CYBER SECURITYNews

Retail Industry was the Second Most Targeted Industry by Ransomware in 2021, Report


Retail had the second highest rate of ransomware attacks last year of all sectors surveyed after the media, leisure, and entertainment industry. This is according to a sectoral survey report by cybersecurity firm Sophos.

The State of Ransomware in Retail 2022 report found that globally, 77% of retail organizations surveyed were hit—a 75% increase from 2020.  This is also 11% more than the cross-sector average attack rate of 66%.

“Retailers continue to suffer one of the highest rates of ransomware attacks of any industry. With more than three in four suffering an attack in 2021, it certainly brings a ransomware incident into the category of when, not if. In Sophos’ experience, the organizations that are successfully defending against these attacks are not just using layered defenses, they are augmenting security with humans trained to monitor for breaches and actively hunting down threats that bypass the perimeter before they can detonate into even bigger problems. This year’s survey shows that only 28% of retail organizations targeted were able to stop their data from being encrypted, suggesting that a large portion of the industry needs to improve their security posture with the right tools and appropriately trained security experts to help manage their efforts,” said Chester Wisniewski, principal research scientist, Sophos.

As the percentage of retail organizations attacked by ransomware increased, so did the average ransom payment. In 2021, the average ransom payment was $226,044, a 53% increase when compared to 2020 ($147,811). However, this was less than one-third the cross-sector average ($812K).

“It’s likely that different threat groups are hitting different industries. Some of the low-skill ransomware groups ask for $50,000 to $200,000 in ransom payments, whereas the larger, more sophisticated attackers with increased visibility demand $1 million or more,” said Wisniewski. “With Initial Access Brokers (IABs) and Ransomware-as-a-Service (RaaS), it’s unfortunately easy for bottom-rung cybercriminals to buy network access and a ransomware kit to launch an attack without much effort. Individual retail stores and small chains are more likely to be targeted by these smaller opportunistic attackers,” said Wisniewski.

The report also found out that while the retail sector was the second most targeted industry, the perceived increase in the volume and complexity of cyberattacks against the industry were slightly below the cross-sector average (55% and 55% respectively). It notes that 92% of retail organizations hit by ransomware said the attack impacted their ability to operate and 89% said the attack caused their organization to lose business/revenue

In 2021, the overall cost to retail organizations to remediate a ransomware attack was $1.27M, down from $1.97M in 2020

When compared to 2020, the amount of data recovered after paying the ransom according to the report decreased (from 67% to 62%), as did the percentage of retail organizations that got all their data back (from 9% to 5%)

The report is available for download here.

Follow us on TelegramTwitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to info@techtrendske.co.ke 

Facebook Comments

LISTEN TO OUR 24BIT PODCAST

TechTrendsKE

We cover Technology and Business trends in Kenya and across Africa. For products reviews, tips, story ideas, guest posts or advertising inquiries, email techtrendske@gmail.com or info@techtrendske.co.ke.

Leave us a comment

Fallohide Africa: Re-writing Kenya’s Story through Virtual Reality
Back to top button