Target, Nordstrom’s, and Michael’s all know from firsthand experience that retailers are in the crosshairs for cyber criminals. Stores that process of billions of dollars of transactions from millions of individual consumers offer a goldmine of data just waiting to be hacked. That’s why major retailers are finally taking a more logical, proactive approach by forging an alliance to share security intelligence.
“The best time to plant a tree is 20 years ago. The second best time is now,” opined Tom Cross, director of security research for Lancope regarding news of retailers teaming up to form the Retail Industry Leaders Association (RILA).
TK Keanini, CTO of Lancope, worded his thoughts on the new alliance a little more strongly: “Not to sound jaded, but it’s about time!”
A recent survey of IT professionals commissioned by Lancope from the Ponemon Institute found that only 12 percent of respondents report that their organization shares threat indicator information with industry peers. That is a sad figure.
There are similar security and threat intelligence partnerships in some other industries—specifically within the financial industry. Similar collaborative relationships should exist in virtually every industry, though.
Cross explained, “If one retailer discovers attacks against its networks, it can be very important to share information about those attacks with other retailers. This sort of information sharing will uncover other attack activity.”
Point-of -sale malware developers have varying degrees of sophistication, and they are indiscriminately targeting retail organizations both large and small. All they want are credit card numbers and they'll take them anywhere they can find them—which is unfortunately in more places than retailers would like to admit, or possibly are even aware of.
Keanini cautions retailers not to devote too much time focused on celebrating the formation of the RILA. “There is still a very long road to travel before we make it hard on the adversaries to compromise retail establishment. My hope is that leaders think about security holistically across not only their retail domains but back up through their supply chain and down to all of their consumers: everywhere the business touches is fair game these days for cybercrime.”
Hopefully cooperation between retailers will help retail chains detect and identify threats earlier, and avoid them altogether, or at least minimize and contain the damage much more quickly than what we’ve seen in recent data breaches.