goes beyond downtime, with Arcserve’s research finding that 59 percent of consumers would likely avoid doing business with an organisation that had experienced a cyberattack in the past year. That same research found that over one-third of respondents would switch to a competitor after just 24 hours if an organisation can’t provide consumers with access to their information or the ability to make a transaction. That could spell a massive amount of lost business.
Retailers underprepared for holiday cyber attacks
Worrying findings from the same research shows retailers lack preparedness and confidence in data backup and recovery strategies. Here are some immediate steps for retail organisations to step up their defences and protect sensitive customer and business data.
- Review and update disaster recovery plans – A well-thought-out disaster recovery plan is crucial to determine how a business will recover from any ransomware attack, cyberattack, hardware failure, or natural disaster. Yet Arcserve research reveals that over half (57%) do not have well-documented or updated disaster recovery plans. Retail organisations need to establish recovery time objective (RTO) and recovery point objective (RPO), key metrics that indicate how much time they can afford to be offline (RTO) and how much data they can lose before the effects become too great (RPO).
- Invest in data resilience – The vast majority (72%) of retail respondents do not have specific data resilience goals within their data and backup strategies, which are critical in order to minimise potential losses. Retailers should look for a data backup, recovery, and immutable storage solution that continuously safeguards valuable data by taking snapshots every 90 seconds. Immutable backups can’t be altered or deleted, so cyber criminals can’t overwrite them, and data can always be recovered.
- Test recovery procedures – A solid disaster recovery plan includes regular testing of backup images so issues can be identified and fixed before they become problems. Test the plans to ensure seamless and orchestrated recovery when it matters most. Far too many companies skip testing, but it’s the only way to be fully confident in your ability to recover.
- Put your trust in zero trust – Make it easy for your customers to shop by protecting customer data. The zero-trust model assumes all users are unauthorised and only grants permission to let them perform specific tasks and operations and nothing more. With zero trust, these permissions are immediately revoked once the activity or transaction is complete. Zero trust also protects important backups and implementation can be accomplished simply by expanding existing network security measures. By adding this extra layer of security, retail organisations can minimise damage in the event of a data breach or cyberattack because even if determined cybercriminals access your database, they won’t be able to penetrate the zero trust defence layer.
Retail organisations can’t afford to be caught off guard this holiday season and should urgently overhaul their disaster recovery plans to match the ever-evolving cyber threat landscape.
Data resilience is a non-negotiable business requirement with clear, measurable objectives. Don’t wait for a crisis to test your recovery protocols; make it a regular practice, akin to a fire drill. By taking these steps, retailers do more than protect their bottom line – they retain the trust of their customers.
Karl Thomson is director APAC at Arcserve.