In the retail sector, an online presence is a major, and sometimes the only, conduit for service delivery, so the role of the CISO in building trust in the retailer’s community is of great value to the business - and this trust is a shared interest of the entire landscape of retail, providing consumers the confidence that they are conducting business safely online. The CISO is the key individual in an organization tasked with understanding the risks to business operations and is positioned to align security investments, resources and protection strategies with an organization’s mission, while addressing compliance issues for each industry sector. These strategies not only protect the systems, but the data contained within them — how it’s stored and how it moves throughout the enterprise and in some cases is shared with partners.
Each company’s risk tolerance is different, as is each company’s crown jewels, depending upon its type of businesses and organizational goals. This is why it is critical to have a CISO at the leadership table: to understand the business and risks to business operations, and to be a part of the conversation of any business strategy from the beginning.
CISO’s also need to regularly engage with their peers in much the same way asset protection executives at competing retailers often work together against a common enemy. That’s the main reason why the Retail Cyber Intelligence Sharing Center (R-CISC) was created four years ago. The R-CISC functions as platform where CISO’s and other top executives faced with the enormous responsibility of safeguarding their organization’s data work together on cyber issues that matter most in building confidence for conducting commerce online. Cyber threat intelligence can be used to further the alignment of security resources and investment strategies by identifying and mapping known threats to vulnerabilities, key systems or processes that are priorities for the business. Our members share intelligence about threats in a secure forum in order to better strengthen their companies and help to secure the entire sector.
For example, a recent R-CISC study of top threats and concerns identified phishing, credential compromise and account take over (ATO) as the top challenges. Accordingly, investment and security strategies for common threat vectors utilized by these threats are a priority. By sharing best practices on how to mitigate these risks, R-CISC members become stronger individually and strengthen the industry as a whole.
The retail industry is changing at an unprecedented rate with disruptive technologies presenting both opportunities and challenges. Retailers with CISOs involved with business discussions are better able to keep pace with and stay ahead of the security challenges in their environment. Membership in the R-CISC is a great step toward meeting these challenges because members of all sizes have the ability to share cyber intelligence on incidents, threats, vulnerabilities and associated threat remediation. It’s why more than 250 CISO’s and their peers will gather in Denver October 2-3 for the R-CISC Retail Cyber Intelligence Summit. Interest in this event has gain momentum every year for one very important reason. Participants understand they are stronger together in an environment where cyber threats increase daily and become increasingly sophisticated. RL
Suzie Squier is Executive Director of the Retail Cyber Intelligence Sharing Center (R-CISC), home of the Retail ISAC. She has been connected to the R-CISC since its inception, leading the effort to build the organization in 2014.