Retailers and consumer goods companies faced with the prospect of unrelenting and increasingly sophisticated cyber threats have reason for hope. New advancements in detection and information sharing have improved prospects for mitigating the risks of cyber attacks. The tip of the spear in this effort is a three year old organization that has quickly risen to prominence in a retail industry where digital interactions with customers are growing exponentially.
“We are working on the various barriers to information sharing,” said Suzie Squier, Executive Director of the Retail Cyber Intelligence Sharing Center (R-CISC). “On the technology side we are entering the next evolution of our platform that will allow easier functionality for members of all sizes to share threat intelligence and create a more actionable picture out of that intelligence.”
Retailers are normally very secretive, but when it comes to cyber threats the willingness to share is driven by an us against them mentality. That attitude surfaced in force around 2014 after a series of high profile cyber attacks bloodied several retailers. The industry awoke to the realization that combatting increasingly sophisticated digital bad actors would require the same type of collaboration that long existed among asset protection professionals tasked with protecting stores from organized shoplifting groups.
Today, many retailers have created the role of chief information security officer, or CISO, or at a minimum have rolled information security into the responsibility of other senior executives. R-CISC is targeting these senior executives and others in operational rolls to join in the sharing of cyber threat information.
“We want to keep raising awareness of the R-CISC because the more we share the better off the industry is,” Squier said.
The key advancement on that front was made recently with the addition of TruSTAR Technology as one of four threat intelligence partners. TruSTAR becomes part of the R-CISC’s Information Sharing and Analysis Center’s (ISAC) technology suite, a platform built from the ground up to break down barriers to intelligence exchange. The R-CISC now supports a more automated method of ingesting data shared by members to more quickly share threat insights with members.
“Adding TruSTAR as a threat intelligence partner brings the R-CISC one step further in our strategic initiative to expand the capabilities of the Retail ISAC’s technology infrastructure,” Squier said. “The R-CISC is breaking down barriers to information sharing and increasing the usability of actionable intelligence available for our users, allowing them to more easily ingest, act and mitigate cyber threats.”
Squier joined R-CISC earlier this year to lead all aspects of the organization, including ISAC, but she’s no stranger to the group. During her 14 years with the Retail Industry Leaders Association (RILA) and while in her role as Executive Vice President of Member Services was instrumental in the RILA led effort to establish R-CISC. Those connections to the industry are seen as crucial because there is a high degree of trust involved to foster a culture of sharing among digital executives.
To further the R-CISC trust agenda the organization is slated to hold it second annual Retail Cyber Intelligence Summit Oct 3-4 in Chicago. The gathering will be fairly intimate by design with several hundred retail, consumer goods and solution provider executives in attendance
“One thing we realized early on is that relationships are key to establishing the level of trust that is crucial to build information sharing,” Squier said.
The event is also an opportunity to hear from keynote speakers including Target CISO Rich Agostino on the topic of “Stepping in Leadership: Staying Ahead of Today’s Threats and the Evolving CISO Role. Another noteworthy participant is Procter & Gamble CISO Kostas Georgakopulos leading a session on the next evolution of information security. Another panel on Women in Cybersecurity involves Best Buy CISO Deborah Dixon and VF Corp CISO Roseann Larson. RL