Your Questions About Cyber Security, Answered

Feb 10, 2022

Would you or your associates take a shopper's wallet and hand it to a criminal? Of course not. But that's essentially the outcome of a risk many independent retailers are taking—often without knowing it—by not actively protecting their data from cybercriminals. 

"I believe sincerely that the threat of the cybercriminals identifying and choosing the grocery industry as an easy mark is way higher than any of us believe," IGA CEO John Ross says. "It is an existential threat for our industry, and especially for small to mid-size independents." 

A cybercrime and/or ransomware attack can wipe out your business in minutes. "As soon as you connect live to the internet, you're suddenly part of a global network and you've exposed your systems whether you know it or not," Ken Andrews, president of Millennium Digital Technologies and developer of IGA's Cyber Security program, explains. 

In fact, these attacks are so common, the question isn't whether the attack will hit your business, but when. Damages from cyber security attacks are up over 200 percent from 2020, and have cost businesses an average of $283,000 per incident. "The extended costs can be significantly higher when factoring in the long-term disruption to the business, brand damage, loss of customer trust, and more," Andrews says.

But Andrews is on a mission to help independents prevent these devastating attacks from happening. He has partnered with IGA to create the Cyber Security program, which provides four levels of protection and service against ransomware and cyber attacks on store POS systems, computers, mobiles, and other vulnerable technology. Below, he has answered some of retailers' most pressing questions.

Q: What trends have been developing on the cybersecurity front as we move further into 2022?

A: In a word…ransomware. We’ve seen increased activity from hacking groups using ransomware to orchestrate attacks as it has proved to be one of the most effective and lucrative avenues to exploit victims.

Cybercriminals are raking in millions of dollars in revenue from these attacks that target businesses of all sizes from large to small. While the largest payments typically are extorted from the largest victims, the smaller victims—like independent retailers—pay more frequently as they are usually less prepared to remediate and recover from an attack that has already occurred. Unfortunately, in most cases, the smaller merchant must either start from scratch or pay the ransom to get back in operation. Neither option is desirable and leads to many ransoms being paid to quickly get back up and running.

Q: What exactly is being held for ransom in a ransomware attack?

A:  Originally, ransomware attacks were all about locking you out of one of the systems you need to do business (like your POS) and extorting a payment to get back into them. However, cybercriminals have adapted their methods as they realized that stealing your data as part of the attack would provide them with more leverage. 

Data such as loyalty databases, banking and website sign-in credentials, customer info, loyalty info, HR system data, etc. are very lucrative to cybercriminals and can be easily resold on the dark web. The cybercriminals can now leverage this data for a larger ransom payment in exchange for promising to not release or resell this data. This puts the victim in a difficult position as their business, employee, and customer data could potentially be exposed at any point in the future causing further damage to their business as well as potential civil and criminal liability under state Personal Identifiable Information (PII) laws.

Q: Why is the IGA Cyber Security initiative so important?

A: Cybercriminals have been adjusting their targeting over the past two to three years to focus more on critical infrastructure type of businesses where the attack will have maximum impact and a higher likelihood of ransom payment. The grocery industry fits their preferred target perfectly as any impacts to the food supply will receive a lot of attention and there are unfortunately technical weak links that can be exploited.

Think for a moment of the number of vendors and technologies that are present in the typical grocery environment—every one of them is a potential conduit for cybercriminals to gain access to your systems. Now consider how many of those vendors service a large number of merchants in the grocery industry—probably just about all of them. This situation is absolutely primed for a cybercriminal to infiltrate one of those vendors and potentially exploit thousands of locations simultaneously.

This will happen—it is just a matter of when and who will be impacted that didn’t plan ahead."

IGA is taking this threat seriously and making tools available to independent grocers to get ahead of this risk and protect its members. This is the kind of problem where once it happens it is too late…you have to be ahead of it.

Q: What do you recommend merchants do to protect themselves?

A: There are two common threads we hear when talking with store owners and management. The first is that they really don’t know what their cyber security risk profile looks like and that they are relying on other vendors to make sure their systems are secure. That simply doesn’t get the job done and it has been proven time and again that unless you are living security on a daily 24/7 basis, things are going to get missed or sidestepped resulting in attack vectors for cybercriminals.

You need a dedicated and independent resource watching this for you that can give you the peace of mind that your systems are secured, monitored, and reported on so that you know exactly where you stand—good, bad or ugly. Knowing where the problems exist allows us to work with your other vendors to resolve those issues until the reporting shows your systems are secure. At that point, it just becomes a process to monitor and maintain the systems over time.

The second common thread that we hear is the concern that implementing security is going to be too expensive and time consuming. The most important factor in making the process efficient is to work with a partner that understands the grocery environment intimately. [My company] MDTech has nearly a quarter century of experience working alongside our merchant partners to navigate the multitude of systems, processes, and partners that make independent grocery work. This results in a very efficient and cost-effective solution for our merchant partners.

Having said that, there will be investments of time and costs to secure your systems, but that upfront investment is minuscule compared remediating an actual attack. In most cases, spending less than $3,000 upfront can mitigate hundreds of thousands of dollars of damage down the road. We’ve never once spoken to a merchant after the fact that didn’t regret not doing more up front.

Q: How can I learn more about this?

A: This is a complex topic that you likely will have questions beyond what could be answered here or in other forums. We will be conducting an education session (description below) at the upcoming NGA Show on March 1 and will also be at the IGA booth. We’d love to meet with you in person to discuss more about your needs. If you aren’t able to attend NGA, you can sign up for a call to discuss your needs in further detail by visiting IGA's Cyber Security Program page. In either case, our security experts are ready to answer your questions and help you in any way possible.

Secure Your Business

IGA Education Session at The NGA Show

Ransomware: The Biggest Threat To Your Business May Be One You Aren’t Even Thinking About

Did you know the average ransomware attack costs businesses an average of 15 days downtime? Small, local grocers with busy management, slim margins, and vulnerable technology systems are particularly susceptible to a ransomware attack that can shut down POS systems and cost thousands—or even hundreds of thousands of dollars—to resume business. Hear directly from independent retailers who have been impacted, and learn how you can protect your business.

Visit the IGA booth at The NGA Show for a chance to win one of two cyber security prizes:

  1. The first 5 stores to sign up for IGA's Cyber Security program will receive 50 percent off installation and 50 percent off their first year of service.
  2. Enter a drawing to win:
    1. Managed Network Firewall
    2. NetGuard Network Backup
    3. 1 Year of Service & Support

register for The NGA Show

You May Also Like

These Stories on Cybersecurity

Subscribe by Email

No Comments Yet

Let us know what you think