Press

R-CISC and Columbus Collaboratory To Discuss Threat Intelligence Exchange Best Practices at Inaugural International Information Sharing Conference

FOR IMMEDIATE RELEASE
November 1, 2017                             

Contact: R-CISC Press Office
pr@r-cisc.org

R-CISC and Columbus Collaboratory To Discuss Threat Intelligence Exchange Best Practices at Inaugural International Information Sharing Conference

TruSTAR to host panel with the executive leadership of Retail Cyber Intelligence Sharing Center and Columbus Collaboratory

Washington, D.C., Nov. 1, 2017 — TruSTAR, a threat intelligence platform built to facilitate information exchange, will lead a panel discussion at the inaugural International Information Sharing Conference in Washington, D.C. on November 1. The panel, titled “How to Launch a Cross-Sector Intelligence Exchange,” will feature information sharing group major players Suzie Squier, the Executive Director of the Retail Cyber Intelligence Sharing Center (R-CISC), and Jeff Schmidt, Vice President and Chief Cyber Security Innovator at Columbus Collaboratory.

With global attacks like NotPetya and WannaCry on the rise, organizations recognize that the same tactics, techniques and procedures (TTPs) are threatening not only their assets but also their peers. TruSTAR platform data indicates that well-known vulnerabilities can expand rapidly across multiple sectors within days. For example, approximately 45 percent of the indicators associated with WannaCry were a concern across sectors.   

When bad actors target a wide swath of organizations with the same TTPs, threat intelligence sharing groups serve a crucial role in enriching their members’ cybersecurity data with intelligence gathered across multiple sectors and along supply chains.

In this panel discussion, TruSTAR, R-CISC and Columbus Collaboratory leaders will discuss the challenges, triumphs and lessons learned from assembling their threat intelligence exchange network among Fortune 500 members. They will also address the technology requirements of such initiatives and the roles of government and the private sector in mitigating risks in an increasingly hostile cyber environment.

 “The Retail-CISC is the single most trusted source of cyber threat intel for retailers and customer-facing companies. We are continually growing and implementing our technology roadmap to remove barriers to information sharing for all members in our collaboration portal and Retail ISAC platform. Most recently, transforming the R-CISC member experience with a new and secure portal that streamlines and simplifies access automated sharing, real-time discussion threads, valuable content, resources, and direct member-to-member collaboration,” said Suzie Squier, Executive Director of the R-CISC.

“As the premier ISAO for the Ohio region, the Columbus Collaboratory is eager to discuss our members’ achievements in the arena of threat intelligence sharing,” said Jeff Schmidt, Vice President and Chief Cyber Security Innovator at Columbus Collaboratory. “Cyber attacks negatively impact all our members across industries, maturity levels and budgets. Through collaborative security practices we face the ubiquitous cyber foe as one, moving beyond threat intelligence sharing to share resources, experts and innovation.” 

 “TruSTAR is thrilled to convene two pioneers who are establishing new ways to collaborate in threat intelligence sharing,” said Paul Kurtz, Co-Founder and CEO of TruSTAR. “Companies can’t afford to battle in an increasingly complex cyber security environment alone or in silos. As organizations spend more to defend themselves, adversaries grow more sophisticated and capable.”

The International Information Sharing Conference will host diverse threat intelligence practitioners from small businesses to multinational corporations. The event will feature speakers from the Department of Homeland Security, Federal Bureau of Investigation (FBI), Chamber of Commerce, IT-ISAC and more.

###

About the Retail Cyber Intelligence Sharing Center (R-CISC)

The R-CISC is the trusted cybersecurity community for retailers, consumer products, grocers, hotels, gaming, restaurants, and cybersecurity industry partners worldwide. The R-CISC supports its member base, representing over $1 Trillion in annual revenue, by serving as the conduit for collaboration, threat and best practice sharing, and cooperation. Through building and sustaining valuable programs, partnerships, products and opportunities, the R-CISC enables its members to grow their trust-based relationships, strategic knowledge and tactical capabilities. For more information on R-CISC membership and benefits visit us at our home page https://r-cisc.org. 

About Columbus Collaboratory

The Columbus Collaboratory is a rapid innovation company founded by leading companies in seven different industries (American Electric Power, Battelle, Cardinal Health, LBrands, Huntington Bancshares, Nationwide Insurance, OhioHealth) that delivers business value to its members through advanced analytics and cybersecurity solutions. Our unique model surfaces shared, complex challenges, and operationalizes cognitive and machine learning technologies for our member companies and the broader market. We make this possible by capitalizing on the collective know-how possessed by our team, collaborating companies, and partners.  As a result, we strengthen Ohio’s IT and analytics workforce and secure the region’s future as a national leader in technology innovation. For more information, please visit www.columbuscollaboratory.com and follow @cbuscollab.

About TruSTAR Technology

TruSTAR is the first security intelligence exchange platform built to incentivize information sharing among enterprises. As companies see data relevant to them they can easily submit, sanitize, and share data to discover how cyber incidents relate to other companies. TruSTAR’s vetted network includes elite enterprise cyber security teams from across sectors and around the world. The TruSTAR team is led by a seasoned team of domain specialists in intelligence sharing, cyber security, and product development. The company is led by Co-Founders Paul Kurtz, former White House cybersecurity advisor and private sector security executive; Patrick Coughlin, former security operator turned tech entrepreneur; and Dave Cullinane, former CISO of eBay. TruSTAR’s offices are located in San Francisco, California and McLean, Virginia. 

About the ISAO SO
The ISAO Standards Organization is a non-governmental organization established October 1, 2015, led by the Center for Infrastructure Assurance and Security at The University of Texas at San Antonio (UTSA) with support from LMI and the Retail Cyber Intelligence Sharing Center. The ISAO SO’s mission is to improve the Nation’s cybersecurity posture by identifying standards and guidelines for robust and effective information sharing and analysis related to cybersecurity risks, incidents and best practices. The ISAO Standards Organization works with existing information sharing organizations, owners and operators of critical infrastructure, relevant agencies, and other public and private sector stakeholders through a consensus-driven standards development process to identify a common set of voluntary standards and guidelines for the creation and functioning of ISAOs.

Read More
National ISACs, FBI, USSS and Symantec Collaborate to Fight Business Email Compromise

 

FOR IMMEDIATE RELEASE
October 12, 2017                             

Contact: R-CISC Press Office
pr@r-cisc.org

National ISACs, FBI, USSS and Symantec Collaborate to Fight Business Email Compromise

Roadshow Cities Announced                

Washington, DC – A group of national ISACs, The U.S. Secret Service (USSS), The Federal Bureau of Investigation (FBI) and Symantec announced today the organizations are joining forces to offer free workshops around the country on Business Email Compromise (BEC), a significant and growing threat for businesses and individuals throughout the United States. Although not as widely profiled as ransomware attacks in recent years, BEC represents a more significant financial threat to organizations than other recent types of attack. Since October 2013, the Federal Bureau of Investigation has identified victims from 131 countries and a global monetary exposure of over $5 billion as a result of BEC fraud.

BEC is a sophisticated scam using email and/or other electronic communication to impersonate a business executive, employee, or other person with authority to request payments or access to employee payroll and W2 information on behalf of their company or organization.

To help educate businesses and individuals on ways to combat BEC, the USSS, FBI and Symantec are joining forces with the following ISACs to offer free workshops around the country:

  • Multi-State Information Sharing and Analysis Center (MS-ISAC),
  • National Health Information Sharing and Analysis Center (NH-ISAC),
  • Research and Education Network (REN-ISAC), and
  • Retail Cyber Intelligence Sharing Center (R-CISC).

Business leaders are invited to join these workshops to learn about BEC, a very real & proliferating cybersecurity threat. Cybersecurity experts from the USSS, FBI and private sector will be sharing their experiences & expertise around BEC, how BEC can impact companies and how to protect against becoming the next victim.

Each half-day workshop will include discussion around topics including:

  • Describing the Business Email Compromise (BEC) threat
  • The current threat landscape
  • Tactics, techniques & procedures used by the criminals
  • Why situational awareness & information sharing are important
  • Offer strategies to help protect your organization from BEC attacks

“The Business Email Compromise (BEC) has become an increasingly sophisticated scam targeting businesses that regularly perform wire transfer payments.  The Secret Service is committed to working with our public and private partners to educate the business community while seeking new and innovative ways to combat this emerging cyber threat,” said Robert Novy, Deputy Assistant Director for Cyber at The United States Secret Service.

“Investigating Business Email Compromise (BEC) scams is a top priority for the FBI. This year, the FBI’s Internet Crime Complaint Center, began tracking these scams as a single crime type, illustrating the significance of the threat. It is crucial that all businesses and individuals who feel they have been the victim of BEC file a complaint with www.ic3.gov. Rapid notification allows the FBI to quickly deploy FBI resources to provide assistance and conduct law enforcement actions as appropriate,” said Scott Smith, Assistant Director, Cyber Division at The Federal Bureau of Investigation.

“The R-CISC community is working together to share information and intelligence on Business Email Compromise (BEC) threats, improving our collective knowledge and response. These workshops are a great resource for business and government employees to learn not only about these threats but the resources available to them,” said Suzie Squier, Executive Director of the R-CISC.

“Business Email Compromise attacks (BEC) are the latest sophisticated email threats targeting organizations of all sizes, our research from the 2017 Symantec Internet Security Threat Report shows they target more than 400 businesses a day. Symantec provides comprehensive protection from BEC scams and is working with security experts around the world to identify and protect against these dangerous attacks by sharing insights from threat research and best practices,” said Jane Wong, Vice President of Product Management and Engineering, Messaging Security, Symantec.

 “We received tremendous positive feedback from last year’s Ransomware Roadshow workshops. NH-ISAC is pleased to be partnering again with FBI and the Secret Service as well as its sister ISACs and Symantec to bring valuable information to the public on the Business Email Compromise threat,” said Denise Anderson, President NH-ISAC, Chair National Council of ISACs.

“Business Email Compromise (BEC) activity is a growing problem facing the SLTT community. It emphasizes the need for good cyber hygiene practices at all levels of government,” said Thomas Duffy, Chair, Multi-State ISAC.

“Protection against the growing threat of business email compromise includes the need for aware and savvy users.  These workshops will help professionals who are targeted by attackers make smarter choices to prevent financial fraud,” Kim Milford, Executive Director, Research and Education Network (REN-ISAC).

 Workshops will be conducted in the following cities: Kansas City, MO; Nashville, TN; Boston, MA; Seattle, WA; Denver, CO; Dallas, TX; Phoenix, AZ; San Francisco, CA; Los Angeles, CA; Kennedy Space Center, FL;
New York, NY; Akron, OH.

 Information and registration for each event can be found here: https://nhisac.org/events/nhisac-events/business-e-mail-compromise-workshop/

###

About the Retail Cyber Intelligence Sharing Center (R-CISC)

The R-CISC is the trusted cybersecurity community for retailers, consumer products, grocers, hotels, gaming, restaurants, and cybersecurity industry partners worldwide. The R-CISC supports its member base, representing over $1 Trillion in annual revenue, by serving as the conduit for collaboration, threat and best practice sharing, and cooperation. Through building and sustaining valuable programs, partnerships, products and opportunities, the R-CISC enables its members to grow their trust-based relationships, strategic knowledge and tactical capabilities. For more information on R-CISC membership and benefits visit us at our home page https://r-cisc.org.

 

Read More
Cross-Industry Fraud Increasing; Trend Drives Organizations to Share Data for Mutual Benefit According to LexisNexis® Fraud Mitigation Study

Cross-Industry Fraud Increasing; Trend Drives Organizations to Share Data for Mutual Benefit According to LexisNexis® Fraud Mitigation Study

Increased interest in sharing data to fight fraud

LexisNexis Risk Solutions today released its annual LexisNexis® Fraud Mitigation Study, which found that people who commit fraud in one industry are increasingly emboldened to exploit other industries, too, giving organizations greater incentive to fight fraud cooperatively by sharing fraud data. The same study showed interest is growing among fraud mitigators to utilize fraud data from other organizations, both within their own industries and from other industries. 84 percent of professionals said that more access to industry fraud would be valuable and 80 percent see access to outside-industry data as very valuable.

This has led to increased interest in sharing data in a common cause to fight fraud. 86 percent of professionals said they would consider contributing their investigative outcomes to a contributory database if they could receive the outcomes data back from other industries. Insurance companies, in particular, place a high value on data coming from organizations outside their industry (along with financial organizations) because they experience widespread cross-industry fraud and believe it has a high financial impact on their organization, the study revealed. Retailers are also keen on cross-industry cooperation because of the increasing threats of identify fraud in the industry.

“LexisNexis Risk Solutions’ Fraud Mitigation Study spotlights prominent fraud trends impacting retailers and highlights the need for fraud and information security teams to engage across multiple industries in a concerted effort to strengthen collective fraud defense capabilities,” said Jennifer McGoldrick-Stenberg, Engagement Director, Retail Cyber Intelligence Sharing Center (R-CISC). “As the study suggests, a common obstacle facing retailers is identifying solutions to fight the rising tide of identity and other fraud activities that impact customer accounts. In an effort to mitigate this challenge for the industry, the Retail Cyber Intelligence Sharing Center (R-CISC), which houses the Retail ISAC, has formed a retail-focused Fraud Working Group to formulate solutions and strategies to protect against customer account takeover and gift card fraud activities. The group acts as a mechanism for driving collaboration across the retail spectrum, with participants from member companies including CashStar, Darden, Hyatt Hotels Corp., Jo-Ann Stores, Publix, QVC, Ulta and Synchrony Financial, all focused on a common goal: to produce outcomes that demonstrably mitigate losses and the effect of fraud on customers.”

For the full LexisNexis Risk Solutions release click here: https://risk.lexisnexis.com/about-us/press-room/press-release/2017-10-11-fraud-mitigation-study

To learn more about key findings in the LexisNexis Fraud Mitigation Study, visit http://solutions.lexisnexis.com/fraudstudy.

Read More
Retail Cyber Intelligence Sharing Center (R-CISC) Announces New Board Members and Leadership

FOR IMMEDIATE RELEASE
October 6, 2017                             

Contact: R-CISC Press Office
pr@r-cisc.org

Retail Cyber Intelligence Sharing Center (R-CISC) Announces New Board Members and Leadership

Washington, DC — At its Annual Summit in Chicago this week, the Retail Cyber Intelligence Sharing Center (R-CISC) voted on new leadership for their Board of Directors and announced the addition of two new Board member companies, The Estée Lauder Companies and Scotts Miracle-Gro Company. Lauren Dana Rosenblatt, Executive Director, Global Head of Cyber Threat Management at The Estée Lauder Companies and Grant Sewell, Manager, Global Information Security at Scotts Miracle-Gro Company will serve as directors on the Board.

David Spooner, Senior Vice President, Chief Information Security Officer at The TJX Companies, Inc. is the newly-elected Secretary of the R-CISC Board. The rest of the Board leadership will remain, with Jim Cameli, VP & Global CISO at Walgreens Boots Alliance, as Chairman, Colin Anderson, VP, IT & Global CISO at Levi Strauss & Co. as Vice Chairman, Scott Howitt, Senior Vice President & Chief Information Security Officer at MGM Resorts International as Treasurer.

“We are looking forward to continuing to grow the R-CISC membership and capabilities with the expansion of the Board of Directors and new additions to our leadership,” Suzie Squier, Executive Director of the Retail Cyber Intelligence Sharing Center (R-CISC).

R-CISC Board of Directors:

Jim Cameli, Chairman
VP & Global CISO, Walgreens Boots Alliance

Colin Anderson, Vice Chairman
VP, IT & Global CISO, Levi Strauss & Co.

Scott Howitt, Treasurer
SVP & Chief Information Security Officer, MGM Resorts International

David Spooner, Secretary
SVP, Chief Information Security Officer, The TJX Companies, Inc.

Ken Athanasiou, Director
VP & Chief Information Security Officer, AutoNation

Dave Estlick, Director
Chief Information Security Officer, Starbucks

Roseann Larson, Director
Chief Information Security Officer, VF Corp.

Rich Noguera, Director
VP, IT & CISO, Gap, Inc.

Warren Steytler, Director
CISO & VP, IT Engineering & Operations, Lowe’s Companies, Inc.

Lauren Dana Rosenblatt, Director
Executive Director, Global Head of Cyber Threat Management, The Estée Lauder Companies

Grant Sewell, Director
Manager, Global Information Security, Scotts Miracle-Gro Company

Suzie Squier
Executive Director, Retail Cyber Intelligence Sharing Center

 

###

About the Retail Cyber Intelligence Sharing Center (R-CISC)

The R-CISC is the trusted cybersecurity community for retailers, consumer products, grocers, hotels, gaming, restaurants, and cybersecurity industry partners worldwide. The R-CISC supports its member base, representing over $1 Trillion in annual revenue, by serving as the conduit for collaboration, threat and best practice sharing, and cooperation. Through building and sustaining valuable programs, partnerships, products and opportunities, the R-CISC enables its members to grow their trust-based relationships, strategic knowledge and tactical capabilities. For more information on R-CISC membership and benefits visit us at our home page https://r-cisc.org.

 

 

Read More
R-CISC’s Executive Director, Suzie Squier, to speak at Global Gaming Expo

FOR IMMEDIATE RELEASE
October 2, 2017                             

Contact: R-CISC Press Office
pr@r-cisc.org

R-CISC’s Executive Director, Suzie Squier, to speak at Global Gaming Expo Squier to participate in “Actionable Intelligence: Efficient And Effective Security Solutions” panel

Washington, DC —  The Retail Cyber Intelligence Sharing Center’s (R-CISC) Executive Director, Suzie Squier, will be speak at the Global Gaming Expo (G2E) in Las Vegas on October 5. Suzie will participate in the “Actionable Intelligence: Efficient And Effective Security Solutions” panel with the Chief Security Officer of Consortium.net and the Chief Information Security Officer of MGM. The American Gaming Association will moderate the panel.

Cyber Security is a high-priority risk affecting all aspects of a company from the integrity of data, risk and threat, the bottom line, consumer confidence and reputation. The power of information sharing platforms on this issue of common concern can help provide companies with real time threat and actionable intelligence. Information sharing consortiums can also help with cyber solutions, product reviews, product testing, best practices and streamline intelligence gathering about solutions. Further, they leverage other C-levels cross vertical experience in a real-world environment to receive actionable, operational and unbiased intelligence on solutions.

  • Discover more about the trusted cybersecurity community for retailers, consumer product and service organizations, and cybersecurity industry partners worldwide.
  • Utilize formation flows from government partners, analytical research, cross sector pipelines, and across the gaming industry.
  • Automate ingestion of information and gather indicators of compromise across threat intelligence platforms to make a business impact.
  • Gain insights from subject-matter experts and end-users with first-hand experience with the product deployment.
  • Share intelligence on established companies and new start-ups and the emerging risks and problems they solve to quickly and effectively address the inevitable: security breach or incident.

Panelists:

  • Suzie Squier, Executive Director for the Retail Cyber Intelligence Sharing Center (R-CISC)
  • Arnold E. Bell, Chief Security Officer, Consortium.net
  • Scott Howitt, CISO, MGM
  • Moderated by Brian Cohen, Senior Director of Strategic Alliances, American Gaming Association

###

About the Global Gaming Expo

Global Gaming Expo is “the show” in the casino-entertainment industry, showcasing the technologies, services and products of exhibitors while providing an atmosphere to explore, network, do businesses and learn. G2E offers the most comprehensive look at international gaming, hospitality and innovation.

About the Retail Cyber Intelligence Sharing Center (R-CISC)

The R-CISC is the trusted cybersecurity community for retailers, consumer products, grocers, hotels, gaming, restaurants, and cybersecurity industry partners worldwide. The R-CISC supports its member base, representing over $1 Trillion in annual revenue, by serving as the conduit for collaboration, threat and best practice sharing, and cooperation. Through building and sustaining valuable programs, partnerships, products and opportunities, the R-CISC enables its members to grow their trust-based relationships, strategic knowledge and tactical capabilities. For more information on R-CISC membership and benefits visit us at our home page https://r-cisc.org.

 

Read More