NRF Plans for Cybersecurity in 2023

The National Retail Federation (NRF) and the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) are teaming up to improve retail cybersecurity. The two industry-leading organizations will be combining their efforts in intelligence and threat monitoring. The goals of this partnership, announced in January 2023, include enhancing access to cybersecurity news, guidance, education and resources for retail industry businesses.

Studies show 24% of cyberattacks target retail organizations, and virtually all these attacks are financially motivated. Hackers heavily target financial and payment data in breaches. More commerce is occurring online and retailers are becoming more vulnerable to attack. This causes friction in business decisions since consumers prefer omnichannel shopping options, but ecommerce increases cybersecurity risks.

The NRF and the RH-ISAC partnership will improve the availability of accurate retail cybersecurity news and information. Both organizations are industry leaders in data and guidance in general. Collaborating on security will allow them to double their reach and impact to help as many businesses and professionals as possible.

A 2023 NRF press release highlighted education and support as key goals of the partnership with RH-ISAC. Sharing and developing more detailed and up-to-date guidance on cybersecurity best practices will help improve preparedness among retail and hospitality businesses. Hopefully, this will reduce the rates of successful cyberattacks in the industry.

In addition to collaborating on education, the NRF and RH-ISAC will combine their cyberthreat sharing platforms. The NRF’s Cyber Risk Exchange portal will be shutting down shortly. All members will be migrated to RH-ISAC’s threat-sharing system, which will become the new intelligence hub for both organizations. This will keep everything in one place. 

Cybersecurity News Partnership With CyberWire

RH-ISAC also will collaborate with cybersecurity news leader CyberWire to produce a retail cybersecurity news podcast. CyberWire’s podcasts are among the most popular in the industry, covering a wide range of topics under the security umbrella. Bringing the RH-ISAC’s podcast into the CyberWire library will expand CyberWire’s reputation for reliable news to include the retail industry.

Timely updates on cybersecurity intelligence can be instrumental in ensuring retail businesses can defend themselves. For instance, it is natural for business owners to be concerned about expanding their online channels when faced with the high cost of a cyberattack. Studies show data breaches cost $4.35 million on average as of 2022. That’s enough to make anyone think twice about expanding ecommerce options.

However, these business owners might not know they can use tools to protect themselves against successful cyberattacks. For example, cybersecurity liability insurance can cover the cost of business downtime resulting from a breach and even provide forensic support. This means the cost of hiring experts will be covered so companies can investigate the cause and perpetrators of an attack.

The rise in cybercrime is increasing the market for tools and solutions to defend against hackers. This includes new types of insurance plans and preventive tools like AI and threat monitoring. Retail businesses can also take steps to help protect their customers’ data. For example, implementing two-factor authentication login methods can increase customers’ account security.

Businesses must know about these tools and resources to implement them. That’s why reliable and timely retail cybersecurity news is so important for the industry today. The RH-ISAC and NRF partnership will support ongoing cyberthreat research and provide educational resources. Meanwhile, the RH-ISAC’s collaboration with CyberWire can act as a hub for sharing those regular retail security news highlights.

Retail Cybersecurity Risks

What security threats are organizations like NRF and RH-ISAC working to protect retail businesses from? There are several major cyberthreats facing the industry today.

The sheer presence and cost of cyberattacks have been steadily increasing. The annual global cost of cybercrime rose over 900% between 2018 and 2022, and it is only expected to continue to grow over the next several years. Retail businesses face increasing financial risk from attacks, with a single breach potentially costing millions of dollars.

Consumers are facing an increasing number of cyberthreats as well. Surveys show that 65% of Americans have received at least one online scam offer, and social engineering attacks are among the most common. Tactics like phishing and credential theft can be widespread in the retail industry when hackers know they can access financial data.

Additionally, hackers are more likely to assume retail businesses have excess cash at their disposal. This means a company may be more likely to pay cybercriminals in a ransomware attack. If the victim refuses to pay, the criminal will likely still have access to customers’ sensitive payment or account information, which itself is valuable.

Trends like ransomware-as-a-service are also expanding the availability of cybercrime tools, allowing more people to engage in hacking. A novice hacker can now pay off a more experienced criminal to use their ransomware program and steal money from any organization they want. It requires minimal effort with a high likelihood of payoff if the attack is successful.

All these factors make it imperative for businesses to have access to retail cybersecurity news, education and resources. Knowledge is the key to preparing for and defending against cyberthreats.

Shannon Flynn is a freelance writer from Pennsylvania. She spends most of her time as the Managing Editor for ReHack Magazine, where she covers topics of cybersecurity, IoT and artificial intelligence. She has been featured on sites such as Lifehacker, Make Use Of and HackerNoon.