Are Retailers Improving Cybersecurity?

In the wake of big-box retail breaches such as Target and Home Depot, retailers for the past two years been at the center of an ongoing cybersecurity debate with banking institutions.

And most recently, the American Bankers Association fueled that debate by releasing a new report citing a near-12 percent increase in fraud losses for banks from 2012-2014 - owing mainly to the spike in retail breaches. (see ABA: Fraud Losses Are Up - But Don't Blame Banks.)

But Brian Engle, executive director of the Retail Cyber Intelligence Sharing Center, says cross-industry collaboration and information sharing with banking institutions are helping retailers improve their cybersecurity posture.

"We are using information sharing and collaboration to formulate the best architecture and the best construction of how to implement certain technologies or leverage certain technologies, cybersecurity technologies, for protection, detection and response," says Engle during this interview with Information Security Media Group. "And we are looking at how to apply funding in the areas of supporting that information sharing - that trust building."

Over the next 12 to 16 months, information sharing will become increasingly important, and the Retail Cyber Intelligence Sharing Center, also known as the R-CISC, expects to position itself at the center of that discussion, Engle says.

"We have been in business or incorporation for almost two years now," Engle says of the R-CISC. "We have seen significant growth. ... We're seeing that the retailers are really getting a clearer picture of risk to their organization, and it's not just in the payment transaction."

The R-CISC now has more than 100 merchants as members, he points out. What's more, R-CISC's close relationship with Financial Services Information Sharing and Analysis Center is aimed at ensuring that those member merchants are able to collaborate and share threat intelligence directly with the banking community, Engle explains.

"We work extremely closely with the FS-ISAC," he says. "We have chosen to utilize the same technology and information sharing platform ... and our ISAC function is actually located in the same building as the FS-ISAC."

During this interview (link below Engle's photograph), Engle also discusses:

The state of EMV in the U.S. and its impact on fraud and chargebacks; Why he believes more regulatory mandates for cybersecurity in the retail space won't necessarily help security; How the R-CISC is helping retailers find new ways to enhance their cybersecurity funding.

In his role as executive director, Engle supports the R-CISC's mission for sharing cybersecurity information and intelligence. The R-CISC, and its operation of the Retail and Commercial Services Information Sharing and Analysis Center, falls under Engle's leadership. In addition to his role at the R-CISC, Engle also serves as an advisory partner on the leadership team of the ISAO Standards Organization, which is spearheading the development of standards, guidelines and tools essential for the formation and support of information sharing and analysis. Engle previously served as CISO and cybersecurity coordinator for the state of Texas, as CISO for Texas Health and Human Services Commission, as CISO for Temple-Inland and as manager of information security assurance for Guaranty Bank.