Major US Retailers Set Up Cyber Intelligence Sharing Center
A problem shared is a problem solved? When it comes to cyber threat intelligence, some of the major US retailers hope working together and sharing information will help thwart future cyber attack campaigns. Recent massive security breaches at Target and other stores have left consumers angry, and despite assurance that new security measures are in place, some shoppers wonder how safe their information is when they swipe their card.
In hopes of minimizing the risk and financial fallout from another disastrous cyber attack, some of the top retailers—including Target, Lowe's, Nike, J.C. Penney, American Eagle Outfitters, Gap, Safeway, VF Corporation, and Walgreen Company—along with the Retail Industry Leaders Association (RILA) announced they are launching a clearinghouse: the Retail Cyber Intelligence Sharing Center (R-CISC).
The R-CISC is a non-profit organization that will serve as a forum for sharing cyber threat intelligence among members, as well as with government agencies and federal law enforcement, including the U.S. Department of Homeland Security, the U.S. Secret Service, and the Federal Bureau of Investigation.
There are three components of the R-CISC:
- The sharing and analysis center is staffed by analysts who identify and share intelligence on cyber threats, including suspected criminal activity, new types of malware, or potential software vulnerabilities.
- Education and training resources for information security best practices
- Research focusing on future cyber security issues surrounding emerging technologies and potential new threats
To help determine best practices for threat information sharing, the association consulted with organizations and vendors such as the Financial Services Information Sharing and Analysis Center, the Information Security Forum, the National Cybersecurity and Communication Integration Center, National Cyber Security Alliance, Verizon, CrowdStrike, IBM, iSIGHT Partners, and others.
In January 2014, Reuters first reported that the FBI distributed a confidential document cautioning retailers to expect more cyber attacks in the future. The story quotes the FBI as saying, “We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms' actions to mitigate it."
Retailers hope steps like the R-CISC will help prevent the FBI’s prediction from becoming reality. The R-CISC is open to retailers and merchants of all segments and sizes.