Sophos has released the State of Ransomware in Retail 2023, an insightful report based on a survey of 355 IT/cybersecurity professionals across 14 countries working in the retail sector. The findings reveal the reality of the ransomware challenge facing the sector.
Rate of attack and data encryption in retail
According to the 2023 study, the rate of ransomware attacks in retail has dropped from 77% to 69% year over year, contrary to the global cross-sector trend, which has remained constant at 66% over the previous two reports.
However, the rate of data encryption is now at its highest in three years, with almost three-quarters of ransomware attacks (71%) in retail resulting in data being encrypted. At the same time, the percentage of attacks stopped before data was encrypted continues to go down, with just one in four attacks (26%) stopped before data was encrypted.
In 21% of cases where data was encrypted, data was also stolen, suggesting that this “double dip” method (data encryption and data exfiltration) is becoming commonplace.
Root causes of attacks in retail
Exploited vulnerabilities (41%) were the most common root cause of the most significant ransomware attacks in the retail sector, followed by compromised credentials (22%). Furthermore, nearly one-third of retail respondents (32%) said email (malicious emails or phishing) was the root cause of attacks.
Data recovery and the propensity to pay the ransom in retail
97% of retail organizations got their encrypted data back, the same as the global average. To recover the encrypted data, 43% of retail organizations reported paying the ransom, while over two-thirds (68%) relied on backups – slightly lower than the cross-sector averages. Concerningly, the use of backups in retail decreased to 68% in the 2023 survey from 73% in the 2022 survey.
The proportion of retail organizations paying higher ransoms has increased from our 2022 study, with over two-thirds of retail organizations (68%) reporting payments of $1 million or more compared to 5% (with rounding) the year prior. Conversely, 6% paid less than $100,000, down from 70% in last year’s report.
Mitigating the ransomware risk
Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:
- Strengthen defensive shields, including:
-
- Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials
- Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
- 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider
- Optimize attack preparation, including making regular backups, practicing recovering data from backups, and maintaining an up-to-date incident response plan
- Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations
About the survey
Data for the State of Ransomware 2023 report comes from a vendor-agnostic survey of 3,000 cybersecurity/IT leaders conducted between January and March 2023, including 355 in the retail sector. Respondents were based in 14 countries across the Americas, EMEA, and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.