Cybercriminals are becoming increasingly smart and sophisticated. Now targeting people and organisations all over the world, their attack surface has grown immensely, and it shows. Over two thirds of retail businesses globally have experienced some form of cyber incident in the past year, according to recent research we conducted.
The reality: we are all targets.
We wanted to gauge what financial impact cyber incidents had on businesses over the past year, so we spoke to 4,303 companies worldwide, of which 473 were in the retail sector.
For Australian businesses, the financial impact was around $388,000 USD this year, down from around $483,000 in 2020. This takes into consideration the cost of hiring external consultants, improving infrastructure, training employees, insurance premiums, compensation, penalties or fines and hiring new staff.
Globally, the trend was very similar – decreasing to an average $927,000 financial impact in 2021 versus $1.09 million last year. This could be due to previous investments into prevention and mitigation measures coming into play and improving how they detect attacks, thereby minimising the impact of a breach.
However, the costliest cyber incidents for large businesses was data breach through suppliers, reaching $1.4 million for an enterprise and $212,000 for a SMB. This has become a cybersecurity blind spot for many organisations.
As business data can be distributed across multiple third parties including service providers, partners, suppliers and subsidiaries, companies need to consider not only the cybersecurity risks affecting their own IT infrastructure, but those that can come from outside it.
The good news – only 30% of the retail organisations surveyed had fallen victim to this form of breach. Encouraging too was the fact many retail businesses said they detected a data breach within a few hours or that same day.
More common cyber incidents targeting the retail sector were malware and targeted attacks, followed closely by ransomware and supply chain incidents. Just under a third also noted they had experienced an attack on their point of sale system.
Notably, employees’ inappropriate use of IT was the cause of 37% of cyberattacks on retailers. These businesses could have had the best, most secure systems in place, yet human error cost them.
Unsurprisingly therefore, a main security concern among retailers according to the research, was how best to ensure staff comply with security protocols. Other top concerns were a lack of threat intelligence and internal capabilities to detect and respond to complex security incidents.
Many organisations had implemented additional security policies and changed authentication procedures as a result of cybersecurity incidents, but what else can businesses do to protect themselves?
Here are a few recommendations:
- Educate all employees on basic cybersecurity hygiene, such as the importance of regularly updating software and not clicking on malicious looking links. If you have a dedicated IT team, encourage them to take up continuous learning opportunities. Developing their skills can ensure you are equipped to defend against even sophisticated attacks.
- Ensure your business is using the latest version of your chosen operating system, and enable the auto-update feature so the software is always up to date.
- Grade your suppliers based on the type of work they do and complexity of access they receive (such as whether they deal with sensitive data and infrastructure or not) so you can apply security requirements accordingly. Furthermore, if there is sensitive data or information being transferred, ask suppliers to share documentation and certifications to confirm they are able to work at such a level.
- Adopt security solutions that can reduce the risk of being exploited by cybercriminals and help you timely detect and remediate even new and evasive threats. If you do not have the necessary internal expertise, outsourcing advanced security tasks to established IT security specialists can also be a good option.
Now is the prime time to start understand how cybercriminals work – what tactics, techniques and processes they use – and ensure you have a robust cybersecurity strategy in place. Don’t wait until it’s too late – arm yourself now with the tools to detect, mitigate and respond, for a safer tomorrow.
Margrith Appleby is general manager of Kaspersky Australia and New Zealand.