While the consuming public was busy scouring shopping malls, Main Street and the internet for bargains during the 2022 holiday season, cybercriminals were shopping, too—for opportunities to exploit vulnerabilities in retailers’ IT and communications infrastructure. Those vulnerabilities fueled a 41% increase in ransomware attacks in November 2022, with consumer cyclicals (retail) the most common target, according to analysis from NCC Group’s Global Threat Intelligence team.
This comes on the heels of a 75% increase in the rate of ransomware attacks on retailers over the last year, according to Sophos. All told, more than three-quarters (77%) of retail organizations were hit by a ransomware attack in 2021, up from 44% the prior year. Just 28% of retail respondents said they were able to stop an attack before data could be encrypted, and about half (49%) paid the ransom to restore data. On average, a data breach cost the retailer victim $3.27 million in 2021, according to Security Intelligence. And there’s little sign of relief, as many observers expect the onslaught to continue into 2023.
While costly retail ransomware attacks, credential phishing, DDoS attacks and other forms of cybercrime tend to be more frequent during the holidays, cybercriminals never rest. Nor should retailers in the effort to protect their digital infrastructure, customer data and other assets. With that in mind, here are four cybersecurity strategies they should be considering in 2023:
1. Upgrade the Communications Network
Increased network resiliency, reliability, cost-efficiency, scalability and support for multichannel engagement with customers are among the many reasons to consider moving on from aging legacy network and communications systems to a more modern system.
Security is another. In fact, security was identified as the most important parameter by retailers that decided to shift to a cloud-based software-defined wide-area network (SD-WAN). A 2022 analysis from Frost & Sullivan found that 53% of the retail organizations surveyed have deployed (and/or are expanding to new locations and/or are upgrading) an SD-WAN solution at their branch locations. SD-WAN incorporates multiple layers of security to guard a retailer’s data and systems from cyberattacks.
For retail organizations, moving the network to the cloud should occur only after developing a detailed cloud-migration plan and conducting thorough due diligence to identify the right provider to support you during and after the transition process.
2. Look Seriously at SASE
SD-WAN provides the network framework to deploy an increasingly popular multilayered security strategy known as SASE, or Secure Access Service Edge.
In a 2022 research study published by CIO, the vast majority of retailers (98%) said convergence of network and security is critical or very important. SASE’s combination of networking and security offers a strong endpoint protection that retail networks should consider. SASE solutions deploy such layers as firewall as a service (FWaaS), secure web gateways (SWGs), a cloud access security broker (CASB), zero trust network access (ZTNA), data loss prevention (DLP), next-generation anti-malware (NGAM) and an intrusion prevention system (IPS).Together, these strategies make SASE perhaps the most effective available cyber-defense for retailers, forming a unified connectivity framework built to intercept, inspect, secure and optimize all traffic across a network. This enables retailers to scale in step with the vast amounts of data they’ll be processing and storing throughout the season.
As powerful a security solution as SASE can be, it isn’t for everyone. Some retail organizations may be better suited to a narrower approach. Our recommendation: Consult an independent cybersecurity expert to assess your organization’s needs.
3. If SASE Seems Too Large of a Commitment, Take Other Measures Instead
Even without SASE and SD-WAN, there are other more targeted actions retailers can take to protect themselves from looming threats. A third-party DDoS mitigation service is one measure to consider to thwart distributed denial of service attacks. FWaaS and CASB also help prevent attackers from using data breaches and malware to access and compromise cloud resources and applications. An independent security expert can work with your IT team to determine exactly which measures are most appropriate for your organization.
4. Consider Cyber Insurance as a Financial Safety Net
A vast majority of retail enterprises—88% of those that Sophos surveyed—reported having cyber insurance coverage against ransomware. While it can be useful to have, it’s no panacea, Sophos notes. “Most retail organizations are choosing to reduce the financial risks associated with such attacks by taking cyber insurance. For them, it is reassuring to know that insurers pay some costs in almost all claims. However, the sector has one of the lowest ransom payout rates by cyber insurers.” What’s more, it’s getting harder for retailers to secure coverage. “This has driven almost all retail organizations to make changes to their cyber defenses to improve their cyber insurance positions.” SASE and SD-WAN are among the upgrades that could enable them to secure cyber insurance with more favorable terms.
Because cyber insurance can be a complex product, here again I suggest consulting an expert to help you determine whether your organization could benefit from it, and if so, what type of coverage would be appropriate.
With defenses like these in place for 2023, retailers can focus on the business at hand without worrying as much about ransomware attacks and other threats that lurk around every corner of the retail digital landscape.