Gambling on Consumer Trust – The Link Between Customer Loyalty and Ransomware AttacksBy Justin Loh
Since the first lockdown in 2020, many retailers had to pivot to e-commerce for the first time in a bid to help their businesses survive.
This presents new opportunities for cybercriminals to disrupt services and steal data. Cybercriminals have been focusing their efforts on the retail industry as retailers are vulnerable to disruptions that could immediately halt sales, making them more susceptible to paying off hefty fees to rectify a ransomware attack.
Southeast Asia’s growing e-commerce momentum led by mega sales events such as the Chinese-led Singles Day Sale (racking up around $115 billion sales last year), Black Friday and Christmas season are major cash cows for cybercriminals. The complex distributed IT environments where retailers operate, paired with access to a wide range of sensitive personal and financial data rendered the industry vulnerable to cybercriminals who are looking to get a slice of the revenue pie.
Gambling on consumer trust
Consumers are becoming increasingly intolerant towards ransomware-related outages and if retailers cannot provide them with satisfactory services, consumers have no qualms taking their business elsewhere when faced with any disruptions.
According to our research, cybercriminals were quick to exploit the new security challenges brought about by the pandemic, to which respondents have stated that their employers experienced an average of 2.57 ransomware attacks leading to a significant downtime in the past year. 14% have admitted to five, or more, ransomware attacks that have caused a greater downtime. When it comes to addressing such vulnerabilities, it’s clear that there is still a long way to go for organisations that hope to bring their protection environments up to speed with their production environments.
Retailers simply cannot gamble with consumer trust by being offline for too long or failing to adequately protect customers’ data. There is no safe haven from ransomware as the attacks are targeting data and applications in the cloud no less than on-premises resources.
Perhaps what’s more damaging to retailers is the reputational damage these attacks entail. Issues such as failed POS transactions and the perception of an ‘unsafe’ business could possibly turn customers towards competitors who can offer a better and more secure shopping experience.
Defending against ransomware attacks
Although ransomware comes in different forms with different capabilities, the methods used to gain access to a target machine remain relatively unchanged – via phishing emails that contain malicious attachments or through drive-by downloading.
Businesses need to raise their stance on cybersecurity by having a robust data back-up and recovery protocol in place so that retailers can easily deploy a multi-layered approach in the unfortunate event of a ransomware attack. Some recommendations on how retail organisations could better protect themselves from ransomware attacks include enhancing monitoring for swift action, backing up data regularly and keeping at least one copy of the backup offline and setting retention policies to expire data over time to ensure data that is no longer needed does not fall into the wrong hands of cyber felons.
Retailers are under almost immediate pressure to pay ransoms in order to get the business operational again. There is no guarantee that even if you pay the ransom that you will get all your data back. To stay one step ahead of the game, it is imperative for retailers to start practising incident response and business continuity plans, hardening backup platforms to block attackers at as many points as possible across your environment and deploying robust recovery measures to ensure data and applications can be restored quickly and seamlessly across business networks and operating systems – all before it is simply too late.
In short, keeping data safe improves loyalty and generates ROI.
The future of retail is reputation
While a retailer can eventually recover its data or financial resources post-attack, the loss of trust among customers and partners will be hard to regain. A ransomware attack on a retailer can have a long-lasting impact on consumer loyalty and their purchasing decisions. The potential damage will multiply as consumers are likely to share their negative experiences with others, be it online and offline. 90% of online shoppers have chosen not to purchase from a company because of its bad reputation.
As cybercriminals are on a journey to deploy more effective and potentially devastating means of holding retailers’ data and workloads hostage, the time to act is now. Retailers need to urgently review their resiliency approach and close the gap by making their backup and disaster recovery processes more robust, audit their sites and apps to ensure they’re as secure as they can be, to win and maintain consumer trust.
Today’s retail world is highly interconnected and digital – consumer data must remain protected and secure or retailers risk destroying trust and losing business.