'Tis the Season for Retailers to Prepare for Cyberattacks
Retailers have become a primary target of cybercriminals. A ransomware attack hit 44 percent of retail organizations in 2020, and many paid a very high price. The average cost of recovery from a ransomware attack in retail was nearly $2 million, according to the State of Ransomware in Retail 2021 report by Sophos. The costs included downtime, device cost, network cost, lost opportunity, and ransom paid to recover encrypted data.
As we approach the holidays, the bad-actor community is gearing up to launch a new wave of attacks. This piles pressure on retailers to secure their data and protect customer data. Here are four ways retailers can keep the bad guys at bay and have a happy and profitable holiday season:
1. Get the right data storage.
Retailers need to manage and protect a lot of data, from credit card numbers to email addresses. Having the right data storage solution enables you to protect critical data, even if you're a victim of a ransomware attack.
Look for an immutable data storage solution that safeguards information continuously by taking snapshots every 90 seconds. You can still recover information even if ransomware does sneak through and data is overwritten. Because these snapshots are immutable, there will always be a series of recovery points, ensuring that data will be safe.
2. Strengthen your weakest link.
Firewalls, endpoint protection and email security are all crucial. However, backup and recovery are also a critical part of the overall IT security solution. And if it's not done correctly, it will be your weakest link. Having a comprehensive backup and recovery plan can protect data if disaster strikes — not just a cyberattack, but also incidents like a power outage, snowstorm or hardware failure.
A backup and recovery plan should include a simulation of business disruption to assess your strategy. It should also include regular testing of backup images so you can resolve potential issues before they occur. Retailers with a recovery plan are more likely to escape maximum damage and permanent data loss. A solid plan can ensure your business remains at the top of its game this holiday shopping season.
3. Understand that not all data is created equal.
Data tiering is critical for retailers. The approach involves moving less frequently used data, or less vital data, to lower storage levels for cost, recoverability and availability. The premise is that not all data is created equal, so it's essential to have different sets of policies based on how critical the data is and how quickly you need to access or recover it.
Yes, it's good to have quarterly results at hand. However, if you lose access to that information for a few hours or days during the height of the shopping season, it won't hurt sales. However, if your company's price list is compromised or delivery addresses aren't accessible, it could have an immediate impact on your business. That's why it's so important to prioritize data and understand the value of each piece of data.
4. Protect your data in the cloud.
Many retailers operate in the cloud. They need to realize that cloud security is a shared responsibility between them and their cloud provider — and not always divided equally. The retailer is primarily responsible for protecting their data in the cloud, not the service provider.
Top-tier providers like Microsoft Azure, Google Cloud Platform, and AWS typically secure the core infrastructure. But when it comes to securing data, that responsibility falls on the shoulders of customers. Retailers that fail to grasp this fact are much more likely to suffer a data loss.
You should be aware of your responsibility, ensure that you have the proper protections in place, and regularly test the ability to recover from data loss if it happens.
Shridar Subramanian is chief marketing officer of Arcserve, a data protection, business continuity, and ransomware protection provider.
Related story: What Modell's is Doing to Protect its Customers’ Data
Shridar Subramanian has more than 25 years of experience in information technology. Shridar joined Arcserve through the merger with StorageCraft, where he served as CMO, oversaw marketing as well as product management, and was responsible for demand generation results.
Previously, Shridar was the CRO and VP of marketing and product management for Exablox, in charge of marketing and positioning. Before that, Shridar was the VP of Marketing at Virident Systems (acquired by Western Digital), a leading provider of PCIe SSDs, where he was responsible for product strategy, go-to-market as well as awareness and demand generation.
Prior to Virident, he was a Senior Director of Marketing at Monosphere Inc., a storage virtualization software company, where he was responsible for market and product definition for the company. Before joining Monosphere, Shridar held senior marketing positions at NetApp, where he was responsible for defining and driving solutions for major enterprise verticals.
His previous experience includes Software Engineer for Intergraph Corporation and Management Consultant at Booz Allen & Hamilton. He received his M.S. in computer science from Penn State University and MBA from the University of Chicago.