Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Worried US retailers battle cyber-attacks through new intelligence-sharing body

Target, Nike, Safeway circle the wagons

Article comments

Stung into action by a wave of devastating data breaches, US retailers have taken the historic decision to share data on cyber-threats for the first time through a new initiative, the Retail Cyber Intelligence Sharing Center (R-CISC).

Developed after input from 50 retailers and the Retail Industry Leaders Association (RILA), R-CISC will operate as an independent body collecting anonymised data on the attacks detected by firms, hopefully allowing them to spot common patterns.  This will include malware strains, software vulnerabilities, forum activity and real-time information on attacks.

Other elements of its brief will be to educate members on defence using training and develop research capabilities by forging lnks within the security world.

Prominent launch names include J. C. Penney, the Gap American Eagle Outfitters, Nike, Lowe's Companies, Safeway, VF Corporation, Walgreen Company and the most famous victim of retail attacks to data, Target Corporation. Other firms are said to be joining in the coming weeks and months.

On the law enforcement side, the FBI, the US Secret Service, the Department of Homeland Security will also participate.

“In the face of persistent cyber criminals with increasingly sophisticated methods of attack, the R-CISC is a comprehensive resource for retailers to receive and share threat information, advance leading practices and develop research relevant to fighting cyber-crimes,”said RILA president, Sandy Kennedy, a sentiment backed up by stakeholders.

“We are confident that by sharing with our peers and industry stakeholders through the R-CISC, our industry will collectively strengthen its ability to protect critical customer information,” said, vice president of information security at Lowe's Companies, Warren Steytler.

The industry is responding to the sudden rise in cyber-attacks during 2013 which many of its members seemed unprepared for.  A list of well-known brands were compromised, including Target, Neiman Marcus, White Lodging, Harbor Freight Tools, Easton-Bell Sports, and Michaels Stores. Events at Target contributed to the resignation of the firm’s CIO and, more recently, its CEO.

This kind of intelligencensharing could represent a model for how other industry sectors might circle the wagons against attacks that target them in quite specific ways. The banking sector has longer experience of cyber-attacks and has to some extent piggybacked data sharing on the back of fraud prevention but many other sectors continue to behave as if attacks are a problem for each organisation. This now looks like a major mistake.

Meanwhile, government and regulators in the US are losing patience with the apparent inability of organisations to defend themselves using the most obvious defence mechanism of simply ‘spreading the word’. The arrival of R-CISC is politically necessary as well as technically wise.

“This is a good move, as other industry groups – like the financial services industry with the FS-ISAC – have proven the value of threat sharing across and between organisations. Especially given the retail industry needs to work that much harder to rebuild consumer trust,” said AlienVault’s Barmak Meftah.

“But I do question whether it is enough to simply limit threat sharing to specific players within specific vertical industries,” he said. “The determination of the retail industry to share threat data is all fine and good, but the technology at the heart of all this sharing needs to be within reach of all organisations, and it needs to help facilitate this sharing easily.”



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *