Retailer Group Sets Aside Rivalries to Share Cyber-Attack Information
Commercial retailers create the Retail Cyber Intelligence Sharing Center (R-CISC), to facilitate the sharing of information on attacks and help the industry defend itself.Nine well-known retailers and the Retail Industry Leaders Association (RILA) announced on May 14 the formation of a sharing and analysis center aimed at disseminating information about cyber-threats targeting the retail sector. The Retail Cyber Intelligence Sharing Center, or R-CISC, will act as a collection and dissemination point for information about cyber-threats and support its own information sharing and analysis center, or ISAC. Nine major retailer brands—American Eagle Outfitters, Gap, J. C. Penney, Lowe's Companies, Nike, Safeway, Target, VF Corp. and Walgreen—have pledged support for the organization. “The retail industry is already going to great lengths to minimize risk and stay ahead of cyber-criminals," Ken Athanasiou, global information security director for American Eagle Outfitters, said in a statement accompanying the announcement. "The reality is cyber-criminals work non-stop and are becoming increasingly sophisticated in their methods of attack and by sharing information and leading practices and working together, the industry will be better positioned to combat these criminals." The industry has come together to form the information sharing group in the wake of the attacks on some of the largest retailers last year. In December, online thieves infiltrated the point-of-sale network of retail giant Target and stole information on more than 40 million credit- and debit-card accounts, as well as an additional 70 million records containing personal information about customers. Yet, Target was not alone. Luxury retail chain Neiman Marcus, craft store chain Michaels and other retailers were also discovered to be the victims of similar attacks.
Sharing information among competitors is neither an easy, nor natural task, James Mobley, president and CEO of risk consulting firm Neohapsis, said in a statement sent to eWEEK. Rivals are generally fearful that any information shared could give away a competitive advantage. In addition, companies hesitate to reveal too much about their security measures, for fear of revealing vulnerabilities, he said. Finally, companies worry that any information shared with others could be leaked.