decrypting myths its highest rate of encryption over the past three years , with 71 % of those organisations targeted by ransomware stating that attackers successfully encrypted their data .
• The percentage of retail organisations attacked by ransomware declined from 77 % last year to 69 % this year .
• The percentage of retail organisations that recovered in less than a day decreased from 15 % to 9 % this year , while the percentage of retail organisations that took more than a month to recover increased from 17 % to 21 %.
Sophos recommends the following best practices to help defend against ransomware and other cyberattacks :
Strengthen defensive shields with :
• Security tools that defend against the most common attack vectors , including endpoint protection with strong anti-ransomware and antiexploit capabilities .
• Zero Trust Network Access ( ZTNA ) to thwart the abuse of compromised credentials .
• Adaptive technologies that respond automatically to attacks , disrupting adversaries and buying defenders time to respond .
• 24 / 7 threat detection , investigation and response , whether delivered in-house or by a specialised Managed Detection and Response ( MDR ) provider .
• Optimise attack preparation , including regularly backing up , practicing recovering data from backups and maintaining an up-todate incident response plan .
• Maintain security hygiene , including timely patching and regularly reviewing security tool configurations .
To find out more about the ransomware threat to retail organisations , Intelligent CISO caught up with Wisniewski who provides some key advice for CISOs .
The report highlights a decline in the ability of retail organisations to disrupt ransomware attacks in progress . Can you discuss the key reasons behind this trend ?
We don ’ t know precisely why the numbers are declining , but I suspect it is related to the ever-shrinking dwell times ( the time between intrusion and encryption ). Even organisations with XDR tools and performing active threat hunting need to detect and respond earlier than ever .
The findings indicate that recovery costs for retail organisations that paid ransoms were significantly higher than those that used backups . Could you elaborate on the factors contributing to this cost difference and the best practices recommended to mitigate these financial impacts ?
Again , we don ’ t know about individual cases , but from the victims I have spoken to , the paying of the ransom is often done to achieve a quicker recovery time , yet few organisations get all of their data back and the criminals ’ tools for decryption are slow and unreliable . This all leads to the victims needing to rebuild
68 www . intelligentciso . com