RH-ISAC held its first-ever Security Awareness Symposium in October. The event was designed to help professionals in the retail and hospitality industries hone their security skills and gain clarity on the biggest cybersecurity issues their companies face.
The morning began with remarks from Suzie Squier, RH-ISAC president, and Ed Adams, president and CEO of Security Innovation. Adams talked about just how big of a role security plays in the business of retail and hospitality and how important it is for employees to understand their part in upholding it.
Bridget Bratt, associate director at Protiviti, and Chip Wolford, managing director in Protiviti’s technology consulting practice, gave a talk on data protection. During their session, they touched on the unique security challenges facing the retail and hospitality industries—including the volume of credit card information these companies routinely handle—and how these companies can shift to more effectively protect data in their environment.
Chip Witt, the vice president of product management at SpyCloud, talked about the relationship between stolen credentials and ransomware. He explained what happens when a threat actor steals your credentials and how to make yourself and your company less vulnerable to a ransomware attack.
In his talk on hackers, Christopher Fielder, director of product marketing for Arctic Wolf, discussed the most common types of phishing attacks and how hackers use spear phishing to gain access to retailers’ cloud-based POS systems.
During the afternoon session, Living Security guided retail professionals through its CyberEscape Online team training exercise. There, participants completed interactive scenarios and puzzles designed to help them think like a threat actor and get better at identifying and neutralizing physical and digital security threats in the real world.
In the technical track, Security Innovation led developers and technical staff through its CMD+CTR eCommerce Cyber Range Exercise, a 3.5-hour live hacking event of an online retail site that had 35 vulnerabilities of varying difficulties. The exercise helped participants get inside the mind of a hacker, learn what vulnerabilities may exist on their eCommerce sites, and shift security left to address them earlier.
The symposium closed with a panel discussion led by Ed Adams, featuring Devon Bryan, global CISO for Carnival Corporation; Kara Gunderson, manager of CITGO Petroleum’s payment card operations team; and Mark Carl, CSO for PDI Software. Their discussion centered on the challenges enterprise organizations face in maintaining a secure environment when outside vendors and third-party technologies are involved.