How retailers successfully protect themselves against ransomware attacks – eCommerce Magazin

The supermarket chain Tegut fell victim to a hacker attack. At the end of April, blackmailers attacked the IT network using ransomware. Tegut had to shut down the IT system completely and switch to manual mode. The consequences: First of all, Tegut had to accept goods bottlenecks and some customers were standing in front of thinned out shelves. But that’s not all: It has now become known that the blackmailers have published customer data, for example from internal market research, on the Darknet. The damage does not only amount to a loss of sales, but also has an immense effect on the reputation of the retail chain.

The example shows: Not only companies with sensitive research, product development or financial data are on the radar of ransomware attackers. The example also shows what impact a forced switch to manual operation over a long period of time has on business processes. A well thought-out disaster recovery and backup strategy in the company is essential when it comes to maintaining business continuity within the shortest possible time, even in the event of damage.

The threat of cyber attacks is growing

Cyber ​​attacks have not only existed since the beginning of the corona pandemic. However, the increased shift of processes to the digital since spring 2020 has noticeably exacerbated this development. According to the Global Security Report 2020 of the security provider Trustwave, retail is the sector most affected by cyber attacks. Attackers are constantly changing their attack tactics: while spam e-mails were the greatest threat in 2010, at 87 percent, the proportion fell to 28 percent in 2019. Phishing and social engineering, on the other hand, caused half of all data leaks. The time span between penetration and discovery is getting longer and longer. On average, it took 86 days in 2019, compared to 55 days in the previous year, until the incident was noticed.

Concern for the security of one’s own networks is justified. The security researchers at Check Point describe the numbers on the development of ransomware attacks in the past year as “terrifying”. In Germany alone – as of October 2020 – they have increased by 145 percent within three months. The example of Tegut clearly shows that the consequences are life-threatening. Disruption of operational processes, loss of sales, loss of sensitive data, loss of reputation and thus probably also loss of customers. However, a targeted backup and replication strategy can help to restore operations within a very short time and thus prevent at least some of the negative effects. Blackmailers no longer have “leverage” for a ransom demand, as companies no longer depend on the data being disclosed (and this would not be guaranteed in any case, even if payment was made).

Backup software: simple and complex

In order to withstand the increasingly complex and sophisticated cyber attacks, antivirus software alone is not enough to protect internal company data and processes. Well-engineered backup & replication solutions are required that ideally support automated backup processes both in the on-site IT system and for data from cloud services. These functions should also be as easy to configure and use as possible and function reliably in everyday IT. A backup and recovery tool can restore accidentally or intentionally deleted data. In order to protect against ransomware, however, additional features are required such as failover, i.e. the automatic switch to a replacement system, backup to the cloud, backup copies and restoration of virtualized environments. If malware has entered the system, comprehensive recovery functions should be able to take action in an automated and coordinated manner across multiple locations. Of course, it should be ensured that a consistent disaster recovery plan is in place.

The company’s backup strategy ensures security

Without a carefully planned approach, even the best software is of little value. The more conscientious the preparation, the more effective the corresponding measures are in an emergency. A backup solution must be easy to use, but it can remain affordable. In any case, it saves a lot of money in the event of damage. A strategy should always include the following steps:

  • The classification of the data according to topicality, its importance in day-to-day business, but also according to the size of the files that arise is the starting point. Data from the CRM and ERP systems, for example, have a higher priority than archive data.
  • Recovery Point Objectives (RPOs) determine the timing of the backups so that data can be restored in the most up-to-date version possible. As a rule of thumb, what is updated frequently on the same day needs short RPOs of minutes or hours. Accordingly, data that only change occasionally can be backed up less frequently.
  • In addition to the classification and the RPOs, it must be determined whether and when full backups are necessary, and when incremental backups are sufficient, which only save freshly changed data but significantly reduce the network load.
  • Regular tests check the recoverability – a modern backup software can do this automatically according to plan.
  • 3-2-1 is still the golden rule of every backup: 3 backups on two different storage media, one of them offsite and completely independent of the company’s IT, and to be protected from physical damage, ideally also in the cloud.

With these five steps, merchants can remain relatively calm even in the event of a ransomware attack.

Backup strategy for companies – avoid data loss

However, attackers often not only target the files on the active systems, but also target the backup copies. For this reason, a preventive, multi-layered approach is recommended to prevent the manipulation or theft of data by ransomware. With a clear strategy and the right solution, IT managers can rest assured that the data is secure, protected and can be restored at any time.

Tegut managing director Thomas Gutberlet made it clear early on that paying ransom is not an option to reverse the ransomware attack. “We do not encourage criminal machinations and do not enter into negotiations with criminals,” said Gutberlet. A consistent, but at the same time momentous decision. In such a case, a clever replication & backup strategy in the company cannot repair any damage to its image, but it can prevent the loss of data and the collapse of company-relevant processes.

Also Read: Internet Vulnerabilities – Why a Platform Pays $ 10,000 to Ethical Hackers.

Backup strategy company, Sergei Serdyuk from Naviko
Image: Nakivo

About the author: Sergei Serdyuk has Nakivo Co-founded in 2012. As Vice President of Product Management, he has been responsible for the software company’s entire product portfolio since 2018. He has been in the IT industry for over 15 years and has extensive experience in the areas of software project management, product management, virtualization, cloud and data protection.