All Events and Webinars

Preventing Ransomware and Stopping Data Exfiltration in Retail Webinar

Retail and eCommerce
Ransomware and Malware
Threat Actors and Campaigns
Identity and Access
Supply Chain and Third Party Risks
June 11, 2025
Show Notes
Timestamps
Ransomware in retail has evolved far beyond simple encryption, with attackers now prioritising data theft and operational disruption. This session breaks down how modern attacks actually unfold, from initial access to lateral movement and exfiltration. Viewers will learn the practical controls, response strategies, and governance decisions that reduce impact when prevention inevitably fails.

In-House Specialists

Edward Skraba

CTO Penetration Testing & Threat Intelligence
View More

Edwin Bowers

Enterprise Security Specialist
View More

External Speakers

Jeffrey Bell

Senior Information Security Analyst
View parter ecosystem

Key Strategic Takeaways

Has Ransomware Evolved Into Data Extortion?

Modern ransomware is no longer just about encrypting systems, it’s about stealing sensitive data first and using it as leverage for double extortion. Even with strong backups, organisations remain exposed to regulatory fines, reputational damage, and public data leaks. Preventing ransomware now means protecting data from exfiltration, not just ensuring recovery from encryption.

Does Initial Access Happen Earlier Than Most Organisations Realise?

Attackers commonly gain access through phishing, credential reuse, infostealers, and exploited applications, often long before any visible attack occurs. Many environments are already compromised at the identity level without detection. Reducing risk requires continuous monitoring of credentials, enforcing strong identity controls, and assuming compromise rather than waiting for obvious indicators.

Do Attackers Blend In by Using Legitimate Tools and Access?

Once inside, attackers avoid detection by using trusted tools, built-in system binaries, and legitimate cloud services to move laterally and escalate privileges. This “living off the land” approach makes malicious activity appear normal in logs. Detection must focus on behavioural anomalies and misuse of legitimate access rather than relying solely on known malware signatures.

Is Ransomware Now a Scalable, Service-Based Business?

Ransomware groups operate as organised ecosystems, with affiliates, access brokers, and platform providers working together to maximise reach and profitability. This model allows attackers to quickly adapt and continue operations even when specific groups are disrupted. Defence strategies must account for this scale by strengthening early detection, limiting lateral movement, and disrupting attack chains before encryption or exfiltration occurs.

Does Resilience Depend on Preparation and Not Just Prevention?

Organisations that respond effectively are those that have tested incident response plans, defined escalation paths, and rehearsed real-world scenarios through tabletop exercises. Security cannot rely on prevention alone given the speed and sophistication of attacks. Building resilience means combining proactive controls with continuous testing, cross-functional readiness, and the ability to contain incidents quickly.

Has Ransomware Evolved Into Data Extortion?
Does Initial Access Happen Earlier Than Most Organisations Realise?
Do Attackers Blend In by Using Legitimate Tools and Access?
Is Ransomware Now a Scalable, Service-Based Business?
Does Resilience Depend on Preparation and Not Just Prevention?
  • 00:00 Intro & webinar overview
  • 00:24 Why ransomware is a major threat right now
  • 00:43 Agenda & session breakdown
  • 01:12 Speaker introductions
  • 02:20 Offensive view: how attacks work
  • 03:37 What ransomware is (simple explanation)
  • 04:21 Double extortion & data leaks
  • 06:15 Ransomware stats & scale
  • 07:22 Recent real-world attacks
  • 09:49 Who gets targeted & why
  • 13:18 Why retail is vulnerable
  • 15:56 Ransomware attack lifecycle
  • 16:49 Initial access & credential theft
  • 18:34 Exploiting vulnerabilities
  • 21:45 Ransomware groups & RaaS
  • 27:35 Common attack techniques
  • 33:26 Defense strategies & best practices
  • 41:49 Q&A highlights & final advice
    • Watch More
    Security Operations

    Seasonal Cybersecurity Risks for Transport Webinar

    Smarttech247 leaders discuss transportation cybersecurity, focusing on OT security, digital twins, evolving threats, third-party risk, and resilience.
    Watch Now

    HSE Ransomware Attack and the Future of Cybersecurity in Ireland

    Cybersecurity leaders discuss HSE ransomware attack and a path forward for Ireland, focusing on resilience, regulation, maturity models, and public awareness
    Watch Now

    Ransomware Cyber Attack Simulation Webinar

    Attack simulation showing a multi-stage ransomware campaign and how Cybereason detects, correlates, and responds to fileless and living-off-the-land techniques.
    Watch Now

    Ready to scale your security and compliance operations?

    We protect your on-premise/cloud/OT environments - 24x7x365

    Talk to Our Experts