Washington—To help stave off data breaches like those recently at Target and Neiman Marcus that affected millions of consumers, the National Retail Federation (NRF) hopes to have a new information sharing program in effect by June.
In a report today, the NRF said the creation of a program that will provide retailers access to information on cybersecurity threats identified by retailers, government and law enforcement agencies and partners in the financial services sector. Developed in consultation with the Financial Services Information Sharing and Analysis Center (FS-ISAC), the program will launch with the establishment of an information-sharing platform for retail industry information security specialists.
“We believe a heightened and well coordinated information sharing platform such as a retail ISAC is a vital component for helping retailers in their fight against cyber attacks,” NRF President/CEO Matthew Shay said. “Establishing a new program takes time, but time is not our friend when it comes to stopping these sophisticated and unpredictable criminals.”
‘Growing Threat of Hacking, Cyber and Identity Theft’
Responding to the NRF announcement, Senator Mark Warner (D-VA) said, “Establishing a Retail and Merchant ISAC will allow the industry to better share information that could help prevent the types of widespread consumer data thefts we now are seeing. I am pleased to see FS-ISAC collaborating with retailers to establish a tool for real-time sharing of information and best practices around the serious and growing threat of hacking, cyber and identity theft.”
In early February, Senators Warner and Mark Kirk (R-IL) called for the establishment of a Retail and Merchant Industry ISAC in a letter to the Federal Trade Commission.
Cy Fenton, senior vice president, information technology (CIO) at Books-A-Million, Inc. said, “As an industry, it is critically important that we continue to work together and identify problems while providing solutions that prevent criminal hacking and the resulting data breaches. The safety and security of our customers unites retailers large and small, and information sharing is one of several important steps we are taking in order to achieve this mission critical goal.”
Fenton is chairman of the IT Security Council, a sub-committee of the NRF CIO Council, composed of CIOs and other technology experts from over 120 leading retailers and industry partners. The group has been meeting regularly to discuss existing cybersecurity programs as well as exploring new opportunities for retailers.
“In partnership with key stakeholders, NRF is committed to finding broad-based, long-term solutions to ensure that consumers’ sensitive information remains secure. It is a retailer’s top priority,” Shay said. “Implementing robust security solutions with innovative technologies and information sharing to protect consumer data and the integrity of our payment systems is a start, but we will always need to stay one step ahead of these determined criminals.”
Recently, representatives from NRF held in-depth discussions with the U.S. Secret Service and other law enforcement agencies for insight and guidance on how to improve communication, identify available resources and collaborate more effectively to help retailers combat criminal cyber activity.
NRF has also retained the services of Kim Peretti, a partner in the law offices of Alston and Bird, LLC. Peretti is part of the firm’s White Collar Crime Group and co-chairs the Security Incident Management and Response Team. She is also a former director of PricewaterhouseCoopers’ cyber forensic investigation unit and a former senior litigator for the Department of Justice’s Computer Crime and Intellectual Property Section.
As announced in January, the NRF is working closely with the cybersecurity professionals from The Chertoff Group, providing NRF members with the highest level of insight and guidance in risk management and cybersecurity expertise. www.nrf.com