The aftermath of the recent major retailer breaches has led to a collaborative initiative that involves both private- and public-sector organizations working to create best practices and to share information to help improve retail-systems security.
The process began in January, when the Retail Industry Leaders Association (RILA) launched a comprehensive initiative to address evolving cyber-threats and to promote additional safeguards for personal data held within the payment ecosystem. As part of the initiative, the RILA Cybersecurity and Data Privacy Initiative began bringing together various stakeholders to enhance existing cybersecurity and privacy efforts.
Soon afterward, RILA joined forces with the Financial Services Roundtable to lead a partnership between the merchant and financial-services industries. It also partnered with the National Cyber-Forensics and Training Alliance to enhance cybersecurity information-sharing and to expand retailers’ approach to cyber threats.
In its most recent move last week, the association, in conjunction with various top U.S. retail brands, launched the Retail Cyber Intelligence Sharing Center (R-CISC), an independent organization and the centerpiece of which is a Retail Information Sharing and Analysis Center (Retail-ISAC). Among the participating companies are American Eagle Outfitters, Gap Inc., J. C. Penney Co. Inc., Lowe's Cos., Inc., Nike, Inc., Safeway, Inc., Target Corp., VF Corp. and Walgreen Co.
The retail industry going to great lengths to minimize risk and stay ahead of cyber criminals, Ken Athanasiou, American Eagle Outfitters global information security director, said in a statement. “The reality is, cyber-criminals work nonstop and are becoming increasingly sophisticated in their methods of attack. By sharing information and leading practices and working together, the industry will be better positioned to combat these criminals.”
Through the R-CISC, retailers are sharing cyber threat information among themselves and, via analysts, with such public and private stakeholders as the U.S. Department of Homeland Security, U.S. Secret Service and the FBI. It also is providing retailers with advanced training and education, and research resources.
“In the face of persistent cyber criminals with increasingly sophisticated methods of attack, the R-CISC is a comprehensive resource for retailers to receive and share threat information, advance leading practices and develop research relevant to fighting cyber crimes,” Sandy Kennedy, RILA president, said in a statement.
R-CISC was developed with input from more than 50 of America’s largest retailers, and in consultation with key stakeholders, including federal law enforcement, government agencies and subject matter experts.
Phyllis Schneck, deputy under secretary for cybersecurity and communications at the U.S. Department of Homeland Security National Protection and Programs Directorate, noted in a statement that the agency is working with the private sector to create shared situational awareness of potential cybersecurity vulnerabilities.
“The Retail Cyber Intelligence Sharing Center will further enhance [Homeland Security’s] collaboration with this important sector of the American economy and will provide information and resources that can help companies keep their networks and the consumer information stored on them safe and secure,” she said in a statement.
RILA says it also has consulted with various third-party cyber specialists including the National Cybersecurity and Communication Integration Center National Cyber Security Alliance and Verizon, to identify leading practices related to threat information sharing.