Target, JC Penney among new ragtag retail cybersecurity team

They join the likes of Safeway and Lowe's in the Retail Industry Leaders Association, a collaborative organization aimed at helping retailers share threat data.


Read this

Obama's cybersecurity executive order: What you need to know

Embargoed until the delivery the State of the Union address, US President Obama signed the expected and highly anticipated cybersecurity executive order. With potentially serious implications for US and foreign citizens' privacy, here's what you need to know.

Read More

A handful of the nation's largest retailers are joining forces to fight the seemingly endless battle against cybercrime. 

Although its inception began in January, Wednesday marked the official launch of the Retail Industry Leaders Association (RILA), an independent organization that combines the internal cybersecurity efforts of retailers with those of the U.S. Department of Homeland Security, U.S. Secret Service and the Federal Bureau of Investigation. 

Target, American Eagle Outfitters, Gap, J.C. Penney, Lowe's, Nike, Safeway, VF Corporation and Walgreen's are among the initial batch of retailer participants, with an executive from each organization taking a seat on the RILA board of directors. 

The National Retail Federation in April established the Information Sharing and Analysis Center (ISAC), which has essentially combined efforts with the RILA. 

The information sharing aspect is one of three elements that make up RILA's structure. Beyond linking retailers via threat data, additional pillars focused on cyber protection education and security technology research aim to help the retail community as a whole.

The Retail-ISAC allows retailers to share cyber threat information with each other as well as anonymized information with the U.S. government via a cyber-analyst and a technician entrenched at the National Cyber Forensics and Training Alliance (NCFTA). The technicians and analysts are on the lookout for real-time cyber threats such as new strains of malware, activity on underground forums and potential software vulnerabilities, which they say can be translated into actionable insights. 

Phyllis Schneck, the Deputy Under Secretary for Cybersecurity and Communications at the U.S. Department of Homeland Security National Protection and Programs Directorate, praised the formation of RILA at a time when the industry is seeing a sharp increase in the number of malicious attempts to steal personal information or compromise security systems in place. 

Target's unprecedented security breach last November resulted in the theft of 40 million payment card numbers and another 70 million customer records, followed by attacks on Neimen Marcus and Sears. 

The real challenge for organizations such as RILA will be to deliver on the promise of attack prevention. Learning about security weaknesses post-attack is one thing, but spotting them before the damage is done is far more difficult.