Target, JCPenney, RILA members form group to fight cyber crime

The retail industry is busy forming groups to fight cyber crime, and the most recent and comprehensive effort comes from the Retail Industry Leaders Association which has teamed up with leading retailers including Target (NYSE: TGT) and JCPenney (NYSE: JCP) to launch an organization committed to preventing cyberattacks in response to a series of data breaches that compromised millions of shoppers' payment data.

The R-CISC is an independent organization where retailers can share cyber threat information among themselves and with government agencies including the U.S. Department of Homeland Security, U.S. Secret Service and Federal Bureau of Investigation. The group was developed with input from more than 50 of America's largest retailers, and in consultation with federal law enforcement, government agencies and subject matter experts.

"Retailers place extremely high priority on finding solutions to combat cyberattacks and protect customers. In the face of persistent cyber criminals with increasingly sophisticated methods of attack, the R-CISC is a comprehensive resource for retailers to receive and share threat information, advance leading practices and develop research relevant to fighting cyber crimes," said Sandy Kennedy, president of RILA.

There are few things more important to retailers right now than cyber security following several high-profile security breaches including those at Target, Michael's and Sally Beauty.

"We have seen a sharp increase in the number of malicious actors attempting to access personal information or compromise the systems we all rely on, in the retail industry and elsewhere," said Dr. Phyllis Schneck, Deputy Under Secretary for Cybersecurity and Communications at the U.S. Department of Homeland Security National Protection and Programs Directorate. "We continue to work with the private sector to create shared situational awareness of potential cybersecurity vulnerabilities. The Retail Cyber Intelligence Sharing Center will further enhance DHS's collaboration with this important sector of the American economy with information and resources that can help companies keep their networks and the information stored on them safe and secure."

Other retailers that have agreed to participate in the new info-sharing center are American Eagle Outfitters (NYSE: AEO), Gap (NYSE: GPS), Lowe's (NYSE: LOW), Safeway (NYSE: SWY), VF Corporation and Walgreens (NYSE: WAG).

"We are highly focused on protecting our customers and maintaining their trust. That's why we have joined the R-CISC and are committed to sharing best practices and information with our peers and other stakeholders in order to strengthen our collective defenses against potential threats," said Greg Wasson, President and CEO of Walgreens and vice chairman of RILA.

There are three components of the R-CISC: a Retail Information Sharing and Analysis Center (Retail-ISAC), education, and training and research.

Retail-ISAC is aimed at identifying real-time threats and sharing actionable intelligence to mitigate the risk of cyberattacks. It will allow retailers to share cyber threat information with each other and anonymized information with the U.S. government via a cyber-analyst and a technician embedded at the National Cyber Forensics and Training Alliance. The Retail-ISAC's dedicated cyber-analyst and technician at the NCFTA facility are processing and distilling information about real-time cyber threats, such as new strains of malware, underground criminal forum activity, potential software vulnerabilities, and translating this information into actionable intelligence, in the most usable and timely form for retailers.

The education and training component is focused on educating the retail community on leading practices for information sharing and protecting against cyber criminals, and the research group is tasked with collaborating with academia to provide research on emerging technologies and potential future threats.

Retail organizations have been creating task forces and new groups, and working with federal agencies to develop best practices. The implementation of chip-and-PIN, or EMV, promises some protection but there are many who believe the new card protocol doesn't go far enough.

For more:
-See this RILA press release

Related stories:
EMV migration won't save retail
Steinhafel's departure leaves Target looking for redemption
Target: Timeline of a data breach
Shoppers blame retailers for data breaches, Congress blames Target
Sally's data breach possibly affected up to 280,000 customers
More Target trouble: Jobs slashed amid reports the breach could have been prevented