Yeah - sorry about that…did not see much messaging on this and we do protect some large retailers in fact. I only learned about this forum through the retailer that is our customer…
But as an educational front - (valid critique btw) there are key steps (no purchase required):
Recent articles in the mytotalretail give warning for retailers 'Tis the Season for Retailers to Prepare for Cyberattacks (mytotalretail.com)
Ransomware attacks hit 44 percent of retail organizations in 2020 and numbers are still being tallied for 2021. Many of these were partially successful and should be a rallying crew for increased cyber defense. The average cost of recovery from a ransomware attack in retail was approximately $2 million, per the State of Ransomware in Retail 2021 report by Sophos. These costs include downtime, device cost, network cost, lost opportunity, and ransom paid to recover encrypted data.
The following are some basics on how to mitigate ransomware attacks and other malicious behavior:
- Training – Have training for all levels of employees, contractors and the retailer supply chain. Understanding the modalities of phishing attacks (more than 50% of ransomware are due to phishing exploits) as well as basic cyber hygiene will protect the enterprise and your staff. Ongoing training should be in small doses, measured and tested to ensure knowledge and compliance with policies.
- Establish policies and compliance to regulatory obligations and industry recommendations through an assessment and alignment of cybersecurity practices.
- Utilize a SIEM with integration to a SOC with SOAR and ingest data from your servers, FW, endpoints as well as EDR, RMM etc.
- Establish policies and procedures for resiliency and recovery in the event of a breach including having a DFIR solution on standby.
- Have the correct data storage for critical data including customer information, PII/PCI as well as your operational data such as HR and finance.
- Establish Zero Trust for applications and access to systems for all personnel and vendors.