Help Isom IGA recover from devasting floods
Help Isom IGA recover from devasting floods
In today's digital age, cybersecurity is a grave concern for all businesses, especially retail. The threat of information and financial theft comes with the development and advancement of eCommerce, online business, and payment translation.
A common and expensive cybersecurity threat is ransomware, an extortion software that infects a device by gaining access to it and encrypting the whole system or specific files. Then the hacker asks for money to restore access (holding the access/data for ransom).
Ransomware attacks increased by 68% between 2022 to 2023, according to the 2024 ThreatDown State of Malware report by Malwarebytes, with the average cost of ransomware attacks at $1.85 million.
Independent grocers are an easy mark for cyber criminals, IGA CEO John Ross said, as the retailers often think they're too small to be noticed by greedy hackers and therefore don't invest in basic insurance against cybercrime.
"Every retailer that gets hit by ransomware makes it easy for others to get hit, too," Ross said. "If any of our members don't take action, it makes it challenging for other grocers to survive in business."
In fact, Associated Wholesale Grocers, Inc. was targeted last year by cybercriminals, according to AWG SVP and CIO Shelly Moore.
"The risk is real, and cybercriminals are interested in the smallest target," Moore said. "If they can get even the most minor data or cash from you, then they have been successful."
After the attack, Moore recommends independent retailers and wholesalers create a scenario that mimics ransomware activities and devise a plan to solve it while taking advantage of some of the tools at their disposal. "It will prepare you for the real-life scenario if it ever happens," she said.
According to Millennium Digital Technologies President and CIO Ken Andrews, ransomware is the preferred way for cyber criminals to gain access to a grocers' network. In the past, ransomware locked your system and demanded a ransom to open it up, which could disrupt your business. But ransomware has evolved. Now, after accessing your network, the ransomware sits in your system gathering information to learn as much as possible about your organization. It scans your files, examines your documents, reads your emails, dissects shopper data, and more. Then the hackers sell this information on the dark web, or store the data to use it against you in the future when it's most valuable, like during the busy holiday season.
"All of a sudden your customers are being attacked — the cost is almost incalculable in these situations," Andrews said. "Once that data is exfiltrated, the problem absolutely never goes away. Maybe you get your systems back up, maybe you've restored everything, but the data that's out, once the genie is out of the bottle you can't ever put it back. The key to all of this is just don't get yourself into the situation in the first place."
Andrews recommends independent grocers protect their businesses from cybercrime by starting with the endpoint computer in their workspace.
"Use a layered security model: cover the outermost layer of your data with a firewall and managed network, and cover the second layer with intrusion detection and prevention," Andrews said. "The third layer, active scanning, looks out for vulnerabilities or things that do not make sense on the network itself. Finally, endpoint protection."
This process reduces your risk of falling victim to cybercrime to one in a million, as the layered security model provides 99.9999% protection, according to Andrews. The more security layers you have, the better the protection, he said.
Cyber criminals are using artificial intelligence (AI) to use stolen data and create malware, Andrews said, so why not use AI to defend against attacks?
The aforementioned endpoint protection "is like an antivirus on steroids with AI behavior analysis," Andrews said. "Every independent grocer should have this. The AI learns the bad code, studies its behavior, and rejects it regarding your system."
Ross agreed, adding that grocers should hire an expert to install this layered security model, as the cost is usually less than one expects. Millennium Digital Technologies, an IGA cybersecurity partner, offers a version for $59.99 per month.
Moore also recommended retailers and wholesalers have a great backup and recovery system to protect their business.
Andrews, Ross, and Moore agree that ransomware attacks can happen easily because of human mistakes, so it's important to train and educate employees about the risks and preventive measure. They recommend teaching staff about phishing scams, how to browse safely, and that keeping passwords secure can lower the chances of ransomware attacks.
The IGA Coca-Cola Institute offers cybersecurity training for independent grocers, and store and wholesaler teams, while IGA partner Millennium Digital Technologies offers four levels of cybersecurity protection for members, depending on their needs.
By staying informed and implementing these proactive measures, retailers can better protect themselves from ransomware attacks. Andrews recommends independent grocers implement layers of security, including firewalls and endpoint protection, to reduce vulnerability, and educate staff on identifying scams and safe browsing habits.
These Stories on Cybersecurity
8745 West Higgins Rd. Ste 210
Chicago, IL 60631
Phone: (773) 693-4520
Fax: (773) 693-4533
No Comments Yet
Let us know what you think