Retail and Hospitality 2021 Threat Trends

Retail & Hospitality ISAC recently partnered with Associate member Accenture in developing the 2021 Industry Trends Report. RH-ISAC Core members can download this TLP:Amber report from Member Exchange.

In the highly competitive retail and hospitality marketplace, the right blend of digital technologies can help us meet consumer expectations — which continue to increase. However, these same technologies often present additional security vulnerabilities. Even when organizations heavily invest in cybersecurity, threat actors continue to evolve their capabilities and embrace approaches that challenge our defenses.

In 2020, we saw how vital it was to share information. COVID-19 created new challenges for already-stretched cybersecurity functions. Most organizations had to quickly shift to remote work, challenging enterprise security monitoring in many ways. From communication platforms to devices and networks, organizational security was tested. We also saw an increase in social engineering campaigns as cyberespionage and cybercriminal groups tried to take advantage of vulnerable employees who were unfamiliar with managing their new technology environments.

The rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations, and financial constraints created new security breach opportunities. The RH-ISAC aims to help you learn more about these challenges so you can pivot your approach to security.

Also in 2020, adversaries developed new exploits to use against Microsoft Outlook Web Access (OWA) and Microsoft Exchange environments. They created more sophisticated command and control methods to try and disrupt detection by using internal proxy mechanisms.

Last year’s worldwide economic disruptions put tremendous financial challenges on organizations worldwide. These challenges flow down to information security operations to maintain or increase coverage under ever-tighter budgetary constraints. We need to continue focusing on threat-relevant cyber hygiene and security awareness…the impacts of COVID-19 are not over.

As our economy continues to be vulnerable, threat actors work to monetize access to data and networks. Early in 2020, supply chain compromise and off-the-shelf tools were heavily featured. Ransomware increased in popularity along with data theft and pressures on victims. With game-changing ransomware attacks, like the Maze threat, the name-and-shame technique gained momentum.

In today’s cybersecurity climate it is imperative to put the right controls in place to create a safe and secure environment. According to Accenture, four elements of adaptive security that can help are:

  • A secure mindset
  • Secure network access
  • Secure work environments
  • Secure collaboration

Engage with your business leaders to plan, prepare, and practice for better cybersecurity resilience, backed by the right resources and investments. A multi-dimensional crisis management strategy can help you achieve cybersecurity resilience and help protect your organization. Staying on top of industry trends and sharing insights with other organizations can enhance your security team’s work and help solidify your security technology investments, processes, and strategies.

The RH-ISAC aims to facilitate information sharing for IT security and business operations teams. Raising awareness about the cybersecurity landscape and its threats can help you take steps to reduce cyber risks in your organization. Collaborate with peers and share information to stay ahead of cybercriminals.

We continue to move forward, aided by peers, partners and tools that help us protect our customers, employees, and organizations. We hope in 2021 you will continue to grow your security game, invest in trust-based peer relationships, enhance your strategic knowledge, and hone your tactical capabilities. We are, and will always be, stronger together.

RH-ISAC thanks Associate Member Accenture for their partnership in developing this report for our members. #ProtectAsOne

More Recent Blog Posts