Retail & Hospitality ISAC and The Media Trust Produce Joint Benchmarking Study on Third-Party Risks to Consumer-Facing Websites

Washington, D.C., December 18, 2019 — The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) and The Media Trust are pleased to announce that they have entered into a partnership to benchmark and improve eCommerce security and efficiency. The collaboration combines the RH-ISAC vision to transform the way companies mature capabilities and collaborate to reduce the risk of cybercrime and The Media Trust’s expertise in digital security to raise awareness of unknown third-party vendors operating in digital environments.

With websites and mobile apps playing such a crucial role in reaching and serving retail and hospitality markets, companies recognize the urgency to ensure that those assets deliver the right user experience, are secure, and stay compliant with a growing number of data privacy regulations. The collaboration between RH-ISAC and The Media Trust will produce insights that underscore the heavy, yet little-known, impact that both known and unknown digital third parties have on a business’ digital assets. This collaboration comes at a time when companies from all industries are falling victim to data breaches and abuses linked to their digital supply chain.

“Our collaboration with The Media Trust demonstrates RH-ISAC’s commitment to provide retail and hospitality companies with the information and intelligence they need to address today’s mounting threats to digital security,” said Suzie Squier, president of RH-ISAC. “The reports we produce together will give our members new insights into how they can better secure their digital assets and to improve their customer journey.”

“Communities like RH-ISAC play a crucial role in developing and disseminating best practices to help their members secure their websites and apps from the ever-evolving practices of threat actors,” said Darcy Dinga, head of enterprise solutions at The Media Trust. “Getting hacked or delivering a poor user experience isn’t inevitable if you work exclusively with digital vendors you know and trust on continually improving efficiency or rooting out activities that either don’t contribute to your revenues or degrade the online journey in any way.”

The first benchmark report highlights findings evaluating 23 eCommerce sites belonging across retail, restaurant/QSR, and hotel/gaming casino segments. The report serves as a tool for enterprises to measure their ability to manage third-party risk in their digital environments. It also provides steps for addressing digital risks including:

  • Identifying and blocking domains that pose immediate security risks based on client-side scans;
  • Reviewing payment processing and user profile pages for the third-party domains, code, and tracking systems that could pose a security threat;
  • Working proactively with digital vendors to communicate policies and procedures and verify compliance; and
  • Prioritizing other changes to the digital environment based on the organization’s objectives and resources.

These steps work to improve efficiency and reduce third-party risks in the key areas of:

  • Latency
  • New domains executed on a website monthly
  • Domains executed on payment pages that are not associated with payment processing
  • Cookies with a lifespan greater than 12 months
  • JavaScript that is brought by third-party vendors and that is not under the website operator’s control

In 2020, The Media Trust and RH-ISAC will produce reports that will continue to highlight the importance of vigilant reviews of digital assets.

More Recent Press Releases