Press

Target, Best Buy, VF Corporation and P&G Announced Among Featured Speakers at the Retail Cyber Intelligence Sharing Center (R-CISC) Annual Summit

FOR IMMEDIATE RELEASE
August 17, 2017                             

Contact: R-CISC Press Office
pr@r-cisc.org

Target, Best Buy, VF Corporation and P&G Announced Among Featured Speakers at the Retail Cyber Intelligence Sharing Center (R-CISC) Annual Summit

R-CISC announces agenda for annual cybersecurity summit, including a Women in Cybersecurity panel

Washington, DC — The Retail Cyber Intelligence Sharing Center (R-CISC), which houses the Retail ISAC, today announced featured speakers for its Retail Cyber Intelligence Summit in October.

 Among the keynote speakers are Rich Agostino, CISO at Target, leading a session titled, “Stepping into Leadership: Staying Ahead of Today’s Threats and the Evolving CISO Role” and Kostas Georgakopoulos, CISO at Procter & Gamble, leading a session on the next evolution of information security.

The R-CISC also announced a panel on  The Importance of Women in Cybersecurity as part of this year’s summit. Panelists include Deborah Dixon, the senior vice president and global CISO at Best Buy Co., Roseann Larson, vice president and CISO at VF Corporation, and Lauren Dana Rosenblatt, executive director and global head of cyber threat management at The Estée Lauder Companies.

According to Women’s Society of Cyberjutsu (WSC) statistic, women represent a mere 11% of the world’s information security workforce. While STEM, Cyber Boot Camps, and other programs represent the growing trend of attracting women to the field, an imbalance persists. These leading women in strategic roles within their cybersecurity organizations will discuss their journey into the field, the ways to eliminate barriers for aspiring female leaders and how the industry can help shift this trend for the future.

Other speakers include:

  • Scott Howitt, SVP & CISO, MGM Resorts International
  • Jason Lay, Lead Threat Intelligence, QVC
  • Grant Sewell, Manager, Global Information Security, Scotts Miracle-Gro Company
  • Adam Solomon, Associate, Hunton & Williams LLC
  • Becky Halstead, Brigadier General (ret.), U.S. Army
  • Don Yeager, New York Times Best-Selling Author
  • Carson Zimmerman, Author, Cybersecurity Engineer
  • Travis Farral, Director, Security Strategy, Anomali
  • Shuman Ghosemajumder, CTO, Shape Security
  • Luke Rodeheffer, European Cyber Analyst, Flashpoint
  • Kirk Soluk, Manager, Threat Services, Arbor

The 2017 Retail Cyber Intelligence Summit will bring together 200 CISOs and their teams from the greater retail and consumer services industries – including restaurants, hospitality, gaming properties, convenience stores, consumer product manufacturers and more – to share best practices, gain insights and, most importantly, network with other information security professionals to build trust.

 “Our annual Summit provides the perfect opportunity to continue to develop and build solid peer-to-peer relationships within our community, with the government and cross-sector relationships, helping to expand the real-time sharing of cyber threat intelligence and better protect the industry as a whole,” Suzie Squier, Executive Director of the R-CISC said. “The agenda addresses the key challenges and issues of strategic retail leaders and tactical practitioners.”

 The R-CISC is the trusted cybersecurity community for retailers, consumer product manufacturers, grocers, hotels, restaurants, and cybersecurity industry partners worldwide.

 More Information on the 2017 Retail Cyber Intelligence Summit can be found on http://summit.r-cisc.org/.

### 

The R-CISC is the trusted cybersecurity community for retailers, consumer products, grocers, hotels, gaming, restaurants, and cybersecurity industry partners worldwide. The R-CISC supports its member base, representing over $1 Trillion in annual revenue, by serving as the conduit for collaboration, threat and best practice sharing, and cooperation. Through building and sustaining valuable programs, partnerships, products and opportunities, the R-CISC enables its members to grow their trust-based relationships, strategic knowledge and tactical capabilities. For more information on R-CISC membership and benefits visit us at our home page https://r-cisc.org.

 

Read More
R-CISC Intelligence Director speaks at RVAsec 2017

Over the last several years, retail breaches have become some of the highest profile stories, but just like any other vertical target, the day-to-day offense and defense continues to evolve. The ebbs and flows of attackers and defenders don’t always make the news, which is a good thing, but what does the daily routine look like on the retail front? And, why should you care? You should care because at some level or another, we are the potential defenders, or consumers of these organizations, and retail has now become part of the modern attacker infrastructure. 

Read More
Retail Cyber Intelligence Sharing Center (R-CISC) Announces New Executive Director

FOR IMMEDIATE RELEASE
July, 7, 2017                             

Contact: R-CISC Press Office
pr@r-cisc.org                                                                                           

 Retail Cyber Intelligence Sharing Center (R-CISC) Announces New Executive Director

The R-CISC will expand its sharing capabilities in the coming months

Washington, DC — The Retail Cyber Intelligence Sharing Center (R-CISC) announced today it has hired Suzie Squier to serve as its executive director. As executive director of the center, Squier reports directly to the R-CISC Board of Directors and is responsible for management of the organization, and continuing to develop and expand the capabilities of the center’s Information Sharing and Analysis Center (ISAC).

Squier has been connected to the R-CISC from day one and has a wealth of management experience. In her previous role at the Retail Industry Leaders Association (RILA), Squier was integral in the origination and formation of the R-CISC. As RILA’s executive vice president of member services, she also oversaw the membership and marketing functions, and had oversight of the CIO Leaders Council, Cybersecurity Leaders Council and the Internal Audit Committee.  

“The Board of Directors is excited about what the future holds for the R-CISC with the team in place and the addition of Suzie and her leadership,” Jim Cameli, chair of the R-CISC and global CISO at Walgreens Boots Alliance, said. “We have a great deal of positive momentum, and are looking forward to implementing the next iteration of R-CISC’s sharing platform.”

 Squier officially began as executive director of the R-CISC earlier this month. She replaced Brian Engle who had previously served in the role. Squier oversees all operations of the R-CISC, including the Retail ISAC, membership engagement and education. She will play an integral role in continuing to move the R-CISC forward. Two key aspects of that are the new sharing architecture to be announced later this summer and the R-CISC’s Retail Cyber Intelligence Summit, in Chicago later this year.

“I look forward to continuing to develop the R-CISC’s capabilities and build solid peer-to-peer relationships within our community, with the government and in cross-sector relationships, to expand the real-time sharing of cyber threat intelligence and better protect the industry as a whole,” Squier said about her new role. Read more in Squier’s recent post on the R-CISC blog.

Squier will carry on the R-CISC’s engagement and partnerships with leading academic institutions, industry trade associations, government, law enforcement and cross-sector sharing forums. She will actively engage private sector stakeholders and government agencies to facilitate information sharing and strengthen the retail industry’s capability and capacity to mitigate risk from cyber attacks.

The R-CISC is the trusted cybersecurity community for retailers. consumer product manufacturers, grocers, hotels, restaurants, and cybersecurity industry partners worldwide.

###

The R-CISC is the trusted cybersecurity community for retailers. consumer product manufacturers, grocers, hotels, restaurants, and cybersecurity industry partners worldwide. The R-CISC supports its member base, representing more than $1 trillion in annual revenue, by serving as the conduit for collaboration and cooperation, and the sharing of threat intelligence and best practices. It builds and sustains valuable programs, partnerships, products, and opportunities that enable its members to increase their trust-based relationships, strategic knowledge and tactical capabilities. Through the R-CISC, members of all sizes and capabilities share cyber intelligence on incidents, threats, vulnerabilities, and associated best practices because, as a community, retailers understand they are stronger together.

Read More
Business Wire: Closing the Retail Cybersecurity Gap Between Breaches and Fraud

LexisNexis Risk Solutions and the Retail Cyber Intelligence Sharing Center (R-CISC) Team to Offer Retailers an End-to-End Solution for Mitigating Cyber Threats

ATLANTA–(BUSINESS WIRE)–While retailers are getting better at combatting cybersecurity threats to customer data, few are prepared to combat the fraud that happens after a hack. A new cooperative effort announced today between LexisNexis Risk Solutions and the Retail Cyber Intelligence Sharing Center (R-CISC) will give retailers new resources for bridging the gap between cyber theft and fraud prevention.

The R-CISC is the retail industry’s cybersecurity consortium for sharing intelligence, alerts and solutions to fight cyber threats. LexisNexis Risk Solutions will join the consortium as a Premier Associate Member, and make available to R-CISC members the many fraud-fighting services available within its LexisNexis® Fraud Defense Network.

In turn, LexisNexis Risk Solutions will leverage the alerts and threat intelligence in R-CISC’s arsenal to enhance its products and services for its retail customers. The R-CISC will also make available its analysts and capabilities to help LexisNexis Risk Solutions assess its own cyber alerts.

The collaboration is one of the first to combine the substantial resources of identity theft and fraud prevention organizations to offer retailers an end-to-end solution for mitigating their cyber risks. We recently sat down with Vikram Dhawan, Sr. Director Product Management of LexisNexis Risk Solutions; Kimberly Sutherland, Senior Director, Fraud Management of LexisNexis Risk Solutions along with Brian Engle, Executive Director of R-CISC to discuss the ramifications of the announcement.

LexisNexis Risk Solutions: What is the need for retailers that is driving this announcement?

Dhawan: Retailers don’t have broad visibility into identity fraud and lack critical knowledge around how to mitigate it. By working together, we give them a comprehensive set of resources and expertise for fighting cyber risks from the initial theft of identities and personal information to fraud attempts using those stolen identities. This is a first-of-its-kind effort covering the full lifecycle of retail cyber threats.

Sutherland: Fraud is a costly problem for retailers that is only getting worse. Our 2016 LexisNexis True Cost of Fraud report found that every dollar of fraud cost merchants $2.40, up from $2.23 from the previous year. We also discovered that the volume of fraud rose sharply—from a monthly average of 156 to 206 successful fraudulent transactions, and from 177 to 236 prevented fraudulent transactions. Greater visibility into fraud is needed to help retailers reverse this trend.

Engle: Cyber-criminals are persistent and their methods are increasingly sophisticated. No industry, institution or government agency is immune from attack. The retail industry is a target for cyber criminals that seek to steal customer information and payment details in data breaches and point of sale attacks. After a breach occurs, the number of retailers attacked by criminals using the information to commit fraud increases exponentially. In the past, retailers have had limited means to combat the potential fraud from stolen personal information. The LexisNexis Fraud Defense Network complements the R-CISC’s cybersecurity resources by filling in these gaps.

LexisNexis: What roles do the R-CISC and the Fraud Defense Network currently play in the market?

Sutherland: The Fraud Defense Network is an initiative that gives insights into fraudulent or suspicious activity by connecting organizations across different industries with resources, experts and powerful data analytics.

Dhawan: LexisNexis Risk Solutions established the Fraud Defense Network because fraudsters have become more sophisticated and often cross industry boundaries to commit crimes on multiple fronts. The tried and true fraud mitigation methods of the past had become less effective. Members can benefit greatly from a cross-industry view to attack the problem more effectively and proactively.

Engle: The R–CISC is proud to serve as the conduit for collaboration, intelligence sharing and cooperation as the trusted cybersecurity community for retailers worldwide. We do this by building and sustaining valuable programs, partnerships, products and opportunities that enable our members to grow in their trust–based relationships, strategic knowledge and tactical capabilities.

Through the R-CISC, retailers of all sizes share cybersecurity intelligence on incidents, threats, vulnerabilities, and associated threat remediation; as a community, we understand that we are stronger together

LexisNexis: How can R-CISC member retailers benefit from the LexisNexis Fraud Defense Network? Conversely, how is the Fraud Defense Network enhanced with R-CISC resources?

Dhawan: Managing retail fraud can be challenging. The Fraud Defense Network provides both resources and technology for fraud mitigation. Our retail customers in the R-CISC membership can leverage our comprehensive data and analytics to quickly and confidently recognize good customers and good transactions while stopping bad ones, from their eCommerce sites to brick-and-mortar stores to mobile transactions.

Sutherland: I agree. Because the Fraud Defense Network is a cross-industry initiative, retailers can gain from both the data already gleaned from other industries like financial services, insurance and government, as well as from insights and intelligence for fraud prevention already refined in these industries. For example, retailers can take advantage of data available from financial services when vetting a newly opened customer account.

The value-add that R-CISC brings to the Fraud Defense Network are the early threat alerts. In other words, early awareness. The earlier retailers can be aware of the potential fraud, the more able they will be to stop it at their door.

Engle: Warning signs and indications of criminal activity come in many stages: prior to a data breach as attackers launch campaigns of attacks with phishing and the exploitation of vulnerabilities; during the dropping of malware intended to exfiltrate data; in the underground markets where the information is sold after a breach occurs; and during the fraud activities that monetize the theft of the data. Using the trust-based exchange of information occurring within the R-CISC membership, combined with the detection and threat intelligence that identifies the criminal underground activity along with the fraud alerts that the Fraud Defense Network can provide, R-CISC member retailers can be highly disruptive to criminals making it much more difficult for them to be successful.

LexisNexis: Will there be any new resources or services created through this collaboration?

Dhawan: Threats and alerts from the R-CISC will be integrated into the products and services offered through the Fraud Defense Network. LexisNexis will also offer its products and services to R-CISC members. We are also working to develop new services integrating our respective expertise.

Engle: Adding fraud-related detection information and mitigation techniques to the arsenal of cybersecurity tools available to R-CISC members will initially be very valuable to retailers. Our strengths of collaboration through bringing together formidable experts within the cybersecurity and fraud related fields will help to develop more in the future as we combine forces. We look forward to the potential of new services and resources that will come as the result of our teams working together.

LexisNexis: How does this collaborative effort specifically create an end-to-end solution for retailers? What are all the parts of the puzzle?

Engle: Cybersecurity efforts have largely been focused on everything leading up to a breach event. Strategies have included shoring up the payment transaction with end-to-end encryption, bolstering extensive layers of protection and defensive measures, and developing improved detection and monitoring capabilities to thwart cybersecurity breaches of payment card and customer information. The R-CISC serves this part of the threat cycle with threat intelligence and cybersecurity information sharing throughout our members to get ahead of any breaches. The resulting fraud that occurs after the breach of payment card information and customer account credentials necessitates the convergence of cybersecurity strategies with fraud detection and mitigation, and the R-CISC/LexisNexis collaboration pulls both ends of the cybercrime spectrum together to enable retailers to more quickly detect and defend against costly fraud activities.

Dhawan: That’s where the Fraud Defense Network kicks in. It brings to retailers the fraud fighting capabilities and intelligence derived from sharing across different industries – like finance, retail, telecommunications, insurance, government, law enforcement and health care – because fraudsters don’t always have a particular bias for a given industry. They tend to ‘follow the money,’ deliberately exploiting gaps in systems to perpetrate fraud and hide their tracks.

Sutherland: In addition, the Fraud Defense Network builds on the R-CISC’s great work to give retailers a dedicated platform to share best practices and contribute to the body of knowledge of fraud. They gain access to our data, analytics and linking technology. They also can tap into our ongoing stream of research and other information on fraud prevention. And they can help contribute to a larger cross-industry fraud mitigation effort by sharing information through our contributory database.

To read the full article, please visit: http://www.businesswire.com/news/home/20170207006188/en/Closing-Retail-Cybersecurity-Gap-Breaches-Fraud

The Retail Cyber Intelligence Sharing Center (R-CISC) is the trusted cybersecurity community for retailers, consumer services retailers, and cyber security industry partners worldwide. Created in 2014 in response to the increased number and sophistication of attacks against our industries, the R-CISC supports traditional retailers, online commerce, wholesalers, restaurants and the food service industry, entertainment, lodging, professional sports leagues and organizations providing other consumer services.

To contact the R-CISC, please email pr@r-cisc.org

Read More
Podcast: Fighting Organized Cybercrime

In this episode, Brian Engle of R-CISC Calls for International Threat Information Sharing on the Bank Info Security podcast.

Please click here to listen to the podcast.

Cyberattacks waged by organized crime groups are simultaneously targeting a wider array of industries worldwide, which is why cross-industry threat information sharing is more critical than ever, says Brian Engle, executive director of the Retail Cyber Intelligence Sharing Center.

While attacks targeting the financial services sector and other business sectors may go after different information, the tools and methods of attack used are basically the same, he says. “We are seeing a lot of the same types of threats across healthcare, aviation and, to a degree, even the automotive industry,” Engle says during this interview at Information Security Media Group’s recent Fraud & Breach Prevention Summit in London.

“We’re definitely seeing an organized element of criminal behavior that is able to leverage common infrastructure and tools and toolsets,” Engle explains. “The number of organizations that can be attacked concurrently, and somewhat arbitrarily by industry type, is increasing. … But information, in general, is being exfiltrated from organizations, whether it’s healthcare, retail or financial services – and that’s happening with … a capability that is really staggering.”

International Collaboration

As head of the information sharing and analysis center for retail organizations, Engle says he’s pushing for more cross-industry collaboration and threat-intelligence sharing that spans international borders.

“The threats that we’re seeing are definitely not divided by boundaries of borders or even oceans,” he says. “We definitely see that the operations of U.S.-based entities are affected by the same threats as those that are operating overseas.”

R-CISC has been working with the financial-services sector for the last two years to enhance and automate cross-industry information sharing. Now Engle says it’s time to expand that sharing into other sectors, which he hopes, in time, will be facilitated more through governments.

During this interview (see audio link below photo), Engle also discusses:

  • How he sees cross-industry information sharing evolving over the next year;
  • Why information sharing within the retail space is still in its infancy; and
  • How information sharing and analysis centers in all industries are working to filter and funnel data in more meaningful ways.
  • In his role as executive director, Engle supports the R-CISC’s mission of sharing cybersecurity information and intelligence. He also leads the
  • Retail and Commercial Services Information Sharing and Analysis Center. Engle serves as an advisory partner on the leadership team of the
  • ISAO Standards Organization. He previously served as CISO and cybersecurity coordinator for the state of Texas, CISO at the Texas Health and
  • Human Services Commission, CISO at Temple-Inland and as manager of information security assurance at Guaranty Bank.
Read More