Retail & Hospitality ISAC Highlights Exceptional Growth and Sharing in 2020 Year in Review

WASHINGTON, D.C., January 28, 2021 – The #Retail & #Hospitality Information Sharing and Analysis Center (RH-ISAC) today announced the publication of its 2020 Year in Review, highlighting exceptional growth and sharing.

In a year of unprecedented challenges brought on by the COVID-19 pandemic – one that particularly impacted the retail and hospitality sectors, the RH-ISAC not only experienced a 20% growth in membership but also the continued commitment of its members to support one another through the sharing of threat intelligence and in practices and policies that strengthened their environments in everything from work-from-home policies to how to protect against digital skimming threats to eCommerce initiatives.

“2020 was a challenging year for our industry, but this report shows just how resilient our community is,” commented Suzie Squier, president at RH-ISAC. “As resources became even more constrained, the RH-ISAC was a force multiplier to each and every member, with more than 900 analysts and security operations managers responding in real-time to questions and requests.” Squier continued, “At the strategic level, CISOs and executives submitted more than 111 requests for information and received close to 700 responses from their peers.”

“I really love the collaboration and openness within the community. Even though we’ve been going through tough times, RH-ISAC is something we want to continue to invest in,” said Gustaf Burman, chief information officer and executive vice president of hotel engineering at Montage Hotels & Resorts LLC.

In 2020, 89% of RH-ISAC’s Core Members contributed actionable threat intelligence across the ISAC sharing channels. The top five threats to retail and hospitality sectors identified by members include:

1. Credential Harvesting
2. Malicious Documents (maldocs)
3. Business Email Compromise (BEC)
4. ATO
5. Malware

Throughout the year, RH-ISAC offered members opportunities to come together to talk about new and recent threats to the industry. A total of 2,300 member analysts attended weekly intelligence calls discussing a range of topics relevant to the industry including digital skimmers, ransomware trends, threat actors, threat hunting, intra-team intelligence sharing, MISP fundamentals, threat detection, physical attacks, and open-source tools and resources.

RH-ISAC saw a 51% increase in attendance at the first-ever Virtual RH-ISAC Cyber Intelligence Summit. The newly re-envisioned virtual RH-ISAC Summit featured 59 speakers, 7 keynotes, and 24 breakout sessions. RH-ISAC hosted several events in 2020 including: webinars, working group meetings, regional workshops, CISO Roundtable Discussions, Capture-The-Flag Exercises, a Cyber Incident Response Simulation, ad-hoc threat intelligence calls, and more.

“This community continues to amaze me. The level of member participation during a year in which our industries were so deeply impacted is a testament to their commitment to the mission,” said Colin Anderson, RH-ISAC board chair.

RH-ISAC published 318 intelligence products for Core Members highlighting cybersecurity news, emerging threats impacting the retail and hospitality sectors, member sharing, details and analysis on topics relevant to members, resources on new and emerging threats and trends impacting members, and more. The RH-ISAC also created and produced the tri-annual Community Landscape Enterprise Analysis Report (CLEAR) that analyzes four-months of member-shared intelligence, supported by relevant content contributed by RH-ISAC Associate Members.

Along with the reports noted above, the RH-ISAC also produced documents showcasing best practices, trends, and more, such as “Building the Foundation of Your Cybersecurity Program,” and the RH-ISAC and Accenture “Retail & Hospitality 2020 Threat Trend Report.” The community also responded to 400 requests for information, which yielded more than 1200 responses and covered such topics as digital fraud, cloud storage, security architecture, risk management, and more.

To learn more about RH-ISAC’s 2020 accomplishments, read the RH-ISAC 2020 Year in Review.