Sophos report: Retail bears the brunt of ransomware attacks

By: |
September 01, 2021 8:01 AM

The total bill for rectifying a ransomware attack in the retail sector, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid, and more, was $1.97 million on average—compared to a cross-sector average of $1.85 million.

ransomware attacksThe average ransom payment was $147,811 (lower than the global average of $170,404.)

The retail sector became a top target for ransomware and data-theft extortion attacks during the pandemic in 2020. According to the ‘Sophos State of Ransomware in Retail’ report, retail, together with education, faced the highest level of ransomware attacks during 2020, with 44% of organisations hit (compared to 37% across all industry sectors).

The total bill for rectifying a ransomware attack in the retail sector, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid, and more, was $1.97 million on average—compared to a cross-sector average of $1.85 million. Among the retail organisations hit by ransomware, over half (54%) said the attackers had succeeded in encrypting their data. A third (32%) of those whose data was encrypted paid the ransom. The average ransom payment was $147,811 (lower than the global average of $170,404.) However, those who paid recovered on average only two-thirds (67%) of their data, leaving a third inaccessible; and just 9% got all their encrypted data back.

“The retail sector has always been an attractive target for cyberattacks, with its complex, distributed IT environments, including a multitude of connected point-of-sale devices, a relatively transient and non-technical workforce, and access to a wide range of personal and financial customer data,” said Chester Wisniewski, principal research scientist at Sophos. “The impact of the pandemic introduced additional security challenges that cybercriminals were quick to exploit.

The comparatively high percentage of targets hit with data-theft based extortion attacks is not entirely surprising. Service industries such as retail hold information that is often subject to strict data protection laws, and attackers are only too willing to exploit a victim’s fear of fallout from a data breach in terms of fines and damage to brand reputation, sales and customer trust.

Company officials said, “To secure retail IT networks against ransomware and other cyberattacks, we advise IT teams to focus resources on three critical areas: building stronger defenses against cyberthreats, introducing security skills training for users including part time and temporary staff, and, where possible, investing in more resilient infrastructure.”

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, Check out latest IPO News, Best Performing IPOs, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1Dues recovery: lnduslnd Bank acquires 4.79% in McLeod Russel by invoking pledged shares
2JSPL wins Odisha’s Kasia iron ore mine
3RP-Sanjiv Goenka Group’s FMCG vertical forays into personal care