Risk Management - RH-ISAC Blog

The cyberthreats following in the wake of the COVID-19 pandemic are not substantively different from the threats that security professionals have dealt with during other national or global calamities like the Indian Ocean tsunami, Amazon fires, floods, and hurricanes. Sophisticated cybercriminal, state-sponsored threat actors, and hacktivists have always taken advantage of widespread anxieties in times…

This blog is part of the RH-ISAC holiday guidance blog series. For more blogs in this series, visit https://rhisac.org/blog/. As we enter the holiday season, malicious actors ramp up their attacks, seeking to take advantage of the increase in traffic to both digital and brick-and-mortar retailers and hospitality organizations. Attackers tend to be opportunistic: targeted, specific…

RH-ISAC’s VP of Intelligence, Carlos Kizzee is featured in an article on Hospitality Tech. The below is an excerpt from the article. For the full post, visit: https://hospitalitytech.com/third-party-risks-abound-digital-world Today’s retail and hospitality world is increasingly interconnected, and customers expect to shop in the digital marketplace with minimal friction. Third-party systems are a critical component of…

Valimail has been doing rigorous analysis on the data behind email frauds since the company’s earliest days. And we’ve been publishing research reports based on that deep insight for several years. Valimail’s research program now sets the industry standard for reliable, hype-free data on the state of email fraud, email authentication, and identity-based email attacks….

Numerous attack campaigns in the past couple of months have demonstrated a common tactic used by cybercriminals and state-sponsored attackers alike―credential harvesting. According to the Verizon 2017 Data Breach Investigation Report, 81% of hacking-related breaches leverage either stolen, default or weak credentials. While credential harvesting is often seen as equivalent to phishing, it uses different…