By Ashok Rutthan, Chief information security officer at Massmart\n\nOrganizations of every size and sector are experiencing a rising tide of ransomware attacks, resulting in the collective global loss of billions of dollars and untold brand damage. Leaders are learning first hand the ways ransomware has become a scourge on smooth operations and financial well-being. Nowhere is this more true than in retail, where ransomware represents a unique set of challenges and risks. For retailers, becoming more resilient in the face of ransomware is paramount.\n\nWhy Ransomware Presents Significant Challenges for Retail\n\nIn contrast to most industries, retail organizations are multi-site and multi-channel in nature, which means there are many more points of entry for ransomware attacks. Retail operation also embodies an extraordinarily diverse set of endpoints, above and beyond traditional computer endpoints, such as item-level RFID-based packages and pallets, vehicle-mounted computers, handheld scan-based computers, smart shelves, IP cameras and more. It\u2019s a massive surface to protect.\n\nAdditionally, retailers are challenged by the fact that many employees using technology devices and services are non-technical staff. In fact, that\u2019s often a retailer\u2019s weakest point\u2014its own user base. Retail employees are there to sell the candy, clothes, or canned food, not be IT or InfoSec specialists. So retailers have the challenge of properly training a large number of full-time, part-time and seasonal staff, to ensure every employee is aware of risks and how to avoid them.\n\nBut probably the single biggest factor that makes ransomware a challenge in retailing compared to other industries is retailers\u2019 single-minded focus on our consumer. We are well aware of what happens when a ransomware attack compromises consumers\u2019 identity and other personal, private information. Once we retailers lose a customer for any reason, they\u2019re likely to be gone for a long time. Not only that, but we lose that customer to a direct competitor, making it a double hit. Even if we are fortunate enough to regain customers\u2019 trust, doing so is an expensive re-acquisition effort; it\u2019s well documented that regaining a lost customer costs many times more than acquiring a new one.\n\nAdd to all of these considerations a stark fact: Retailing is tied with public education as the industry most targeted by ransomware attacks. According to research from Unit42, the average business downtime caused by a ransomware attack in 2021 is 23 days, and the cost of downtime is estimated at 50 times the initial ransom demand.\n\nHow Retailers Can Become More Resilient Against Ransomware\n\nFirst, it\u2019s essential that retailers practice their responses to an attack; our company continuously does tabletop learning exercises. What you often discover in those exercises is that members of your executive team or board may need to be educated on cybersecurity technology and best practices.\n\nThis c-level education is important, but it\u2019s also challenging. There are a thousand things going across executives\u2019 minds at any moment in time\u2014strategy, operations, running the business. When you bring something as technical as cybersecurity to top leaders, they may simply shut down because of everything else on their minds. This is an important communication challenge to overcome. You can do it by speaking the language of business.\n\nBeyond educating your leaders on good cyber hygiene, ensure they understand the impact of a ransomware attack on the business. That understanding helps to drive greater investment\u2014 figuratively and literally\u2014because they know the true cost of a breach. One thing that all executives and board members understand is the concept of risk, so I like to lean into that bias by helping them understand their responsibility in the event of an incident. Once they see everything in a familiar risk context, they often instinctively ask, \u201cWhat can I do to help you?\u201d\n\nIt\u2019s also important for leaders in your organization not to fall into a false sense of comfort and think the information security team or the IT organization has it all covered. It\u2019s not. We are there to make sure the organization, employees, business partners and customers are protected. We are there to manage an incident when it occurs, and to do everything we can to spot problems before they pop up. But we cannot do it alone.\n\nEveryone must be appropriately trained to understand ransomware and other cyber threats, and act appropriately. Each employee in the retail organization, from store operations and merchandising to shipping and receiving, must understand that they play a key role in promoting cybersecurity best practices and stopping ransomware from getting inside the walls. This kind of training should be delivered in small snippets and nuggets, short videos and email so you don\u2019t lose the audience. And repetition is key. Everyone needs to know what happens when they take a risky action like clicking on a spam email link, and how to report it when they discover a risk. In the event of a ransomware attack, there are critical decisions to be made, and one of our key jobs as security leaders is to ensure that the C-suite and the board are ready to act.\n\n5 Considerations for Ransomware Defense Strategies\n\nThere are five key elements to understanding the impact of a ransomware breach on a retail organization.\n\nRetailers should acknowledge and accept that their organizations are highly likely to be confronted with a ransomware attack at some point in the near future. While that doesn\u2019t mean the attack will be successful, it means you have to operate with an understanding that you need to have a plan, you need to practice that plan, you need to train your employees and you have to give your C-suite board all the information they need to make the right decision for the organization.\n\nRead more on ransomware trends in this Unit 42 report.\n\n\n\nAbout Ashok Rutthan:\n\nSRT guest author, Ashok Rutthan, is chief information security officer at Massmart, a major retailer and wholesaler based in South Africa.