The Retail Cyber Intelligence Sharing Center: Is Joining Right for You?Over the past few years, the number of data breaches that have hit headlines has been nothing short of immense. Even since 2013, which may be better remembered as the "Year of the Retailer Breach," big-name retailers such as Home Depot and Target have suffered colossal blows to their reputations, dealing with issues that involve, among other things, the mass exposure of private customer data.

In response to this worrying sequence of data breaches, the retail industry has created the Retail Cyber Intelligence Sharing Center (R-CISC). The goal of R-CISC is to serve as a resource for all retailers who want to learn more about (and protect themselves against) potential vulnerabilities. Here's a closer look at the R-CISC and how it can help retailers fight back:

What Is R-CISC?

The Retail Cyber Intelligence Sharing Center was created to improve the spread of information regarding major cyberthreats and vulnerabilities to retailers. And because the retail industry as a whole can only be as strong as its weakest link, retailers of all sizes are welcome to participate. Through three primary components — its Retail Information Sharing and Analysis Center, education and training, and research — it seeks to equip members with the instruments they need to stay protected.

The Retail Information Sharing and Analysis Center provides retailers with a platform to share information on vulnerability exploits. R-CISC's large, diverse member base creates a win-win situation for participants and the center alike: intelligence services allow members to promptly detect and respond to threats before their infrastructures are affected; in return, the information the center gleans from its members improves overall industry security. This component can also enable both law enforcement and retail security teams to identify the tactics, techniques and procedures of attackers before they strike.

Like many other sectors, the retail industry suffered attacks that resulted from the exploitation of humans' bad habits and vulnerabilities. For this reason, R-CISC developed its second component, education and training services. By educating members on threat intelligence and best practices, the center strives to increase threat awareness, preventing further firms from being caught unprepared.

Research, R-CISC's third component, is crucial for developing more resilient solutions that help retailers keep abreast of the dynamic cyberthreat landscape. One especially critical focus of R-CISC's research is the definition of models that can be used to predict the diffusion of malicious agents through various channels. Researchers will focus on different subjects with various backgrounds — such as academic institutions, retailers, cybersecurity experts and law enforcement agencies — with the overall goal of accessing the resources necessary to rapidly identify cyberthreats and predict their evolution. All companies joining R-CISC can provide significant contributions to this research.

Is R-CISC Right for You?

Through threat intelligence processes like those provided by R-CISC, retailers can protect their assets from cybercriminals. Even in the case of a major cyberattack exploiting unknown vulnerabilities, the establishment of such centers could improve critical decision-making processes, protecting firms in the face of malicious activity. With enough government support and retailer participation, R-CISC and centers like it will be able to help retailers enhance their abilities to mitigate cyberthreats, protecting their reputations and the integrity of their customer data.

All that said, why not join? You have nothing to lose.

Photo Source: Flickr

About Pierluigi Paganini

Pierluigi Paganini is Chief Information Security Officer at Bit4Id, Editor-in-Chief at "Cyber Defense Magazine," a member of the DarkReading Editorial team, and a regular contributor for major publications in the cyber security field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, and The Hacker News Magazine.

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.