Press

National ISACs, FBI, USSS and Symantec Collaborate to Fight Business Email Compromise

 

FOR IMMEDIATE RELEASE
October 12, 2017                             

Contact: R-CISC Press Office
pr@r-cisc.org

National ISACs, FBI, USSS and Symantec Collaborate to Fight Business Email Compromise

Roadshow Cities Announced                

Washington, DC – A group of national ISACs, The U.S. Secret Service (USSS), The Federal Bureau of Investigation (FBI) and Symantec announced today the organizations are joining forces to offer free workshops around the country on Business Email Compromise (BEC), a significant and growing threat for businesses and individuals throughout the United States. Although not as widely profiled as ransomware attacks in recent years, BEC represents a more significant financial threat to organizations than other recent types of attack. Since October 2013, the Federal Bureau of Investigation has identified victims from 131 countries and a global monetary exposure of over $5 billion as a result of BEC fraud.

BEC is a sophisticated scam using email and/or other electronic communication to impersonate a business executive, employee, or other person with authority to request payments or access to employee payroll and W2 information on behalf of their company or organization.

To help educate businesses and individuals on ways to combat BEC, the USSS, FBI and Symantec are joining forces with the following ISACs to offer free workshops around the country:

  • Multi-State Information Sharing and Analysis Center (MS-ISAC),
  • National Health Information Sharing and Analysis Center (NH-ISAC),
  • Research and Education Network (REN-ISAC), and
  • Retail Cyber Intelligence Sharing Center (R-CISC).

Business leaders are invited to join these workshops to learn about BEC, a very real & proliferating cybersecurity threat. Cybersecurity experts from the USSS, FBI and private sector will be sharing their experiences & expertise around BEC, how BEC can impact companies and how to protect against becoming the next victim.

Each half-day workshop will include discussion around topics including:

  • Describing the Business Email Compromise (BEC) threat
  • The current threat landscape
  • Tactics, techniques & procedures used by the criminals
  • Why situational awareness & information sharing are important
  • Offer strategies to help protect your organization from BEC attacks

“The Business Email Compromise (BEC) has become an increasingly sophisticated scam targeting businesses that regularly perform wire transfer payments.  The Secret Service is committed to working with our public and private partners to educate the business community while seeking new and innovative ways to combat this emerging cyber threat,” said Robert Novy, Deputy Assistant Director for Cyber at The United States Secret Service.

“Investigating Business Email Compromise (BEC) scams is a top priority for the FBI. This year, the FBI’s Internet Crime Complaint Center, began tracking these scams as a single crime type, illustrating the significance of the threat. It is crucial that all businesses and individuals who feel they have been the victim of BEC file a complaint with www.ic3.gov. Rapid notification allows the FBI to quickly deploy FBI resources to provide assistance and conduct law enforcement actions as appropriate,” said Scott Smith, Assistant Director, Cyber Division at The Federal Bureau of Investigation.

“The R-CISC community is working together to share information and intelligence on Business Email Compromise (BEC) threats, improving our collective knowledge and response. These workshops are a great resource for business and government employees to learn not only about these threats but the resources available to them,” said Suzie Squier, Executive Director of the R-CISC.

“Business Email Compromise attacks (BEC) are the latest sophisticated email threats targeting organizations of all sizes, our research from the 2017 Symantec Internet Security Threat Report shows they target more than 400 businesses a day. Symantec provides comprehensive protection from BEC scams and is working with security experts around the world to identify and protect against these dangerous attacks by sharing insights from threat research and best practices,” said Jane Wong, Vice President of Product Management and Engineering, Messaging Security, Symantec.

 “We received tremendous positive feedback from last year’s Ransomware Roadshow workshops. NH-ISAC is pleased to be partnering again with FBI and the Secret Service as well as its sister ISACs and Symantec to bring valuable information to the public on the Business Email Compromise threat,” said Denise Anderson, President NH-ISAC, Chair National Council of ISACs.

“Business Email Compromise (BEC) activity is a growing problem facing the SLTT community. It emphasizes the need for good cyber hygiene practices at all levels of government,” said Thomas Duffy, Chair, Multi-State ISAC.

“Protection against the growing threat of business email compromise includes the need for aware and savvy users.  These workshops will help professionals who are targeted by attackers make smarter choices to prevent financial fraud,” Kim Milford, Executive Director, Research and Education Network (REN-ISAC).

 Workshops will be conducted in the following cities: Kansas City, MO; Nashville, TN; Boston, MA; Seattle, WA; Denver, CO; Dallas, TX; Phoenix, AZ; San Francisco, CA; Los Angeles, CA; Kennedy Space Center, FL;
New York, NY; Akron, OH.

 Information and registration for each event can be found here: https://nhisac.org/events/nhisac-events/business-e-mail-compromise-workshop/

###

About the Retail Cyber Intelligence Sharing Center (R-CISC)

The R-CISC is the trusted cybersecurity community for retailers, consumer products, grocers, hotels, gaming, restaurants, and cybersecurity industry partners worldwide. The R-CISC supports its member base, representing over $1 Trillion in annual revenue, by serving as the conduit for collaboration, threat and best practice sharing, and cooperation. Through building and sustaining valuable programs, partnerships, products and opportunities, the R-CISC enables its members to grow their trust-based relationships, strategic knowledge and tactical capabilities. For more information on R-CISC membership and benefits visit us at our home page https://r-cisc.org.

 

Read More
Cross-Industry Fraud Increasing; Trend Drives Organizations to Share Data for Mutual Benefit According to LexisNexis® Fraud Mitigation Study

Cross-Industry Fraud Increasing; Trend Drives Organizations to Share Data for Mutual Benefit According to LexisNexis® Fraud Mitigation Study

Increased interest in sharing data to fight fraud

LexisNexis Risk Solutions today released its annual LexisNexis® Fraud Mitigation Study, which found that people who commit fraud in one industry are increasingly emboldened to exploit other industries, too, giving organizations greater incentive to fight fraud cooperatively by sharing fraud data. The same study showed interest is growing among fraud mitigators to utilize fraud data from other organizations, both within their own industries and from other industries. 84 percent of professionals said that more access to industry fraud would be valuable and 80 percent see access to outside-industry data as very valuable.

This has led to increased interest in sharing data in a common cause to fight fraud. 86 percent of professionals said they would consider contributing their investigative outcomes to a contributory database if they could receive the outcomes data back from other industries. Insurance companies, in particular, place a high value on data coming from organizations outside their industry (along with financial organizations) because they experience widespread cross-industry fraud and believe it has a high financial impact on their organization, the study revealed. Retailers are also keen on cross-industry cooperation because of the increasing threats of identify fraud in the industry.

“LexisNexis Risk Solutions’ Fraud Mitigation Study spotlights prominent fraud trends impacting retailers and highlights the need for fraud and information security teams to engage across multiple industries in a concerted effort to strengthen collective fraud defense capabilities,” said Jennifer McGoldrick-Stenberg, Engagement Director, Retail Cyber Intelligence Sharing Center (R-CISC). “As the study suggests, a common obstacle facing retailers is identifying solutions to fight the rising tide of identity and other fraud activities that impact customer accounts. In an effort to mitigate this challenge for the industry, the Retail Cyber Intelligence Sharing Center (R-CISC), which houses the Retail ISAC, has formed a retail-focused Fraud Working Group to formulate solutions and strategies to protect against customer account takeover and gift card fraud activities. The group acts as a mechanism for driving collaboration across the retail spectrum, with participants from member companies including CashStar, Darden, Hyatt Hotels Corp., Jo-Ann Stores, Publix, QVC, Ulta and Synchrony Financial, all focused on a common goal: to produce outcomes that demonstrably mitigate losses and the effect of fraud on customers.”

For the full LexisNexis Risk Solutions release click here: https://risk.lexisnexis.com/about-us/press-room/press-release/2017-10-11-fraud-mitigation-study

To learn more about key findings in the LexisNexis Fraud Mitigation Study, visit http://solutions.lexisnexis.com/fraudstudy.

Read More
Retail Cyber Intelligence Sharing Center (R-CISC) Announces New Board Members and Leadership

FOR IMMEDIATE RELEASE
October 6, 2017                             

Contact: R-CISC Press Office
pr@r-cisc.org

Retail Cyber Intelligence Sharing Center (R-CISC) Announces New Board Members and Leadership

Washington, DC — At its Annual Summit in Chicago this week, the Retail Cyber Intelligence Sharing Center (R-CISC) voted on new leadership for their Board of Directors and announced the addition of two new Board member companies, The Estée Lauder Companies and Scotts Miracle-Gro Company. Lauren Dana Rosenblatt, Executive Director, Global Head of Cyber Threat Management at The Estée Lauder Companies and Grant Sewell, Manager, Global Information Security at Scotts Miracle-Gro Company will serve as directors on the Board.

David Spooner, Senior Vice President, Chief Information Security Officer at The TJX Companies, Inc. is the newly-elected Secretary of the R-CISC Board. The rest of the Board leadership will remain, with Jim Cameli, VP & Global CISO at Walgreens Boots Alliance, as Chairman, Colin Anderson, VP, IT & Global CISO at Levi Strauss & Co. as Vice Chairman, Scott Howitt, Senior Vice President & Chief Information Security Officer at MGM Resorts International as Treasurer.

“We are looking forward to continuing to grow the R-CISC membership and capabilities with the expansion of the Board of Directors and new additions to our leadership,” Suzie Squier, Executive Director of the Retail Cyber Intelligence Sharing Center (R-CISC).

R-CISC Board of Directors:

Jim Cameli, Chairman
VP & Global CISO, Walgreens Boots Alliance

Colin Anderson, Vice Chairman
VP, IT & Global CISO, Levi Strauss & Co.

Scott Howitt, Treasurer
SVP & Chief Information Security Officer, MGM Resorts International

David Spooner, Secretary
SVP, Chief Information Security Officer, The TJX Companies, Inc.

Ken Athanasiou, Director
VP & Chief Information Security Officer, AutoNation

Dave Estlick, Director
Chief Information Security Officer, Starbucks

Roseann Larson, Director
Chief Information Security Officer, VF Corp.

Rich Noguera, Director
VP, IT & CISO, Gap, Inc.

Warren Steytler, Director
CISO & VP, IT Engineering & Operations, Lowe’s Companies, Inc.

Lauren Dana Rosenblatt, Director
Executive Director, Global Head of Cyber Threat Management, The Estée Lauder Companies

Grant Sewell, Director
Manager, Global Information Security, Scotts Miracle-Gro Company

Suzie Squier
Executive Director, Retail Cyber Intelligence Sharing Center

 

###

About the Retail Cyber Intelligence Sharing Center (R-CISC)

The R-CISC is the trusted cybersecurity community for retailers, consumer products, grocers, hotels, gaming, restaurants, and cybersecurity industry partners worldwide. The R-CISC supports its member base, representing over $1 Trillion in annual revenue, by serving as the conduit for collaboration, threat and best practice sharing, and cooperation. Through building and sustaining valuable programs, partnerships, products and opportunities, the R-CISC enables its members to grow their trust-based relationships, strategic knowledge and tactical capabilities. For more information on R-CISC membership and benefits visit us at our home page https://r-cisc.org.

 

 

Read More
R-CISC’s Executive Director, Suzie Squier, to speak at Global Gaming Expo

FOR IMMEDIATE RELEASE
October 2, 2017                             

Contact: R-CISC Press Office
pr@r-cisc.org

R-CISC’s Executive Director, Suzie Squier, to speak at Global Gaming Expo Squier to participate in “Actionable Intelligence: Efficient And Effective Security Solutions” panel

Washington, DC —  The Retail Cyber Intelligence Sharing Center’s (R-CISC) Executive Director, Suzie Squier, will be speak at the Global Gaming Expo (G2E) in Las Vegas on October 5. Suzie will participate in the “Actionable Intelligence: Efficient And Effective Security Solutions” panel with the Chief Security Officer of Consortium.net and the Chief Information Security Officer of MGM. The American Gaming Association will moderate the panel.

Cyber Security is a high-priority risk affecting all aspects of a company from the integrity of data, risk and threat, the bottom line, consumer confidence and reputation. The power of information sharing platforms on this issue of common concern can help provide companies with real time threat and actionable intelligence. Information sharing consortiums can also help with cyber solutions, product reviews, product testing, best practices and streamline intelligence gathering about solutions. Further, they leverage other C-levels cross vertical experience in a real-world environment to receive actionable, operational and unbiased intelligence on solutions.

  • Discover more about the trusted cybersecurity community for retailers, consumer product and service organizations, and cybersecurity industry partners worldwide.
  • Utilize formation flows from government partners, analytical research, cross sector pipelines, and across the gaming industry.
  • Automate ingestion of information and gather indicators of compromise across threat intelligence platforms to make a business impact.
  • Gain insights from subject-matter experts and end-users with first-hand experience with the product deployment.
  • Share intelligence on established companies and new start-ups and the emerging risks and problems they solve to quickly and effectively address the inevitable: security breach or incident.

Panelists:

  • Suzie Squier, Executive Director for the Retail Cyber Intelligence Sharing Center (R-CISC)
  • Arnold E. Bell, Chief Security Officer, Consortium.net
  • Scott Howitt, CISO, MGM
  • Moderated by Brian Cohen, Senior Director of Strategic Alliances, American Gaming Association

###

About the Global Gaming Expo

Global Gaming Expo is “the show” in the casino-entertainment industry, showcasing the technologies, services and products of exhibitors while providing an atmosphere to explore, network, do businesses and learn. G2E offers the most comprehensive look at international gaming, hospitality and innovation.

About the Retail Cyber Intelligence Sharing Center (R-CISC)

The R-CISC is the trusted cybersecurity community for retailers, consumer products, grocers, hotels, gaming, restaurants, and cybersecurity industry partners worldwide. The R-CISC supports its member base, representing over $1 Trillion in annual revenue, by serving as the conduit for collaboration, threat and best practice sharing, and cooperation. Through building and sustaining valuable programs, partnerships, products and opportunities, the R-CISC enables its members to grow their trust-based relationships, strategic knowledge and tactical capabilities. For more information on R-CISC membership and benefits visit us at our home page https://r-cisc.org.

 

Read More
R-CISC Announces Winners of First-Annual Peer Choice Awards

FOR IMMEDIATE RELEASE
October 4, 2017                             

Contact: R-CISC Press Office
pr@r-cisc.org

R-CISC Announces Winners of First-Annual Peer Choice Awards
Target, MGM Resorts, Walgreens Boots Alliance and Flashpoint recognized by peers for leadership in the cyber security community

Washington, DC – At its annual summit event, the Retail Cybersecurity Intelligence Sharing Center (R-CISC), which houses the Retail ISAC, announced the winners of the first-annual 2017 Cyber Security Peer Choice Awards. The awards recognize R-CISC member contributions and leadership in the cyber security community.

Members of the R-CISC vote for their peers in the various categories including, Cybersecurity Practitioner of the Year, Breakthrough Female in Cybersecurity, CISO of the Year, Associate Company of the Year, Outstanding Cybersecurity Team.

The 2017 Peer Choice Award Winners:  

Cybersecurity Practitioner of the Year – Kyle Davis, Cyber Threat Intelligence – Lead Analyst, Target

The recipient of this award will be a retail cyber intelligence practitioner who has demonstrated significant time, energy and involvement to add value to the R-CISC organization by sharing threat intelligence, contributing content to webinars, events, or working groups. This individual is a dedicated champion for cyber intelligence sharing.

Breakthrough Female in Cybersecurity – Michel Huffaker, Program Manager, IT Threat Intelligence, MGM Resorts International

This award recognizes an outstanding female practitioner at any level in the retail cyber intelligence field. She is a leader devoted to advancing cyber defense and increasing collective knowledge share and distribution within her organization and in the community.

CISO of the Year – Jim Cameli, VP & Global CISO, Walgreens Boots Alliance

The CISO of the year award honors exceptional leadership of a chief information security officer or equivalent from the R-CISC member community. This individual empowers their team to innovate, adapt and evolve their processes to fit the needs of the evolving threat landscape. They champion, nurture, support and encourage their team which results in high performance and outcomes. 

Associate Company of the Year – Flashpoint, the leader in Business Risk Intelligence (BRI)

This peer nominated award is for exceptional support as an Associate Member to the R-CISC organization and retailer member companies. They have displayed valuable support to R-CISC members by way of their offerings of thought leadership on agendas, webinars, blogs, newsletters, etc.

Outstanding Cybersecurity Team – Target      

This peer nominated award is for exceptional achievement as cybersecurity team. The organization showed a united effort to advance the defense of their business assets through sharing information for the betterment of the retail enterprise.

 

###

 The R-CISC is the trusted cybersecurity community for retailers, consumer products, grocers, hotels, gaming, restaurants, and cybersecurity industry partners worldwide. The R-CISC supports its member base, representing over $1 Trillion in annual revenue, by serving as the conduit for collaboration, threat and best practice sharing, and cooperation. Through building and sustaining valuable programs, partnerships, products and opportunities, the R-CISC enables its members to grow their trust-based relationships, strategic knowledge and tactical capabilities. For more information on R-CISC membership and benefits visit us at our home page https://rcisc.org.

 

 

Read More