New Cybersecurity Threat Insights for Retail and Hospitality Companies

Last year, retail and hospitality reported almost 100 indicators of compromise (IoCs) per day. To put that in context, this means that roughly four times every hour, of every day, retail and hospitality companies shared data related to a cyberattack. In all, more than 72,000 IoCs were reported by members during 2018 and 2019.

The latest Retail and Hospitality Threat Trend Report from Accenture and the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) analyzes these IoCs and RFIs provided by members along with threat intelligence gathered by Accenture’s iDefense threat intelligence team to provide a look back on trends. In addition, the report also looks ahead as companies deal with cyber threats during COVID-19. Whether you are a cybersecurity or business leader, I encourage you to read it to gain a better view of the cybersecurity threat landscape.

While COVID-19 related concerns are likely top of mind for many of you, our analysis showed that traditional cybersecurity threats are not abating, and during COVID-19, we’re seeing the same pre-pandemic vulnerabilities exploited by cyber criminals. They may be using a slightly different “hook,” but many threats remain the same at their base level.

Our 2020 report highlights four main trends:


Trend #1: Cybercriminal groups are reusing and recycling.

Bad actors are reusing previously observed tactics, techniques, and procedures (TTPs) with updated themes. The networks and websites of eCommerce businesses remained extremely attractive targets for threat actors throughout 2019. Due to the volume of customer and financial data processed by these organizations and actors’ success at committing card-not-present (CNP) fraud, we believe eCommerce will remain in the crosshairs for quite some time.

Trend #2: The cybercriminal value chain has been “professionalized.”

The criminal underground has rotated toward a new operating model which dictates a heavy reliance upon one another’s skills: a larger degree of cooperation to enable more lucrative attacks. This poses a threat to many industries, including retail and hospitality, as the barriers to entry and return on investment for malicious actors tilt greatly in their favor.

Trend #3: Hospitality and travel organizations remain hotbeds for PII theft.

Because hospitality and travel companies process vast quantities of personally identifiable information (PII), cybercrime affecting the sector has been much broader in online booking, in-hotel wi-fi networks, and other customer or B2B touchpoints. We see an increasing number of supply chain cybersecurity incidents, which we expect to increase as more companies move data to new virtualized environments, cloud, and SaaS platforms.

Trend #4: Retail return fraud is expanding.

Accenture Cyber Threat Intelligence has observed three pertinent topics being discussed on criminal forums—identifying which retailers stolen cards can effectively be used at, contactless payment fraud, and refund fraud.

While there are many courses of preventative action, we see four key areas of action for retail and hospitality companies:

  1. Share information with your industry peers. Cauterizing threats in their early stages is vital and sharing information is the foremost way to do that on a large scale.
  2. Pay attention to other industries. Keeping up with threats in other industries can help retail and hospitality companies become aware of emerging threats that much sooner—giving them a jump on prevention and remediation.
  3. Extend attack simulations to your ecosystem. In addition to simulating attacks against one’s specific organization, retail and hospitality companies should consider running joint exercises with peers and suppliers. Accenture’s latest cybersecurity report shows that about 41% of attacks are now indirect, stemming from supply chain and other partners.
  4. Create a cyber fraud operating model. As cybercriminals continue to focus on various areas of fraud affecting retail and hospitality companies, integrating internal fraud and cyber threat intelligence teams becomes increasingly important. Companies should formulate an operating model and shared resources (people, processes, and technologies) that can support disruption of cyber threats and fraud in tandem.

In my work with the RH-ISAC and with Accenture retail and hospitality clients, I know that we are stronger together than we are apart. RH-ISAC shows how collaboration and information sharing can help retail and hospitality companies stay ahead of cybercriminals. Together, we are leaning in to disrupt malicious cyber activity. Especially now, during COVID-19, that collaboration is more important than ever.

Read the full report to learn more, or reach out to CJ Cui or Howard Marshall with questions.

Disclaimer: This blog post is intended for general informational purposes only and does not take into account the reader’s specific circumstances, and may not reflect the most current developments. Accenture disclaims, to the fullest extent permitted by applicable law, any and all liability for the accuracy and completeness of the information in this presentation and for any acts or omissions made based on such information.

More Recent Blog Posts

2024 RH-ISAC Cyber Intelligence Summit logo

Register for RH-ISAC Summit

Our biggest event of the year is coming up soon! Join RH-ISAC April 9-11 in Denver for our annual three-day conference featuring interactive, practitioner-led discussions, breakout sessions, and keynote presentations.