As Australia continues to battle its toughest lockdown yet, retailers face more cyber challenges than ever before.

Many have undergone significant and rapid changes in order to adapt to a long-term online presence, undertaking dramatic digital transformation projects to modernise or change their entire infrastructure. Yet faced with an uptick in the volume and variety of cyber-threats from all angles, Australian retailers now face an additional, critical challenge: securing their complex and sprawling digital environments from attack.

With thousands of daily online transactions, newly-adopted cloud and SaaS services to support remote workforces, and automated third-party systems to streamline digital processes, the cyber-attack surface has expanded to give criminals more opportunities, and indeed, increased incentive to steal information or try to break into an organisation.

Under threat: The most common cyber-attacks facing retailers

Cyber-criminals targeting retailers are most often financially motivated, and will target either customer information, or the retail organisation itself.

Traditionally, when targeting customers, attackers can gain access to payment information to directly steal funds from consumers. Credit card numbers can be stolen from retailers by malware installed at point-of-sales (POS) systems, and with the shift to online purchasing, attackers targeting Australian organisations are increasingly pivoting to e-skimming scripts that infect check-out pages.

In addition to credit card numbers, cyber-criminals will target customer’s personal information to sell on the dark web for profit, including a customer’s name, email, phone number, and mailing address. Yet while targeting the customer directly proves profitable, cyber-attackers have turned their attention toward bigger targets: the retail enterprises themselves.

In fact, the retail sector was the most targeted by ransomware in 2020, with an estimated 44% of all retail organisations worldwide having been hit, with that figure likely being higher in reality. Earlier this year, the world’s largest meat supplier, JBS Foods, was hit by a devastating ransomware attack, which affected 47 facilities in Australia and had knock-on effects for countless more retail organisations across the nation.

Today’s ransomware attackers also have another trick up their sleeve – in a growing trend, cyber-criminals are leveraging what is known as ‘double extortion’ ransomware, meaning that in addition to locking down systems—as in a traditional ransomware attack—data is also stolen. Double extortion ransomware attacks like this present a particular threat to retailers, as not only will their systems be disabled, leading to costly downtime, but customer information can also be stolen from internal databases at a scale that eclipses the scope of skimming methods.

Retailers are also susceptible to insider threats. With high employee turnover in the retail industry, there is more possibility that an ex-employee may steal sensitive company information before they exit. Insiders can even make deals with cyber-criminal groups to help facilitate an attack. A notable example of this occurred at Tesla, where cyber-criminals unsuccessfully attempted to recruit an insider to install ransomware by either clicking a malicious link on an email or manually inserting a USB.

Shopping safely: how retailers can protect their businesses

To successfully defend against ransomware and other cyber-threats, retailers need to take a fundamentally different approach to cyber defence. In an industry where insider threats abound, where labor is often outsourced to third parties, and where personal and payment information flows freely across various technologies, retailers should assume that cyber attackers, who are constantly finding ways to update their tactics, will find a way inside their systems.

Nowadays, cyber-attacks, and in particular ransomware attacks, are truly a matter of if, not when. However, as soon as an attack breaches a retailer’s perimeter, a retailer can detect, investigate, and respond to this attack at its earliest stages with technology that does not look at past indicators of attack, rather uses knowledge of the business itself to detect behavior indicative of threat, and autonomously respond to avoid a crisis.

Ransomware is a problem that unfortunately will not leave Australian retailers any time soon. In the first half of 2021, ransomware incidents affecting Australian organisations increased by 24 percent. And with the increasing shift to e-commerce, if a retailer’s site or systems are taken down, this can be a critical hit to a retail business.

The good news is that sophisticated, autonomous defensive technologies are readily available to empower retail organisations to fight back against machine-speed threats like ransomware, providing the necessary resilience to continue providing services and products to customers, no matter what may be on the horizon of the threat landscape.

Hayley Turner is director of industrial security for Asia Pacific at Darktrace.