Close this search box.

GUEST COMMENT How retailers can mitigate the surge in ransomware attacks

Image: Fotolia

Retail ransomware is arguably the closest the public gets to seeing the devastation of cyberattacks. One day their local supermarket is normal; the next, it can’t process any card payments.

One week, children are enjoying their favourite snacks; the next, these products are nowhere to be found on the high street.

The increasing reliance of the retail industry on digital systems and supply chains to serve booming populations, mitigate inflating materials prices, and the strive for growth is a double-edged sword. When held to ransom by cybercriminals, the loss of business, customer loyalty, and even livelihoods becomes a real possibility, and we’ve seen this recently in attacks on KP Snacks and SPAR Supermarkets. The retail industry’s dependence upon data makes it a lucrative target for cybercriminals.

Protecting that data and preventing it from ransomware is critical. Here’s how retailers can stave off ransomware for good.

Thousands of entry points demands a zero trust attitude

Cyber attackers thrive on vulnerability. Since retail networks are highly connected, an attack vector can enter from any poorly protected endpoint across the entire business. It is therefore essential for retail organisations to take a bird’s eye view of the business and be aware of all entry routes for ransomware.

The possible points of attack are numerous in retail. The industry is currently experiencing a sharp increase in the amount of data it’s using. We’re also seeing a growing number of endpoints benefitting shoppers’ experiences: smartphones, computers, tablets, kiosks and more.

It’s not only the customer-facing parts of the modern retail business which are vulnerable. The IoT-enabled warehouse, the supply chain software, the partner(s) connected, or even the electric delivery van are all possible entry points for attackers. The software supply chain has been increasingly used as an attack vector across industries in recent years. This is because the potential impact and spread of a supply chain attack can be far greater than that of targeting an individual victim.

With so many potential ways into the system to access this growing pot of data, it really is a criminal’s playground. Retailers should start by exercising an attitude of Zero Trust – anyone who uses any of these systems should be verified on entry, and continually throughout use.

Revise the attackers’ handbook for retail ransomware

Cyber teams must be on the lookout and prepare for new crime techniques deployed specifically for retail.

One such technique is stealing cardholder data that flows between consumers and retailers. Access to such value data should therefore be tied to job functions like managers and third-party contractors. Equally, all endpoints through which it could be accessed should be carefully planned and monitored from a single console. This helps to avoid vulnerabilities posed by gaps in responsibility and ownership, whilst ensuring no extra strain is put on cyber teams.

Next, it is vital to check all system layers for hidden malware. Ideally, a team would do this on a preventative basis, though it can also be critical during a cyberattack. Without these checks, some breaches could go unnoticed for months, hidden amid the multitude of layers of retail software used by any one organisation. During that time, hackers can quietly explore the system and set up tactics to engineer the most effective cyber or ransomware attack possible.

Organisations should deploy a suite of cybersecurity technologies, to ensure no layer of the system goes unchecked, and there are no blind spots. Ordinarily, this might take weeks or months for a small team, but with artificial intelligence (AI), machine learning and the assistance of an outsourced Managed Services team, the job can be done in a fraction of the time and with superior accuracy. By sweeping the system regularly, teams can detect any deviations from the norm faster. Meanwhile, if a dormant threat is found, Incident Response teams can stop execution before it strikes. This wealth of experience allows retail organisations to focus on key security initiatives, rather than spending time and resources recovering from breaches or triaging alerts.

When ransomware attacks, all is not lost

The preventative approach to security is always the best route; prevent instead of reacting to a breach to best protect customers’ data, intellectual property, and the business. Nonetheless, for retailers without the right cybersecurity, all is not lost when an attack strikes. Suppose you have already been hit by a cyberattack. What is the right course of action?

Firstly, retailers should avoid paying ransoms – despite the urge to protect their businesses. There is no guarantee that paying ransom will result in data being released or decrypted. Cybercriminals don’t play by the rules. The more retailers pay ransoms, the more attackers will see the industry as an ideal target. Retailers must work as a community, stamping out the effectiveness of the threat by refusing to pay up.

Secondly, communicate calmly and with confidence. Report the attack and send out secure comms with critical event management solutions. This allows for streamlined preparation, response, and recovery from critical events and emergencies. In a crisis, these systems share clear and timely information with those who need it, keeping everyone safe and reducing the panic which ransomware instigators so commonly rely upon. It’s possible to recover data from a ransomware attack without paying the ransom, but the best approach to do so is to have cybersecurity solutions in place, constantly backing up data and securing the system to prevent and protect at every turn. If an attack strikes, communication is key – and your specialist security response team should be up there with the first to be alerted.

Pre-empt, Prevent, Protect

As retail environments evolve from traditional storefronts to robust digital businesses, this famously diverse industry is united in its vulnerability to modern threats.

To protect our local supermarkets and favourite snacks, it’s essential to protect the integrity of transactions, customers’ data, and retail networks. Take a preventative stance by ensuring you have no blind spots in your security posture. That includes exercising zero trust; no door is opened to data unless the person can prove themselves trustworthy.

If a disaster does strike, find the weakest link to your systems to begin patching any vulnerability, look to cyber experts for effective solutions when managing security to spot issues, understand the corrective action, and swiftly begin the recovery process.

The rampage of ransomware in retail can be set right – but it will take a whole industry reaction. While the trend remains, it’s even more important to prevent and protect now.


Keiron Holyome, vice president UK, Ireland, and Middle East, BlackBerry

Read More

Register for Newsletter

Group 4 Copy 3Created with Sketch.

Receive 3 newsletters per week

Group 3Created with Sketch.

Gain access to all Top500 research

Group 4Created with Sketch.

Personalise your experience on