Bolster cybersecurity by addressing three operational domains
The high-profile April 12 cyber attack on NCR, a company responsible for data operations in the restaurant and retail sectors, resulted in businesses receiving a fresh warning regarding an escalating vulnerability: ransomware attacks. In this environment, understanding why certain businesses are targets can help them decide how best to adopt a prevention strategy that saves money and thwarts reputational damage.
Caesar Sedek, a managing director in Grant Thornton LLP’s Cybersecurity and Privacy practice, said that ransomware is just malware, and malware has been around almost as long as the computer operating systems they target. However, ransomware has emerged as a significant threat primarily within the last two decades, coinciding with the rise of increased connectivity and digitalization. This includes the widespread adoption of cloud computing, Internet of Things (IoT) devices, interconnected networks and the exponential growth of data, all of which have greatly expanded the attack surface for ransomware.
Dissecting the NCR ransomware attack
The April cyber attack against NCR was unusual for two reasons: one was that the attack was not on a restaurant chain or retailer but on a company that provides financial services for these companies — particularly point-of-sale (POS) processing. Second, NCR publicized the attack after their incident response process required it to shut down systems functionality for its clients. But in other ways, it was very typical — the criminals who hacked into the system didn’t steal money directly, but blackmailed NCR to pay them with the threat of releasing information on customers gleaned from the POS software. This attack naturally concerned restaurants and retailers whose customer information is housed in the software.
Due to the sophistication of the attacks, they are less likely to be perpetrated by lone wolf-type criminals. Instead, cyber criminal gangs have arisen, such as Wizard Spider, LockBit, Royal, Vice Society and the perpetrator of the NCR attack, BlackCat, almost to the level of being considered international cartels. But there also are plenty of smaller gangs that go after smaller targets, Sedek said, so not being a giant company isn’t an automatic protection.
“These types of ransomware gangs typically want to go where they can extract the most damage or, at least, extract the biggest payment,” Sedek said. For that reason, “mom-and-pop”-type single-location restaurants and retail stores are not as desired as targets. More likely, a business with a chain of locations is a more desirable target.
Many ransomware attacks often go unreported, Sedek said, because of the damage in reputation it can cause a business — which might be more detrimental than the theft. Sedek said studies have shown that the reputational damage of a known data breach costs a company 4% worldwide in lost customers, and that that percentage is higher for U.S. companies. If the ransoming criminal keeps the demand for money low enough, a business might decide that it may make more sense for it to pay the ransom and receive back the stolen data. However, that approach only emboldens the criminals and oftentimes results in them striking back, asking for larger sums.
Our cybersecurity and privacy insights
No Results Found. Please search again using different keywords and/or filters.