BLOG
Slider

Six Quick Wins To Fight ATO This Holiday Season

November 19, 2018  R-CISC Team

‘Tis the season where retailers see a much higher volume of sales, both in stores and online. This makes it harder to detect anomalous traffic, and it is impractical to block IP ranges based upon geography, because online sales can be global. Retail staff is motivated and focused upon sales, at th...

READ MORE

An Interview with R-CISC Board Director: Ken Athanasiou

November 12, 2018 

We recently interviewed R-CISC Board Director, Ken Athanasiou, Vice President and Chief Information Security Officer, AutoNation, Inc., about his involvement with the R-CISC and his thoughts for its future. He feels that cooperation and communication are vital if retailers are to be successful in ...

READ MORE

An Interview with R-CISC Board Chair, Colin Anderson

October 23, 2018  Colin Anderson, VP, IT & Global CISO, Levi Strauss

We recently interviewed new R-CISC Board Chair, Colin Anderson about his involvement with the R-CISC and his thoughts for its future. He sees opportunities to help members implement effective controls to manage their respective cybersecurity risks.   R-CISC: Can you tell us a bit about your b...

READ MORE

The 2018 Summit: A Conference that Felt More Like a Team Meeting

October 9, 2018  R-CISC Team

The R-CISC celebrated its most successful Summit to date with a fascinating closing keynote by LTG John Mulholland Jr (Ret), commander of the “horse soldiers” of the Iraqi Freedom campaign, who gave attendees advice on great leadership: Leadership demands moral courage—be equal to it! It would...

READ MORE

Day One of the Retail Cyber Intelligence Summit is a Wrap!

October 3, 2018  R-CISC Team

R-CISC's third annual Retail Cyber Intelligence Summit kicked off yesterday with a keynote from Doug Stephens, the Retail Prophet and continued with a full schedule of sessions. Topics included everything from Building a Threat Intelligence Program,  Utilizing Dashboards and Metrics to Drive Perfor...

READ MORE

R-CISC Interviews: Members of Target’s Information Security Team

September 28, 2018  Target Cybersecurity Team

“Cyber security shouldn’t be considered a competitive advantage, but a collaborative effort,” writes Rich Agostino, CISO, Target—and speaker at the 2018 Retail Cyber Intelligence Summit. As part of our series from speakers and sponsors of this year’s Summit, we recently asked members of ...

READ MORE

Three Security Lessons to Keep in Mind Leading Up To the R-CISC Summit

September 26, 2018  By Heather Howland, VP of Marketing, Preempt

By Heather Howland, VP of Marketing, Preempt It’s never been more important for retailers to harden their cybersecurity posture— especially given the documented trend of intensified attacks on retailers during the rapidly-approaching holiday season. We’re excited to attend the 2018 Retail ...

READ MORE

The Need for Cyber Threat Intelligence: What Are we Concerned About? Part 2

September 24, 2018  Tommy McDowell, Sr. Director, ISAC, R-CISC

Cyber threat intelligence (CTI) requirements guide not only what intel is collected, but also how it is analyzed and used for IR, the SOC analyst and the business, as well. Developing a good set of requirements helps the organization: Monitor the right threat actors Collect the most usefu...

READ MORE

R-CISC Interviews: Tae Kim, Capital One

September 20, 2018  Tae Kim, Sr. Mgr., Cyber Intelligence, Capital One Financial Corporation

“The window of time we had to stop the leveraging of known vulnerabilities, has now seemingly turned into an advantage for the advanced threat actors.,” writes Tae Kim, Senior Manager, Cyber Intelligence at Capital One Financial Corporation —and speaker at the 2018 Retail Cyber Intelligence S...

READ MORE

R-CISC Interviews: Doug Stephens, Retail Futurist

September 18, 2018  Doug Stephens, Retail Futurist

“Isolationism makes everyone less safe,” writes Doug Stephens, Retail Futurist —and Opening Keynote speaker at the 2018 Retail Cyber Intelligence Summit. As part of our series from speakers and sponsors of this year’s Summit, we recently asked Doug to respond to a few questions about the f...

READ MORE

R-CISC Interviews: Jamie Butler, Endgame

September 17, 2018  Jamie Butler, CTO, Endgame

“. . .the speed to weaponize a vulnerability has decreased down to days from the first PoC.” writes Endgame’s CTO, Jamie Butler. As part of our series from speakers and sponsors of this year’s Retail Cyber Intelligence Summit., we recently asked Jamie to respond to a few questions about the...

READ MORE

Webinar Recap: Implementing Multifactor Authentication for E-Commerce

September 14, 2018 

NIST Releases Cybersecurity Guide to Help Reduce Online Retail Fraud Over the past several months, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has been collaborating with retailers and technology vendors on a cybersecurity pro...

READ MORE

R-CISC Interviews: Justin Swisher, Anomali

September 13, 2018  Justin Swisher, Security Strategy Manager, Anomali

“Organizations are recognizing that threat intelligence supports decision making, informs incident response and drives threat hunting,” writes Justin Swisher, Security Strategy Manager at Anomali—and speaker at the 2018 Retail Cyber Intelligence Summit. As part of our series from speakers and...

READ MORE

R-CISC Interviews: Phillip Miller, Brooks Brothers

September 11, 2018  Phillip Miller, Head of Infrastructure & CISO, Brooks Brothers

“If our designers, buyers and innovators are hamstrung by security in the pursuit of product development, they will either go around us or fail to produce expected outcomes,” writes Phillip Miller, Head of Infrastructure & CISO, Brooks Brothers—and speaker at the 2018 Retail Cyber Intelligence...

READ MORE

The Need for Cyber Threat Intelligence: What Are we Concerned About?

September 4, 2018  Tommy McDowell, Sr. Director, ISAC, R-CISC

This is one of a series of posts addressing key threats to the retail sector in an attempt to identify which information assets and systems must be protected, and to examine the value of identifying adversaries and intelligence consumers. Today, the most serious data breaches and disruptions resu...

READ MORE

Targeting the Supply Chain

August 23, 2018  Retail ISAC Team

Threat actors are increasingly targeting supply chain organizations to get around ever more hardened corporate perimeters, modifying their products to achieve a range of potential effects, such as cyber espionage, organizational disruption or demonstrable financial impact. According to a recent r...

READ MORE

R-CISC Recaps Black Hat 2018

August 14, 2018  Retail ISAC Team

BlackHat USA is one of the world's leading information security events, providing attendees with the very latest in research, development and trends. This year’s conference was no different and delivered its attendees with an extensive amount of valuable insight. The R-CISC Threat Intelligence Tea...

READ MORE

We’re Just Weeks Away from Informative Sessions and Great Networking

August 10, 2018  Suzie Squier, Executive Director, R-CISC

We’re just about two months away from the 2018 Retail Cyber Intelligence Summit in Denver. The R-CISC will have organized more than 20 sessions to help members better prepare for future challenges in cyber security. This year’s Summit follows our tradition of an R-CISC member-driven agenda with ...

READ MORE

Credential Harvesting

August 1, 2018  Retail ISAC Team

Numerous attack campaigns in the past couple of months have demonstrated a common tactic used by cybercriminals and state-sponsored attackers alike―credential harvesting. According to the Verizon 2017 Data Breach Investigation Report, 81% of hacking-related breaches leverage either stolen, default...

READ MORE

New Authentication Standards Help Merchants Reduce Risk and Checkout Friction 

July 18, 2018  Brett McDowell, Executive Director, The FIDO Alliance

By Brett McDowell, Executive Director, The FIDO Alliance With attacks shifting away from POS terminals to web and mobile channels, the risk of data breach and account fraud for online retailers is skyrocketing, but new global standards developed jointly by the FIDO Alliance and the W3C are being ...

READ MORE

Third Party Vendor Risks

July 5, 2018  Retail ISAC Team

The threat landscape has transformed significantly over the last decade. As organizations have invested in security controls, tools and personnel to combat threats, threat actors have found other ways to infect systems and ultimately compromise organizations. As a result, threat actor groups have be...

READ MORE

Phishing-As-A-Service (PHASS) Platforms and Frameworks

June 20, 2018  Retail ISAC Team

PHISHING-AS-A-SERVICE (PHAAS) allows attackers to create individual phishing campaigns, schedule and process emails and a lot of other related procedures that are involved in phishing computer targets. While most currently available PhaaS platforms are designed to test the resilience of organization...

READ MORE

Collaboration in the Twin Cities – Recap of Minneapolis’ Regional Intelligence Workshop

June 13, 2018  Alexandra Brown, Program Director, R-CISC

The commitment to increasing retailer’s cyber security posture via collaboration, partnership and sharing threat intelligence was evident at the R-CISC Regional Intelligence Workshop, hosted at member company Target’s headquarters June 7. Rich Agostino, Target’s CISO, kicked things off with a ...

READ MORE

Compromised Point-of-Sale Data Remains a Staple Among Fraudsters

June 9, 2018  By Kathleen Weinberger and Roman Sannikov, Flashpoint

By Kathleen Weinberger and Roman Sannikov Below is a featured blog post from associate member Flashpoint. This comes as a follow-up to the webinar they presented recently to the R-CISC membership. We thank them for their expertise and willingness to share and support the R-CISC's community of ret...

READ MORE

R-CISC goes to Canada

June 9, 2018  Jennifer McGoldrick-Stenberg, Director, Membership & Operations, R-CISC

We took our workshop tour to Canada on Tuesday to host the first R-CISC Canadian Retail Cybersecurity Invitational with our partner, Deloitte. The one-day gathering brought cybersecurity professionals together from Canada’s leading retail, grocer, consumer products, entertainment, and hospitality ...

READ MORE

We Need to Be All In

June 6, 2018  Suzie Squier, Executive Director, R-CISC

By: Suzie Squier, Executive Director, R-CISC Whether it was working with legal counsel to determine what information can be shared, or in internal discussions with his team, “being all in” was Publix vice president of IS architecture and security Steve Wellslager’s mantra for his efforts i...

READ MORE

Diversity: the art of thinking independently together. An interview with Deb Dixson.

June 6, 2018  Jennifer McGoldrick-Stenberg, Director, Membership & Operations, R-CISC

By: Jennifer McGoldrick-Stenberg, Director, Membership & Operations, R-CISC As Malcolm Forbes once said, “diversity [is] the art of thinking independently together.” This powerful message is paralleled in the thoughtful responses I received during my conversation with Deb Dixson. As you may k...

READ MORE

R-CISC Intelligence Workshop Series Kicks Off in Ohio

May 23, 2018  Jennifer McGoldrick-Stenberg, Director, Membership & Operations, R-CISC

One could argue that Ohio is a hot bed for retail and many of Ohio’s best joined R-CISC staff last week to kick off its Intelligence Workshop series at a member company headquarters in Columbus. With more than 30 in attendance, the day was packed with informative and educational content stemming f...

READ MORE

R-CISC Reflects on 2018 RSA Events

April 24, 2018  Alexandra Brown

Last week, some of the R-CISC staff attended RSA in San Francisco, California. We participated in several great talks, sessions and of course, ample networking time with our cybersecurity peers both in and out of the Retail industry. Here’s a rundown of our 2018 RSA experience:   Staring of...

READ MORE

Better to be a Warrior in a Garden: A Conversation with Scotts Miracle Gro's Grant Sewell

March 12, 2018  Jennifer McGoldrick-Stenberg

Introducing the Practitioner Mindset Series – Interview with a Cybersecurity Professional: The R-CISC is on a mission to bring you useful content, fresh perspectives, and modern-day cybersecurity wisdom. Join Jennifer McGoldrick-Stenberg, membership and operations director, in this series of deep...

READ MORE

Shape Security Spotlight: Key Takeaways - Retail Threat Briefing Webinar with R-CISC

February 28, 2018  Shape Security

In the era of Amazon and mainstream e-commerce, every online retailer has to deliver a compelling user experience across their web and mobile channels while protecting customers from cyberattacks and fraud. Recently, Shape collaborated with R-CISC to share attack data and analysis of the most preval...

READ MORE

Retail Cyber Intelligence Sharing Center (R-CISC) Forms Gaming and Hospitality Cybersecurity Alliance (GHCA), a Dedicated Information and Intelligence Sharing Alliance within the R-CISC

February 13, 2018  Allie Brandenburger

Washington, DC - Today, the Retail Cyber Intelligence Sharing Center (R-CISC) announced the formation of the Gaming and Hospitality Cybersecurity Alliance (GHCA), a dedicated information and intelligence sharing group within the R-CISC. MGM Resorts International will co-chair the alliance in partner...

READ MORE

The R-CISC Announces Cyber Thursdays

February 7, 2018  Allie Brandenburger

The Retail Cyber Intelligence Sharing Center (R-CISC) announces Cyber Thursdays, an educational webinar series they will lead in 2018. Beginning in February, the R-CISC will host one Cyber Thursday webinar series one Thursday each month. In collaboration with its members, the organization will facil...

READ MORE

The R-CISC Announces Cyber Thursdays

February 7, 2018  Allie Brandenburger

The Retail Cyber Intelligence Sharing Center (R-CISC) announces Cyber Thursdays, an educational webinar series they will lead in 2018. Beginning in February, the R-CISC will host one Cyber Thursday webinar series one Thursday each month. In collaboration with its members, the organization will facil...

READ MORE

Announcing the R-CISC Newsletter

February 5, 2018  Corey Nihlean

Do you want timely industry news and an insider view of the R-CISC delivered directly into your inbox? Look no further! With the start of 2018, we’re introducing an easy-to-subscribe weekly newsletter. Stay on top of relevant news with content curated directly to you! We have partnered with Nor...

READ MORE

R-CISC Associate Member Spotlight: Visa Threat Intelligence: Top 5 Retail Payment Threats

January 26, 2018  Alexandra Brown

Over the course of 2017, Visa Threat Intelligence (VTI) observed many global breach trends that had the potential to impact the R-CISC community. There are a myriad of point of sale threats facing the retail landscape. Through Visa research and partnership within the industry, Visa Threat Intelligen...

READ MORE

Announcing The R-CISC Weekly Threat Brief

January 26, 2018  Alexandra Brown

Do you want timely industry news and an insider view of the R-CISC delivered directly into your inbox? Look no further! With the start of 2018, we’re introducing an easy-to-subscribe weekly news brief. Stay on top of relevant news with content curated directly to you!...

READ MORE

Spotlight on R-CISC Member: SpyCloud: How the Grinch Stole Your Customer’s Account

November 28, 2017  Alexandra Brown

Spycloud: How the Grinch Stole Your Customer’s Account It’s mid- November and the hectic holiday season is top of mind for many organizations.  There are only a few more days before the threat level increases.  As early deal-hunters start to strategize ahead of Black Friday and Cyber Monda...

READ MORE

Featured Guest R-CISC Blog Post: Akamai: 5 Things You Should Be Doing to Protect Your Website This Cyber Monday

November 22, 2017  Brooke Noble

5 Things You Should Be Doing to Protect Your Website This Cyber Monday By: Dave Lewis, Global Security Advocate, Akamai Every year we return to talk about security steps to better protect the individual shoppers. We discuss the myriad of confidence scams that crop up during Black Friday and Cyber ...

READ MORE

Spotlight on R-CISC Member: Flashpoint: Shoplifting: Defeating Theft Detection and Prevention Technology

November 21, 2017  Brooke Noble

Spotlight on R-CISC Member: Flashpoint: Shoplifting: Defeating Theft Detection and Prevention Technology Typically considered one of the most accessible and in many cases least-sophisticated types of crime, shoplifting persists as an undeniably damaging affliction across the retail sector. In fa...

READ MORE

R-CISC In The News: 6 Steps For Sharing Threat Intelligence

November 13, 2017  Allie Brandenburger

Threat information-sharing first started getting more attention and interest in the cybersecurity industry after the 9/11 terror attacks. So you’d think by now it would be a routine process, especially with the volume of high-profile data breaches in the past few years. But while there has been...

READ MORE

This #CyberAware month, Two R-CISC Members Offer Space for USSS/FBI BEC Workshops

October 26, 2017  Suzie Squier

In the true spirit of information sharing and in support of the National Cyber Security Awareness Month, two R-CISC members, JOANN Stores and Starbucks, offered their space and, more importantly, valuable staff time in support of the US Secret Service’s (USSS) and Federal Bureau of Investigation...

READ MORE

Retail Cyber Intelligence Summit Reflection

October 18, 2017  Alexandra Brown

The R-CISC team recently wrapped up our second annual Retail Cyber Intelligence Summit. Our whole team spent a handful of days in Chicago to facilitate a wildly successful (I may be biased) conference for the elite retail cybersecurity practitioner community. We’ve compiled our story of these im...

READ MORE

Stepping into Leadership: Q&A with Target CISO Rich Agostino

September 20, 2017  Alexandra Brown

In anticipation of the R-CISC’s Retail Cyber Intelligence Summit, our team had the opportunity to ask a few questions to Target’s new CISO, Rich Agostino. We wanted to learn more about his approach to strategic leadership, how he is addressing the threat landscape and advice he has for up-and-c...

READ MORE

Worth The Investment

August 30, 2017  Suzie Squier

I’m a bit behind in my reading, so just finished the PYMNTS.com article, “Don’t Bite the Phish Hook,” from August 23 which references RiskIQ’s 2017 State of Enterprise Digital Defense Report. The article suggests that companies “Invest in three things: people, process and tech.” I ...

READ MORE

Overcoming Legal Barriers to Information Sharing

August 29, 2017  R-CISC

The R-CISC team is working hard to strengthen support for our members to share openly and actively within our trusted community. We’ve teamed up with Hunton & Williams to gather insights for overcoming legal barriers to information sharing. We understand that companies are challenged to provide...

READ MORE

Letter from Suzie: You Think the Total Eclipse Will Be Cool?

August 24, 2017  Suzie Squier

If you think the total eclipse will be cool, wait until you see the 2017 Retail Cyber Intelligence Summit: Securing Retail 002! And you don’t need special glasses! In addition to the great line up of speakers, like “The Importance of Women in Cybersecurity” panel on Day 1 and Target’s...

READ MORE

The Retail ISAC Announces a Featured Speaker Preview

July 26, 2017  Alexandra Brown

The R-CISC is giving you a sneak peek of the 2017 Retail Cyber Intelligence Summit’s featured speakers! Join us October 3-4 in Chicago for Securing Retail: 002, an opportunity for members of the greater retail and consumer services industries – including restaurants, hospitality, convenience sto...

READ MORE

R-CISC Taps TruSTAR as a new Partner in New Information Sharing Architecture

July 24, 2017  Brooke Noble

Today the R-CISC announced the addition of another threat intelligence partner, TruSTAR Technology.   TruSTAR is a valuable addition to the ISAC’s technology suite, built from the ground up the platform will increase our ability to break down barriers to intelligence exchange. The R-CISC ...

READ MORE

A Note from New Executive Director Suzie Squier

July 7, 2017  Suzie Squier

Having been on board at the R-CISC for a little over three weeks now, I can tell you a lot of work is being done to continue to break down the barriers that impede information sharing. There are three obstacles that prevent sharing: legal or internal policy constraints, limitations with staff res...

READ MORE

R-CISC Highlights from the Retail Collaboratory

May 26, 2017  Alexandra Brown

Earlier this month, the R-CISC team was proud to host our first Retail Collaboratory event. We welcomed a crowd of 130+ retail information security pros, industry experts, and strategic sponsor partners for two days of collaboration and member-led discussions. Our team is appreciative of the many in...

READ MORE

Whose Line is it Anyway? One CISO’s Approach to Board Communications

April 4, 2017  R-CISC

Recently, the R-CISC team sat down with Scott Howitt, SVP & CISO at MGM Resorts International, to learn more about his approach to assessing, prioritizing, and communicating risk to the board of directors. To learn more about additional strategies, join Scott and other retail CISOs in an upcoming wo...

READ MORE

Key takeaways from the R-CISC’s week at RSA Conference

February 22, 2017  Alexandra Brown

Hi, I’m Alex Brown. As Community Manager at the R-CISC, I’m thrilled to begin working with and learning from all of you on how to best facilitate conversations and disseminate information that drives value for you within your organizations and in the retail cybersecurity space. Kicking off what ...

READ MORE

The Retail ISAC (R-CISC) Presents our Holiday Guidance Series for Retailers

October 27, 2016  Brooke Noble

The Retail ISAC (R-CISC) is pleased to invite all eligible retailers to join in our upcoming Holiday Guidance webinar series designed to arm information security professionals from retail, restaurants, hotels, hospitality, and our partner sectors with actionable insight, strategies, and peer discus...

READ MORE

Beyond the Cybersecurity Breach: To the Right of Boom

October 25, 2016  Brian Engle

A series of cybersecurity breaches in the 2013 to 2014 timeframe were the shot heard throughout the industry for many retailers. For some retailers the shot has resulted in a direct hit, while for others it has served as a warning fired across the bow. In all cases, the impact of these events has re...

READ MORE

Accepting the Challenge

May 1, 2016  R-CISC

Last week was our inaugural R-CISC Summit in Chicago. With just over 200 attendees, we had the most significant retail industry professionals covering the latest and greatest in cybersecurity issues and trends.   Kicking off the two days of deep discussions was a session with the R-CISC Board...

READ MORE

Sharing Threat Intelligence at Both Ends of the Chain

January 18, 2016  R-CISC

An SC Magazine e-book came out recently, dubbed “Retail Retaliation,” which gives a good summation of some of the issues facing retailers these days. It’s an oversimplification to say it’s all about that POS, but we certainly know that attackers are going to keep exploiting vulnerabilities...

READ MORE

7 Ways in Which Retail Security is Different

August 19, 2015  R-CISC

Hello, and welcome to the Retail CISC blog! We thought we’d start with an inaugural post on how retail security is different from (and often harder than) security for your standard enterprise. Is there such a thing as a standard enterprise? Probably not from the CISO’s point of view, but many ve...

READ MORE

Don’t Forget to Share This One Important Thing.

August 9, 2015  R-CISC

Many organizations are nervous about sharing threat intelligence, especially if they think it reveals details about the inner workings of their organizations. But there’s one case where they should hold their collective noses and do it anyway. More sites are basing their controls on threat inte...

READ MORE