The latest report from Sophos reveals a decline in retail organizations successfully stopping ransomware attacks before data encryption, hitting a three-year low at 26%. For those paying the ransom, median recovery costs were four times higher than those using backups. The report underscores the importance of early attack detection and robust defensive measures.
21 November 2023 – Sophos, a globally recognized leader in cybersecurity services, has released key insights from its sector survey report titled “The State of Ransomware in Retail 2023.” The report reveals a concerning trend, with only 26% of retail organizations successfully thwarting ransomware attacks before data encryption—a notable decrease from 34% in 2021 and 28% in 2022, marking a three-year low for the sector.
According to Chester Wisniewski, Director and Global Field CTO at Sophos, “Retailers are losing ground in the battle against ransomware.” The findings indicate an escalating challenge for the retail sector in halting ongoing ransomware attacks, emphasizing the urgency for enhanced defensive measures earlier in the attack chain.
The report also sheds light on the financial implications for retail organizations that opted to pay the ransom. Those who paid faced median recovery costs four times higher than those who used backups ($3,000,000 versus $750,000), emphasizing the importance of comprehensive recovery strategies.
Key findings from the report include a concerning rise in the encryption rate, with 71% of targeted retail organizations reporting successful data encryption. While the percentage of retail organizations attacked by ransomware decreased from 77% to 69%, the recovery landscape exhibited mixed results. The percentage of organizations recovering in less than a day dropped from 15% to 9%, while those taking more than a month to recover increased from 17% to 21%.
Sophos recommends robust defensive practices, including investing in security tools with anti-ransomware capabilities, Zero Trust Network Access (ZTNA), adaptive technologies for automatic response to attacks, and 24/7 threat detection and response. Additionally, organizations are advised to optimize attack preparation through regular backups, practice data recovery, and maintain up-to-date incident response plans. Security hygiene practices, such as timely patching and regular security tool configuration reviews, are also highlighted.