‘Tis the Season for Retailers to Prepare for Cyberattacks


With the exponential growth of online shopping, retailers have become a primary target of cybercriminals. A ransomware attack hit 44% of retail organizations in 2020, and many paid a very high price. The average cost of recovery from a ransomware attack in the retail sector was nearly $2 million, according to the State of Ransomware in Retail 2021 report by Sophos. The costs included downtime, people time, device cost, network cost, lost opportunity, and ransom paid to recover encrypted data—an average payment of $147,811. Ouch.

As we approach Black Friday and the year’s busiest shopping season, the bad-actor community is gearing up to launch a new wave of attacks, which is not jolly news for retailers. It will be a make-or-break season for many. Now they face the possibility that a cyberattack could put them out of business even if sales go well.

This piles pressure on retailers to secure their data and protect the personal information of their customers. If you’re a retailer, here are four ways you can keep the bad guys at bay and have a happy and profitable holiday season.

1: Get the right data storage

Retailers need to manage and protect a lot of data, from credit card numbers to email addresses to invoice information. The list goes on and on. Having the right data storage solution enables you to protect that critical data, even if you’re a victim of a ransomware attack.

Your organization should look for an immutable data storage solution that safeguards information continuously by taking snapshots every 90 seconds. You can still recover your information even if ransomware does sneak through and your data is overwritten. Because these snapshots are immutable, there will always be a series of recovery points, ensuring that your data will be safe.

2: Strengthen your weakest link

Firewalls, endpoint protection, email security, etc., are all crucial. But backup and recovery are also a critical part of the overall IT security solution. And if it’s not done correctly, it will be your weakest link. Having a comprehensive backup and recovery plan lets you protect your data if disaster strikes—not just a cyberattack but also basic incidents like a power outage, snowstorm, or hardware failure.

Your backup and recovery plan should include a simulation of business disruption to assess your strategy. It should also include regular testing of your backup images so you can resolve potential issues before they occur. Retailers with a recovery plan are more likely to escape maximum damage and permanent data loss.

When it comes to data protection, you should hope for the best and prepare for the worst. Having a solid plan in place can ensure your business remains at the top of its game during the all-important Black Friday and holiday shopping season.

3: Understand that not all data is created equal

Data tiering is critical for retailers. The approach involves moving less frequently used data, or less vital data, to lower storage levels for cost, recoverability, and availability. The premise is that not all data is created equal, so it’s essential to have different sets of policies based on how critical the data is and how quickly you need to access or recover it.

Yes, it’s good to have your quarterly results at hand. But if you lose access to that information for a few hours or days during the height of the shopping season, it won’t hurt your sales. However, if your business’ price list is compromised or your delivery addresses are not accessible, it could have an immediate and profound impact on your business. That’s why it is so important to prioritize your data and understand the value of each piece of data.

4: Protect your data in the cloud

Many retailers operate in the cloud. They need to realize that cloud security is a shared responsibility between them and their cloud provider—and that the sharing is not divided entirely equally. The retailer is primarily responsible for protecting their data in the cloud, not the service provider.

Top-tier providers like Microsoft Azure, Google Cloud Platform, and AWS typically secure the core infrastructure. But when it comes to securing data, that responsibility falls squarely on the shoulders of customers. Retailers who fail to grasp this simple fact are much more likely to suffer a data loss.

You should be aware of your responsibility, ensure that you have the proper protections in place, and regularly test your ability to recover from data loss if it happens.

You can have the best technology from a prevention standpoint. But even with the best technology, the bad guys can still get down your chimney and cause havoc. Take the four steps above, and you can ensure that they won’t get your most precious gift: your data.

 Credit: Florian Malecki, VP International Marketing for Arcserve.

Visual Merchandising The Ultimate Guide