Retailers Now Actively Sharing Cyberthreat Intelligence

The retail industrys R-CISC has been up and running for four months now and is looking for more retailers to sign up.

When a threat alert arrived about a new malware threat during a recent industry gathering of retailers, a group of them immediately left the room to check in with their home networks. The intel came in the form of an email via the retail industrys new intelligence-sharing program, the Retail Cyber Intelligence Sharing Center (R-CISC).
We happened to be having a meeting... and someone got intel on some malware. Immediately, people got up [and left the room] and checked on their systems and detected it, says Suzie Squier, senior vice president of the Retail Industry Leaders Association (RILA), which spearheaded the formation of the R-CISC.
R-CISC
, which RILA announced back in May, has been up and running for about four months now, gradually ramping up to 100 member retail organizations participating in the industrys information sharing and analysis center (ISAC). Target, American Eagle Outfitters, Gap, JC Penney, Lowes Nike, Safeway, VF, Walgreens, and other major retailers, sit on the board of directors of the R-CISC, a portal-based threat intelligence-sharing platform for retailers that includes feeds from government and other industry sources, and provides threat analysis. Its open to all retailers -- not just RILA members -- including small merchants and online-only e-commerce sites.
R-CISC also offers education and training for participants, and shares threat information with the US Department of Homeland Security, the US Secret Service, and the FBI.
Calls for an official threat intel-sharing mechanism for the retail industry intensified in the wake of Targets epic data breach late last year. The retail industry at the time had no formal threat and attack intelligence-sharing mechanism like financial services, the defense industrial base, and other industries have, and concerns arose that the industry was being blindsided by attacks and malware.
[After the Year of the Retail Breach, retails annual holiday shopping season freeze on new technology and some security patching is just around the corner. Read
Retailers Facing Intensified Cyberthreat This Holiday Season
.]
Another retail association, the National Retail Federation (NRF), earlier this year also began forming an intel-sharing platform, sparking concerns of
dueling intel-sharing mechanisms
. But the NRF, which represents many smaller retailers, grocery chains and restaurants, now says it plans to ultimately integrate its platform with the R-CISC.
NRF has been running a threat alert system since early June thats generating some 15 to 20 alerts per day, says Tom Litchford, vice president of retail technologies at NRF. The NRFs platform is linked to the financial services industrys ISAC, FS-ISAC. Were connected at the hip with the financial services industry. US-CERT is providing stuff to us [as well], Litchford says. There are also plans to link with private industry threat intelligence feeds, he says.
The governments
July 31 alert about the notorious Backoff malware
that struck multiple retailers POS platforms that was sent to NRF members via the intel-sharing mechanism actually helped quell some attacks, he says. One of our members used it to check and sure enough, found evidence of a [Backoff] breach. They were able to limit or mitigate it to less than one percent of their stores, Litchford says.
NRF is also working closely with RILA to integrate its platform with the R-CISC. Litchford, who sits on the R-CISC advisory board, says one big concern is to ensure the smallest retailers who cant afford the thousands of dollars in dues to join the R-CISC will also be able to participate.
R-CISC dues are based on corporate revenue and range from $2,000 per year for a company with less than $250 million in revenues to $35,000 for a company with greater than $10 billion in revenues.
We have 12,000 members, down to the smallest mom and pop shop. Theyve got to have some level of information-sharing without spending thousands of dollars to join an ISAC, Litchford says. At the least they need to receive critical threat notifications, he says.
Law enforcement officials say small businesses, including small merchants are often ground zero for new malware variants. That makes them valuable members of the R-CISC, too. There currently are some small retailer members, and RILA is well aware that pricing has to be affordable for them to participate.
RILAs Squier says the R-CISC is working on outreach to smaller merchants, via other trade associations who represent them.
All sizes of retailers need to be sharing intel and working together against unprecedented levels of threats and attacks, says Nick Ahrens, vice president of cybersecurity and privacy at RILA.
No silver bullet
But no one expects the R-CISC to eradicate
attacks
on retailers.
I dont think there are any guarantees, but we absolutely think this is a critical tool in the toolbox. This is a team sport... You can only win by all fighting together, Ahrens says, adding that retailers increasingly are sharing more and more intel, and their confidentiality concerns are starting to wane.
Ahrens says merely investing in security technology and resources isnt enough for a retailer today, especially at a time when even JP Morgan and the White House are also getting hit by cyberattacks.
One of the next phases of the R-CISC will be to automate the ingestion of the intelligence within members networks. Thats the Holy Grail of intel-sharing ISACs, and
several industry standards are gradually becoming adopted that allow for machine-readable
intel to go straight to security tools to defend against the latest threat.
“We absolutely have to get to that, Ahrens says. You have to remember that the retail industry is broad and deep and has varying levels of [technology] sophistication among members. Some have the ability to integrate machine-readable information into their systems more than a smaller retailer would.
Ahrens says as the R-CISC evolves and begins collecting dues (its first few months have been gratis), its capabilities will be upgraded as well, including adding real-time, machine-readable information.
RILAs Squier says the R-CISC has come a long way in a short time period. The fact that in just four months we already have a very vigorous dialog going on is really a kudos to the industry. Not only [sharing] threat indicators, but leading practices, she says.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Retailers Now Actively Sharing Cyberthreat Intelligence