Over the course of the COVID-19 pandemic, the retail and hospitality sectors have found ways to not only weather the storm but innovate to adapt and improve their businesses for the new digital-first world.
On September 28-29, the RH-ISAC community gathered together online for the 2021 Cyber Intelligence Summit, two days of networking and knowledge exchange focused on today’s threats, to share what they’ve learned and to connect with their peers.
This year’s member-curated program featured five keynotes, several open-forum discussions, and 20 breakout sessions. Despite the all too common, “I wish we were in person!” attendees came together to actively participate in session chats, sponsor tradeshows, and leaderboard challenges, plus social events including wine-tastings and morning yoga sessions.
Check out the highlights below from this year’s sessions and speakers.
Day 1: September 28
The 2021 RH-ISAC Summit kicked off with a candid conversation between RH-ISAC President Suzie Squier and Christopher Krebs, former director of CISA and founder of Krebs Stamos Group. Krebs has had a front row seat to a rapidly evolving threat landscape over the last several years through his roles in both the government and private sector. Front and center is, of course, the escalation of ransomware attacks on high profile targets and the potential they have to disrupt US operations.
Krebs stressed that as long as there are vulnerabilities in the system that make it profitable, hackers are going to continue to target everyday software and services we use to keep our networks running. He sees collaboration as the key to preventing such attacks, something the dedicated sharers in the RH-ISAC community can attest to.
Though ISACs are certainly a start, Krebs sees the need for better operational sharing, not just in private industry, but between the government and the for-profit sector. Everyone has a part to play in creating the right security strategies. Taking shared information and implementing it to make it turnkey will be essential in addressing the growing landscape of threats.
Finally, we asked, what is the threat on the horizon keeping this cyber expert up at night? He warns about the importance of defending against disinformation. There is no chief counter-disinformation officer, but reputational attacks through disinformation are becoming a cheap and effective way of undermining confidence in products.
Following Kreb’s keynote, attendees participated in breakout sessions where peers and industry partners shared what’s working, and sometimes what isn’t, in their security programs. A big topic this afternoon was zero trust, with sessions providing the guiding principles of this popular philosophy and how companies are now applying it not just for remote information workers, but for frontline workers as well.
Other breakouts gave fresh perspective to common topics such as third-party supply chain risk and vulnerability management, that have changed significantly in the wake of the pandemic. Speakers also provided guidance on the cloud as it relates to threat detection and ways in which companies can work to keep their customers safe.
The day’s second keynote was a CISO panel on cyber resiliency and leadership. This panel offered unique insights from both the retail and hospitality sides of the CISO cybersecurity landscape. Moderator Pam Lindemoen, CISO Advisor at Cisco, spoke with Eric Brohm from Wyndham Hotels, Matt Dunlop from Under Armour, and Marnie Wilking from Wayfair, on a variety of topics related to cyber resiliency, which Pam defines as understanding how your business is changing and continually adapting to those changes. Not surprisingly, a big change that everyone has had to deal with is the impact of COVID-19. The panel discussed how their organizations have weathered that storm as well as how they’ve developed business continuity and disaster recovery plans for other threat areas, for maximum cyber resiliency. One big takeaway here is, the bad guy only has to be right once, we have to be right all of the time. Focusing on cyber resilience now will make your organization better prepared, not if, but when, that one-time comes.
Finally, Rich Agostino, SVP, CISO at Target and Nancy King, SVP, Technology at Target, closed out the educational portion of day one with their presentation, “Scaling and Evolving Cybersecurity for a Digital-First World,” which highlighted how Target’s cybersecurity strategy has evolved over the last few years. As Target went through a technology transformation, the team began to reimagine their roles and how technology and the security team could support one another to move beyond basic security capabilities to a culture of digital growth. They’ve had to balance the need for a seamless guest experience with the need to keep their customer data safe. When COVID hit, it became more important than ever for the team to react quickly to new threats, while maintaining not just a safe digital space, but a safe physical space for their customers. Today, they feel their cyber strategy is stronger than ever, as the entire team works together to prioritize both guest experience and risk mitigation for the safe growth of the business.
To celebrate a successful day, attendees then gathered for a virtual wine tasting, where a California wine educator led them through the tasting of three wines made at the Passalacqua Winery.
Day 2: September 29
The first keynote of day two was a moving panel discussion on diversity, equity, and inclusion (DEI) in the cybersecurity field, which featured Laura Bate from Cyberspace Solarium Commission as moderator, and Sailaja Kotra-Turner of Brown-Forman Corporation, Larry Whiteside of the International Consortium of Minority Cybersecurity Professionals, and Kerstin Zell of the Executive Women’s Forum, as panelists. Each shared their own personal experiences, highlighting both how leaders can make a positive impact and address the conscious and unconscious bias they bring to the workplace. On a broader scale, the panelists shared tangible ways to navigate and change these biases in the cybersecurity community, such as volunteering with children and introducing girls to STEM professions, and educating the public on the variety of jobs available within the cybersecurity field, not all of which are highly technical. Finally, the panelists emphasized that DEI is much more than just filling quotas or ticking a box. There is more that every individual, cybersecurity team, and community can do to create positive change toward inclusivity.
Day two continued with more breakout sessions, several of which highlighted getting inside the mind of the attacker for penetration testing and to prepare for threats such as Black Friday dark web activity. Wednesday’s sessions also spoke to the importance of strategic use of threat intel data, providing a framework for “EASY” organization and implementation.
Finally, the Summit concluded with a conversation between RH-ISAC Research & Education Director, Kristen Dalton, and New York Times cybersecurity journalist, Nicole Perlroth. Nicole had little cybersecurity background before coming into her role with the New York Times, but quickly became concerned with the magnitude of cyber risk, as industry leaders continuously warned of cyber doomsday scenarios as the next battlefield. This realization and her first-hand experiences with foreign adversaries during the Chinese breach of the New York Times led Nicole to write her best-selling book, “This Is How They Tell Me the World Ends.”
One key area of concern for her is zero-day threats, which are frequently identified, but remain unpatched for use in covert operations. Is the end-result worth the risk of leaving ourselves vulnerable?
Throughout the Summit, attendees participated in a leaderboard challenge, where they earned points for engagement activities including participating in chats and visiting sponsor booths. The first-place prize, a complimentary stay for the 2022 Summit, went to Joshua Santos of Sketchers. Second place, an Anker portable battery charger, went to Julie Gregory of L Brands, and third place, a $25 Uber Eats gift card, went to Bill Hanning of Groups360, who was also the recipient of the luxury vacation getaway to Key West, Florida, this year’s tradeshow prize!
As we wind-down from the Summit, we encourage you to continue to share your knowledge, experiences and best practices through the RH-ISAC Member Exchange, Slack, listserv, and intel calls.
Make sure you put next year’s 2022 RH-ISAC Cyber Intelligence Summit on your calendar and join us September 13-14, as we reunite in person (fingers crossed!) in Dallas, TX.