A group of US retailers have collected together to in order to prevent further breaches and protect customer information.
According to ABCNews, Nike, Lowes Target, Gap and Walgreen have launched an intelligence sharing centre with the Retail Industry Leaders Association to allow retailers to share information about data breaches and potential threats and also inform members of law enforcement and industry analysts.
Sandy Kennedy, president of the association, told ABC News that cyber crime was one of the biggest challenges facing retailers, and that this was “really in everyone’s interest”.
“Criminals are getting more and more sophisticated. We’re looking at how we can deal with this long term,” he said. “All of our members have been focused on this for a long time. Our goal is to make sure the data is protected and that if criminals do get into data, it’s in a form that they can’t use.”
Amichai Shulman, CTO of Imperva, said that this idea is usually good, but warned that information security people in commercial organisations are swamped with day to day tasks, and often struggle to keep up with the load of operating their environment.
“I find it hard to believe that they have resources and time to launch their own intelligence processing organisation and I also question the economic viability of each organisation independently processing intelligence information,” he said.
“I think that the right thing to do is transform this into a shared intelligence gathering and processing centre that receives information from the participating organisations, and employs the people to transform this information into actionable data for the individual members – in the form of reputation or pattern feeds for example.”
Barmak Meftah, CEO AlienVault, who have pioneered open sharing through the Open Threat Exchange, said: “This is a good move, as other industry groups – like the financial services industry with the FS-ISAC – have proven the value of threat sharing across and between organisations. Especially given the retail industry needs to work that much harder to rebuild consumer trust. But I do question whether it is enough to simply limit threat sharing to specific players within specific vertical industries.
“Big retailers have the big budgets to invest in security, but the only way we can make the world less of a ‘target-rich environment’ for cyber crimin
als, is for all organisations to have the proper security products and threat sharing capabilities in place. The determination of the retail industry to share threat data is all fine and good, but the technology at the heart of all this sharing needs to be within reach of all organisations, and it needs to help facilitate this sharing easily.”
Rahul Kashyup, head of security research at Bromium, said: “Enterprises need to be extremely cautious about sharing attack, compromise or threat data, because this potentially has tremendous consequences in a regulatory environment. Moreover, given the increasingly litigious stance of shareholders after the Target breach, it could expose companies to lawsuits.”
