Retailers increasingly unable to stop ransomware attacks: Sophos survey finds>
TW Muchiri – Puja Mahendru
Sophos’ State of Ransomware in Retail 2023 report, based on a survey of 355 IT/cybersecurity professionals, indicates a decrease in ransomware attacks in retail from 77% to 69%.
However, the sector sees the highest rate of data encryption in three years at 71%, with only 26% of attacks stopped before encryption.
The double extortion method, involving both data encryption and exfiltration, is increasingly common.
The primary causes of significant attacks are exploited vulnerabilities and compromised credentials, with email-based attacks also prevalent.
While 97% of retail organizations recovered their encrypted data, there’s a shift towards paying ransoms, with 43% doing so, and an alarming increase in payments of $1 million or more.
Sophos advises strengthening defenses with tools against common attack vectors, adopting Zero Trust Network Access, using adaptive technologies for automatic response, 24/7 threat detection and response, regular backup practices, up-to-date incident response planning, and maintaining security hygiene.
The survey included organizations of various sizes across the Americas, EMEA, and Asia Pacific.
Link: https://news.sophos.com/en-us/2023/07/05/the-state-of-ransomware-in-retail-2023/