Cyber criminals are making a huge impact
Approximately 55 percent of merchants with a digital presence experienced a security breach in 2016. In 2017, that number increased to 61 percent, and is expected to rise even higher for 2018 (yet to be reported).1 Cyber-attacks caused a loss of over $3T globally in 2015, and is expected to hit $6T by 2021.1
While these numbers are a bit mind-boggling, and can make anyone feel defenseless against such a threat, there is a silver lining. An increasing volume of retailers are sharing cyber intelligence with one another by doing something Worldpay recently did – joining the Retail Cyber Intelligence Sharing Center (R-CISC).
Sharing threat Intelligence is your best defense
If you talk to anyone even moderately involved in cyber defense today, you’ll hear that sharing threat intelligence is one of the most important things an organization can do to mitigate their cyber-attack risk. Organizations have been sharing ever more data in the past three years, since the Cybersecurity Information Sharing Act was passed in December, 2015. This Act makes it (legally) easier for organizations to share threat information without fear of legal repercussions. Numerous other pieces of legislation and Presidential memorandums have been passed, making information sharing significantly easier and safer.
Retail Cyber Intelligence Sharing Center
While there are many ways organizations can share threat data with each other, one of the best ways is through the non-profit ISAC (Information Sharing & Analysis Center). The financial services industry has the FS-ISAC, which is used by the majority of medium-to-large financial services companies in the US. Worldpay has been an active member of ISAC since 2011, and regularly shares cyber-attack information with the thousands of other members.
The Retail Cyber Intelligence Sharing Center (R-CISC) is the retail industry’s version of FS-ISAC. While it’s still in its early stages, R-CISC offers an invaluable service to its members. Within the R-CISC, member organizations of all sizes can share cyber intelligence on incidents, threats, vulnerabilities, and associated threat remediation. There’s strength in numbers, and the R-CISC community works together to this end.
Attackers who target retailers are often the same actors who attack financial companies like Worldpay and our competitors. Their tactics and execution of attacks are similar – if not largely identical. This makes information sharing important, both in and among retailers and between retailers and payment processors.
Worldpay recently joined R-CISC to gain information about retail-specific threats to help us in our efforts to protect our own infrastructure, and to share threat data we discover in our in-house Global Threat Intelligence program.
How R-CISC works
It may seem odd, initially, to be sharing sensitive information with other companies that are traditionally considered competitors. But the information R-CISC members share does not contain details about company products, services, sales-plans, or anything proprietary and confidential. R-CISC provides guidelines about sharing. In general, information must be cyber-threat focused, such as:
- Who is attacking the organization
- How they are attacking the organization
- Relevant information about the attacker and/or attacks such as specific indicators of compromise (IOCs)
- Questions to other members about their response to such encounters
- Specific “signatures” that can be utilized in tools to detect/prevent attacks
Oftentimes, R-CISC members ask about or provide information about their security posture in general, such as:
- Techniques that have been useful in combatting cyber threats, although discussing specific vendors is generally discouraged<
- Process ideas for reducing Mean Time to Detect, Time to Recover, etc., in order to reduce overall attack impact
- Forward-thinking ideas such as next-year budget items, innovative solutions for various attack scenarios, etc.
- Dry-run table-top exercises of incident response plans and processes amongst member organizations
It might not seem like sharing the details of a spear-phish targeting one of your developers will actually improve your own security posture. And to be fair, that specific act likely won’t. However, it can improve the security posture of hundreds of your peers— which in turn makes it harder for attackers to be successful in general.
When hundreds of your own peers share their cyber-threat experiences with you, it can help you increase the usefulness of your own internal controls. If you know how another organization similar to yours was attacked, you can better prepare your own defenses for the same or similar attack.
We encourage you to join
Fees to join R-CISC vary, and are based on annual revenue. However, it is highly likely this will be one of the lowest-cost controls you can put in place, and will likely prove to have the most impact on the overall success of your Cyber Security program. If you haven’t yet checked out R-CISC, we encourage you to do so. And if you do join, we look forward to sharing with you in the various forums within the organization.