Worried US retailers battle cyber-attacks through new intelligence-sharing body

Target, Nike, Safeway circle the wagons

Stung into action by a wave of devastating data breaches, US retailers have taken the historic decision to share data on cyber-threats for the first time through a new initiative, the Retail Cyber Intelligence Sharing Center (R-CISC).

Developed after input from 50 retailers and the Retail Industry Leaders Association (RILA), R-CISC will operate as an independent body collecting anonymised data on the attacks detected by firms, hopefully allowing them to spot common patterns. This will include malware strains, software vulnerabilities, forum activity and real-time information on attacks.

Other elements of its brief will be to educate members on defence using training and develop research capabilities by forging lnks within the security world.

Prominent launch names include J. C. Penney, the Gap American Eagle Outfitters, Nike, Lowe's Companies, Safeway, VF Corporation, Walgreen Company and the most famous victim of retail attacks to data, Target Corporation. Other firms are said to be joining in the coming weeks and months.

On the law enforcement side, the FBI, the US Secret Service, the Department of Homeland Security will also participate.

"In the face of persistent cyber criminals with increasingly sophisticated methods of attack, the R-CISC is a comprehensive resource for retailers to receive and share threat information, advance leading practices and develop research relevant to fighting cyber-crimes,"said RILA president, Sandy Kennedy, a sentiment backed up by stakeholders.

"We are confident that by sharing with our peers and industry stakeholders through the R-CISC, our industry will collectively strengthen its ability to protect critical customer information," said, vice president of information security at Lowe's Companies, Warren Steytler.

The industry is responding to the sudden rise in cyber-attacks during 2013 which many of its members seemed unprepared for. A list of well-known brands were compromised, including Target, Neiman Marcus, White Lodging, Harbor Freight Tools, Easton-Bell Sports, and Michaels Stores. Events at Target contributed to the resignation of the firm's CIO and, more recently, its CEO.

This kind of intelligencensharing could represent a model for how other industry sectors might circle the wagons against attacks that target them in quite specific ways. The banking sector has longer experience of cyber-attacks and has to some extent piggybacked data sharing on the back of fraud prevention but many other sectors continue to behave as if attacks are a problem for each organisation. This now looks like a major mistake.

Meanwhile, government and regulators in the US are losing patience with the apparent inability of organisations to defend themselves using the most obvious defence mechanism of simply 'spreading the word'. The arrival of R-CISC is politically necessary as well as technically wise.

"This is a good move, as other industry groups - like the financial services industry with the FS-ISAC - have proven the value of threat sharing across and between organisations. Especially given the retail industry needs to work that much harder to rebuild consumer trust," said AlienVault's Barmak Meftah.

"But I do question whether it is enough to simply limit threat sharing to specific players within specific vertical industries," he said. "The determination of the retail industry to share threat data is all fine and good, but the technology at the heart of all this sharing needs to be within reach of all organisations, and it needs to help facilitate this sharing easily."

Join the CSO newsletter!

Error: Please check your email address.

Tags Configuration / maintenanceapplicationshardware systemssoftwareNikeData CentreintelfbiGapTargetLowe'ssecurity

More about American Eagle OutfittersFBILowe's CompaniesNikeSafewayVF

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place