{"id":15940,"date":"2025-09-17T07:40:20","date_gmt":"2025-09-17T07:40:20","guid":{"rendered":"https:\/\/dmsretail.com\/RetailNews\/how-the-retail-sector-teams-up-to-defend-against-cybercrime\/"},"modified":"2025-09-17T07:40:20","modified_gmt":"2025-09-17T07:40:20","slug":"how-the-retail-sector-teams-up-to-defend-against-cybercrime","status":"publish","type":"post","link":"https:\/\/dmsretail.com\/RetailNews\/how-the-retail-sector-teams-up-to-defend-against-cybercrime\/","title":{"rendered":"How the retail sector teams up to defend against cybercrime"},"content":{"rendered":"<p> <p><a href=\"https:\/\/dmsretail.com\/online-workshops-list\/\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-496\" src=\"https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90.png\" alt=\"Retail Online Training\" width=\"729\" height=\"91\" srcset=\"https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90.png 729w, https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90-300x37.png 300w\" sizes=\"auto, (max-width: 729px) 100vw, 729px\" \/><\/a><\/p><br \/>\n<\/p>\n<div>\n<p><span><span><span><span><span><span>When devious young hackers <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>penetrated the computer networks<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> of major U.S. retailers and suppliers earlier this year, it was a significant test of the quiet cybersecurity collaboration happening among some of America\u2019s best-known brands and their much more obscure partners.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Amid increasingly worrisome attacks on life- and safety-critical sectors like energy, water and healthcare, cyber threats facing the retail and hospitality sector often get significantly less attention. But the retail industry is the country\u2019s largest private-sector employer, making its resilience vital to the U.S. economy. And over the years, <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>the Retail and Hospitality Information Sharing and Analysis Center<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> (RH-ISAC) has played an increasing role in protecting retailers of all sizes, from household names to obscure supply-chain linchpins.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>The recent retail hacks, which experts have attributed to the cybercrime group Scattered Spider, demonstrated how companies have come together to defend themselves and one another, Pam Lindemoen, RH-ISAC\u2019s chief security officer and vice president of strategy, told sister publication Cybersecurity Dive.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>\u201cThe retail sector has leaned into collaboration, sharing intelligence, best practices and response strategies,\u201d Lindemoen said.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>The breaches linked to Scattered Spider \u2014 <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>a notorious and sprawling gang<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> largely made up of American and British teenagers and young adults \u2014 hit several retail giants in May and June, including <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>Victoria\u2019s Secret<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span>, the Whole Foods distributor United Natural Foods and the department-store chain Belk. As other retailers took note of the intrusions and tried to avoid becoming the hackers\u2019 next victim, RH-ISAC stepped up to support industry-wide security efforts.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>\u201cWe played a key role in coordinating responses to the threat,\u201d Lindemoen said.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>It helped that the ISAC could lean on allies across the Atlantic Ocean who had just finished dealing with their own Scattered Spider attacks. Throughout April, hackers aligned with Scattered Spider breached the department-store chains <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>Harrods<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> and <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>Marks &amp; Spencer<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> and the food retailer <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>Co-op<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span>, prompting <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>urgent warnings<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> from British authorities.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Shortly after those attacks, RH-ISAC organized a briefing for its members with threat intelligence experts at Google\u2019s Mandiant division, Lindemoen said. The ISAC also coordinated with British companies to better understand the threat activity in the U.K., which helped prepare the group for when the hackers turned their attention to American retailers.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>While Scattered Spider may be a collective of young cybercriminals, it poses a serious threat. The group eschews traditional vulnerabilities, instead relying heavily on social-engineering techniques such as tricking help desk workers into resetting account passwords. Because of their sometimes deep access to target companies\u2019 networks, the hackers have even been known to surreptitiously join virtual meetings that companies convene to plan responses to their intrusions.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>The group\u2019s tactics are \u201ca stark reminder of [how], even with advanced technical defenses, the human vulnerabilities can be the weakest link,\u201d Lindemoen said. \u201cSince they\u2019re relying heavily on social engineering to bypass security controls, that just emphasizes that we have to [focus on] layered defenses.\u201d<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<h3 class=\"standard-heading\"><span><span><span><span><span>Suite of cyber defense services<\/span><\/span><\/span><\/span><\/span><\/h3>\n<p><span><span><span><span><span><span>Promoting layered cyber defenses is a major part of the mission of RH-ISAC, which was founded in 2014 in the wake of <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>a wave of cyberattacks<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span>\u00a0on retailers such as Target.\u00a0(When it launched, it had roughly 30 members; it now has more than 290 \u201ccore members,\u201d including hotels, restaurants, retailers and consumer-goods manufacturers). The group facilitates conversations among members about the threat activity they\u2019re seeing, but Lindemoen said it <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>does more<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> than just help companies exchange indicators of compromise.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>\u201cOur members are actually sharing playbooks, response strategies and lessons that they learned in real time,\u201d she said.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>In July, RH-ISAC partnered with other sectors\u2019 ISACs to <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>publish guidance about combating Scattered Spider<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span>. The hacker gang \u201cpresents a real threat\u201d and poses \u201ca significant risk to organizations,\u201d the report said.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<section class=\"storylines-carousel-wrapper hide-small show-large\" id=\"desktop-carousel\"\/>\n<p><span><span><span><span><span><span><span><span>The ISAC also partners<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> with Google, Microsoft, Palo Alto Networks, and Akamai to provide those companies\u2019 services and expertise to ISAC members. Microsoft has provided threat briefings and offered advice on integrating artificial intelligence into security operations, while Google has offered in-person training and provided threat intelligence. Akamai ran a roundtable on operational technology security and helps track cyber fraud activity, and Palo Alto Networks has helped corporate leaders improve their threat reporting to boards of directors.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Last October, the ISAC <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>launched a program<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> to help boost cybersecurity at companies that supply its members, a move that reflected the acute concerns among retailers and hospitality firms about the vulnerabilities of their supply chains.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>RH-ISAC is \u201cvery effective,\u201d as evidenced by \u201ctheir continued growth over the past few years,\u201d said Christian Beckner, vice president of retail technology and cybersecurity at the National Retail Federation. The ISAC\u2019s increasing maturity was a \u201ckey factor\u201d in the NRF\u2019s decision to <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>partner with the group<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> on activities like information sharing and the development of anti-fraud resources, Beckner said.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Lindemoen said the ISAC is focused on \u201chelping members learn from each other and strengthen their defenses collectively.\u201d<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Like its counterparts in other sectors, RH-ISAC is full of companies that compete vigorously in the marketplace. But Lindemoen said she has been impressed by how companies put business rivalries aside when hackers strike.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<section class=\"storylines-carousel-wrapper show-small hide-large\" id=\"mobile-carousel\"\/>\n<p><span><span><span><span><span><span>\u201cThe competitive nature goes away for our sector, and the collaboration comes together,\u201d she said. \u201cI\u2019ve literally gotten phone calls to say, \u2018I\u2019m hearing this. Tell them I\u2019m here to help.\u2019 And it\u2019s really awe-inspiring to watch that happen.\u201d<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<h3 class=\"standard-heading\"><span><span><span><span><span>Securing \u2018the human element\u2019<\/span><\/span><\/span><\/span><\/span><\/h3>\n<p><span><span><span><span><span><span>That kind of collaboration is important in a sector whose very nature makes it particularly susceptible to cyberattacks.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>The people who work at RH-ISAC member companies \u2014 the employees who are the first line of defense against criminals like Scattered Spider \u2014 are trained to be friendly, accommodating and trustworthy. But that corporate culture, which even employees who don\u2019t interact with customers and guests are expected to maintain, is exactly the environment in which social engineering thrives. Hackers especially enjoy striking <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>during the busy holiday sales season<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span>, when overworked retail employees are more likely to let their guards down.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>\u201cIf you think about who they are as an industry, they\u2019re hospitality people,\u201d Lindemoen said of her group\u2019s members. \u201cSo taking advantage of that is what is unique about [attacks on] this sector. They\u2019re taking advantage of the kindness.\u201d<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>The challenge for cyber experts focused on protecting retail and hospital firms is how to balance warmth and vigilance. \u201cHow do you educate your people \u2026 and continue to maintain that hospitality, but ask enough questions to make sure that you&#8217;re not being taken advantage of?\u201d Lindemoen said. \u201cThat, to me, is very difficult for our sector to manage through, with these types of threats that really attack the human element of businesses.\u201d<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>RH-ISAC itself also faces challenges. As a voluntary information-sharing group, its influence over member companies\u2019 cybersecurity programs is limited. It can encourage best practices, but it can\u2019t enforce them. Some of its members might be more diligent about following its recommendations than others, which could result in a fragmented cyber posture across the sector.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>The diversity of the ISAC\u2019s membership will also play an important role in how comprehensively it can help the sector.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Nearly 70% of RH-ISAC\u2019s core members have at least $1 billion in annual revenue, with 13% reporting revenues of more than $20 billion, according to the group\u2019s <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>latest annual report<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span>. In ISACs that are disproportionately made up of the biggest companies in their sectors, smaller players sometimes feel like they have less influence over the groups\u2019 work, and the small companies that are left out have less access to cyber guidance. RH-ISAC is also dominated by retail firms (48% of core members) compared to hospitality industries like hotels and casinos (18%) and restaurants (9%).<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Particularly in a sector as complex as retail and hospitality, building a diverse membership will be essential to ensuring that the ISAC\u2019s work products reflect the full breadth of business considerations and security issues that exist in the sector.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>\u201cThe less regulated and more diverse the sector is, the harder it is to reach everyone,\u201d said Michael Daniel, president of the Cyber Threat Alliance, an information-sharing group. \u201cRetail is virtually uncountable. While the size of individual firms in the sector matters, the number of firms in the sector matters too.\u201d<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<h3 class=\"standard-heading\"><span><span><span><span><span>Growing cyber resilience<\/span><\/span><\/span><\/span><\/span><\/h3>\n<p><span><span><span><span><span><span>Still, there are reasons for optimism in <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>a recent RH-ISAC report<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span>. Nearly 20% of chief information security officers in the retail and hospitality sector now report directly to business executives, a 12 percentage-point increase from last year. \u201cWe\u2019re being integrated into business decisions,\u201d Lindemoen said. \u201cCISOs are gaining influence in this space.\u201d\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>In addition, business continuity, a key consideration for cyber resilience, jumped to the top of roughly half of respondents\u2019 priority lists. Lindemoen hailed the increased \u201cattention and focus around not just preventing attacks, but also quickly recovering from them, which is essential in this business.\u201d<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Major challenges remain for cyber defenders in the sector \u2014 including budget constraints and the constant tension between speed and security \u2014 but RH-ISAC leaders are pleased with how companies have weathered increasing threats.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>\u201cDespite all these high-profile attacks that you\u2019re seeing,\u201d Lindemoen said, \u201cthey\u2019re demonstrating resilience.\u201d<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<\/p><\/div>\n<p><p><a href=\"https:\/\/dmsretail.com\/online-workshops-list\/\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-496\" src=\"https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90.png\" alt=\"Retail Online Training\" width=\"729\" height=\"91\" srcset=\"https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90.png 729w, https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90-300x37.png 300w\" sizes=\"auto, (max-width: 729px) 100vw, 729px\" \/><\/a><\/p><br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>When devious young hackers penetrated the computer networks of major U.S. retailers and suppliers earlier this year, it was a significant test of the quiet [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":15941,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-15940","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/15940","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=15940"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/15940\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/15941"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=15940"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=15940"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=15940"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}