Blog

The stakes remained high for retailers this holiday season, with attackers aggressively focusing their attention on the commerce sector – both in the U.S. and abroad. Several factors played into the increase in malicious activity — the surge in online traffic due to pandemic-related restrictions as well as compounding supply chain issues and associated inventory…

As the Russia/Ukraine crisis develops, RH-ISAC is working to provide guidance to the retail and hospitality community concerned with the situation’s impact on their operations. Historically, Russian cyber activities during regional conflict start with massive DDoS attacks against the target states’ communications and civil infrastructure organizations. Other opportunistic attacks such as ransomware and data breaches…

The last few years have been challenging for cybersecurity departments who were forced to adapt quickly to rapid digitalization in the face of the COVID-19 pandemic. An expanded attack surface has presented new opportunities for cyber criminals, but developing technology holds possibilities for more efficient protection. Here are just a few of the cybersecurity predictions…

The last few years have seen a dramatic rise in high-profile ransomware cases, leading CISOs to bump ransomware planning to the top of their list of initiatives. However, just as companies have adapted to guard against this threat, ransomware gangs have adapted in turn, employing additional layers of extortion focused on exposing customer data. A…

Any company operating a modern information technology environment can fall victim to system-encrypting ransomware. But not every company has fallen victim. Do companies that experience an operations-impacting ransomware event have poor cybersecurity hygiene? Or is the quality of cybersecurity hygiene not a factor in the frequency of ransomware events? To answer these questions, RiskRecon analyzed…

The surge in online activity in recent years has led to a corresponding explosion in online fraud – a 140% increase in the volume of fraud attacks in 2021 compared to pre-COVID. Even enterprises with strong fraud prevention programs now struggle to confidently distinguish real consumers from cybercriminals. Confidence in the customer-vs-criminal question and the…

As the retail and hospitality industry moves into 2022, what were once unprecedented times have become the new normal, and though many businesses face lingering challenges, the results of this year’s CISO Benchmark Survey also reveal a desire to invest in the digital future. A majority of respondents across all sized companies, from small to…

As RH-ISAC welcomes 2022, we would like to take a moment to reflect on the accomplishments of 2021, made possible only by the dedication and resilience our member community has shown. Despite the challenges thrown at the industry, from the pandemic to major security events like the Log4j vulnerability, our members have continued to come…

RH-ISAC recently partnered with Associate Member SecurityScorecard to produce a report that details the most common vulnerabilities, critical severity issues, and malware strains observed among RH-ISAC member companies. SecurityScorecard is the global leader in cybersecurity ratings, which are used for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting. SecurityScorecard provides companies with an…

On Thursday, December 9, Apache published a zero-day vulnerability (CVE-2021-44228). Known as “Log4Shell”, this vulnerability is a critical remote code execution vulnerability in Apache’s Log4j software library, which is of extreme concern to the security community due to its widespread usage and potential for exploitation. This flaw impacts Apache Log4J, versions 2.0 to 2.14.1, a…