Skip navigation
Industry News

Retail and Hospitality Trending Holiday Cyber Threats

As the weather cools down and consumers prepare for the winter holiday season by shopping for loved ones or traveling to see them, malicious threat actors are standing by ready to ramp up their activities. The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) just released the 2022 Holiday Season Cyber Threat Trends report that reveals the most prevalent malware tools leveraged by cyber criminals this year, with phishing and fraud dominating the list.

In this post, we break down some of the threats facing retail security teams. And in our ebook, Retail Cybersecurity: The Journey to Zero Trust, we share ways that Duo can help retailers improve their security posture.

The state of security in retail and hospitality

RH-ISAC reports “organizations are seeing an increase in the prevalence of credential harvesting attempts, especially leveraging social engineering tactics.” The report found that QakBot, Agent Tesla, Dridex and Emotet are the most likely malware tools to be used by bad actors.

The top five primary cyber threats the report predicted for this holiday season include:

  1. Phishing and credential harvesting

  2. Account takeovers (ATO)

  3. Bots (scalpers and resellers)

  4. Gift and loyalty fraud

  5. Return fraud

The good news is that there is a simple, elegant and modern solution to the top threats this season. Businesses can prevent phishing and credential harvesting by investing in multi-factor authentication (MFA) as the first step to adopting a zero-trust stance (grant no access until trust is established and verified by multiple factors).

Requiring multiple factors to authenticate employee logins limits access to the network and applications to only those that need it. During the busy holiday season when there is more activity and many contractors requiring access, enabling MFA can make the difference between being safe or getting breached.

The White House and many government agencies such as the Department of Homeland Security recommend or require MFA to secure credentials and prevent phishing theft of passwords because it is 99% effective at preventing account compromise. MFA is required for cyber liability insurance. Retailers will soon be required to implement MFA to stay PCI DSS (Payment Card Industry Data Security Standard) compliant in order to protect consumer private data.

image of a person with a credit card

Retail and hospitality organizations may want to take cyber security a step further. Single sign-on (SSO) fortifies MFA by creating fewer passwords and a single dashboard for users to log into to reach all of their applications in one place. Couple MFA with Single Sign-On and reduce the human error element that plagues 82% of data breaches according to the Verizon Data Breach Investigations Report. Add a passwordless authentication factor like a biometric and block attempts at access.

Bolster your cybersecurity stance

This holiday season, retail and hospitality industries are expected to get hit even harder than past seasons by criminal attempts. As criminal rings become more sophisticated in how they target company employees through socially engineered phishing attempts, organizations can take a proactive approach that prevents attacks before they happen by utilizing MFA and SSO to protect employees during this busiest time of year and beyond, to keep private consumer data safe.

Get started by downloading our ebook, Retail Cybersecurity: The Journey to Zero Trust, today.