Stolen credentials, ransomware, and phishing are the most common attack vectors deployed in the retail, hospitality, and travel industries, according to the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC) analysis of Verizon’s latest Data Breach Investigation Report (DBIR).
This week RH-ISAC hosted the virtual Emerging Technology Showcase to shed light on the top cyber threats facing retail and hospitality businesses and introduce “. . . tools that allow infosec teams to automate security hygiene, quantify cyber risk, more easily identify and fix cloud vulnerabilities, reduce cloud risk, and stop fraud security threats,” says Suzie Squier, president of RH-ISAC. The event was open to cybersecurity professionals working for retail and hospitality companies that handle consumer data.
Cybersecurity for Retail & Hospitality
The Emerging Technology Showcase featured five sessions, each one led by a different company. “We selected companies that touch on a variety of the challenges our sectors face,” says Squier. The featured companies include Alfahive, Cerby, Dazz, SpecTrust, and Wiz. Each one offered insight into how its product can mitigate cyber risk in the retail and hospitality industries.
Quantifying the financial impact of cyber risks and the value of risk mitigation only becomes more important as breaches become more costly. Alfahive’s Cyber Risk Quantification platform helps businesses understand their financial risk and drive decision-making. The company calculates risk and associated costs through the use of industry-specific scenarios.
Threats like ransomware and phishing are on the rise as threat actors look for and find more vulnerabilities to exploit. Understanding vulnerabilities, such as human error and a distributed workforce, and shrinking the attack surface can help retail and hospitality companies reduce cyber risk. The Cerby Showcase session focused on how the company automates security hygiene to reduce the risk of attacks. The Cerby platform protects customers from common application misconfigurations and integrates with many commonly used applications.
Two of the event’s sessions focused on cloud risk and improving cloud security. Dazz will present on its solution for uncovering, triaging, and correcting cloud vulnerabilities. The company’s solution is meant to work with customers’ existing workflows, ultimately reducing the amount of time it takes to achieve remediation. Wiz’s session will dive into its cloud security product that is designed to minimize the attack surface. The company offers coverage for AWS, Azure, GCP, OCI, Kubernetes, and Openshift.
SpecTrust’s no-code Fraud Defense Cloud, was also featured during the showcase. This solution is deployed in front of a company’s website or API, where it filters good and bad actors, automates threat response, and provides end-to-end data orchestration.
RH-ISAC’s emerging technology working group, comprised of cybersecurity advisors for tech startups, selected the companies for the showcase. “This group is well-versed in the technology landscape and offered recommendations on what types of companies should be showcased in order to provide the most value to the retail and hospitality cybersecurity community,” explains Squier.
Squier's hope before the event was that Showcase attendees would leverage the knowledge they gained to solve real-world business challenges. “This is a unique event because attendees will get the opportunity to learn about new solutions but also to schedule Q&A sessions where they can ask questions specific to their business within a private forum,” she says.