When it comes to ransomware, retail is the second most targeted industry in 2021, said Sophos recently.
According to the company’s The State of Ransomware in Retail 2022 report, 77% of organisations were hit in 2021. The number is a 75% rise from the 44% hit rate in 2020.
The most targeted industry by ransomware in the said period was media, leisure, and entertainment. The cross-sector average attack rate is 66%, the report says.
Survey highlights
- As the percentage of retail organisations attacked increased, so did the average ransom payment.
- In 2021, the average ransom payment was $226,044, a 53% increase when compared to 2020 ($147,811). However, this was less than one-third the cross-sector average ($812K).
- While the retail sector was the second most targeted industry, the perceived increase in the volume and complexity of cyberattacks against the industry were slightly below the cross-sector average (55% and 55% respectively)
- 92% of retail organisations hit by ransomware said the attack impacted their ability to operate and 89% said the attack caused their organisation to lose business/revenue
- In 2021, the overall cost to retail organisations to remediate a ransomware attack was $1.27M, down from $1.97M in 2020
- When compared to 2020, the amount of data recovered after paying the ransom decreased (from 67% to 62%), as did the percentage of retail organisations that got all their data back (from 9% to 5%).
Recommended best practices
In the light of the survey findings, Sophos recommends the following best practices for all organisations across all sectors:
- Install and maintain high-quality defenses across all points in the environment. Review security controls regularly and make sure they continue to meet the organisation’s needs
- Proactively hunt for threats to identify and stop adversaries before they can execute attacks – if the team lacks the time or skills to do this in-house, outsource to a Managed Detection and Response (MDR) team
- Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open RDP ports, for example. Extended Detection and Response (XDR) solutions are ideal for this purpose
- Prepare for the worst, and have an updated plan in place of a worst-case incident scenario
- Make backups, and practice restoring them to ensure minimal disruption and recovery time
