Avoiding Ransomware in 2017

Make no mistake: ransomware will strike the retail industry in 2017. Retailers, big and small, should implement defense processes and emergency response plans that will adequately combat this impending doom, less they will suffer the harsh consequences of a breached operation.

Understanding Ransomware
For retailers, understanding ransomware is the first step in protecting from a potential breach. While ransomware has been in existence for years, it has been recognized as sporadically effective and sloppily executed. Over the years, ransomware has largely infected the computers of individual internet users, holding ransom their personal files until a sum of money is paid. Now, cyber criminals have realized that enterprises have increasingly more to lose than individual users and, as such, are a more lucrative target.

For retailers, there are various areas of operation that could be easily targeted by ransomware: in-store computer systems, operational networks, point-of-sale systems, accounting systems and software, and employees’ computers. All of these entry points are time-critical portions of a retail business that, if hit by ransomware, could cripple the daily cycle of commerce. At the most basic level, ransomware enters a system from a number of sources, including suspicious downloads, email attachments and infected flash drives. Once it infects the intended computer system, files and services are encrypted, rendering them inaccessible to the business unless a ransom is paid.

The aftermath of a breach — as the public saw with Target, Home Depot and T.J. Maxx, to name a few — affects more than just the bottom line of the ransomed brand. It affects the brand perception to all who purchase and partner. Retailers not only represent their corporate brand, but all the brands carried to the mass consumer. Undoubtedly, a breach would negatively impact the consumer relationship, the relationship between suppliers and partners, and the public’s trust that the situation won’t happen again.

Preparing and Acting
In terms of attacks, ransomware isn't particularly sophisticated, but it is effective. Furthermore, cyber criminals continue to innovate their attacks through never-before-seen tactical creativity. Internal retail security and management teams can be extremely valuable as the first line of defense in protecting a brand’s digital access points, but they must be nimble and proactive in order to stay ahead of the criminal’s next move.

From a preparation standpoint, ensuring the entire enterprise is backed up and recoverable is the No. 1 defense mechanism for ransomware. Keeping all systems patched and up-to-date may seem like a rudimentary recommendation, but how many organizations truly conduct all scheduled maintenance, especially when it comes to anti-ransomware? Here on out, retailers should plan to perform regular reviews of all IT practices, building trust between top-level management and the technical heads by working through a collaborative audit. This practice will not only help with industry compliance, but will keep the retail enterprise moving.

Beyond the IT and security staff, all employees — especially customer-facing employees — need to understand the gravity of ransomware. Front-line employees are the persistent users of most retail systems and should be trained to intelligently vet potential threats. Trickling security training from the top down will help ensure the brand has no obvious vulnerabilities. This training can include information about what to do with suspicious links, attachments or foreign emails as a whole. If an employee finds themselves in a situation where a ransomware threat is unavoidable (e.g., they clicked on a malicious link), the most important first step to preventing irreparable damage is to report the situation. Reporting all suspicious activity to the appropriate managers will help IT or security managers enact their emergency response plan. Mid-level managers should also be part of an information sharing cycle, communicating security information up and down the organization in an effort to protect the brand.

Ransomware is an endpoint threat, starting in one system and moving throughout an enterprise. Traditional security tools fail to defend against many types of ransomware due their reliance on rigid detection mechanisms. This reliance makes them incapable of detecting and stopping the new, innovative types of ransomware we’re seeing more and more throughout retail and enterprise operations. By adding software to existing servers and systems, enterprises can better prevent specific machines and operating systems from being controlled by a cyber criminal. And while you may not be able to completely avoid a retail breach this year, you surely can try.

Israel Barak has nearly two decades of cybersecurity experience, including spending nine years in the Israel Defense Forces where he specialized in developing cyberdefense systems. He's currently the CISO at Cybereason. Previously, Israel co-founded two cybersecurity companies, Q.rity, an Israeli company that was acquired by CITI Venture Capital International, and Sentrix.