More recently, midsize banks have been targeted by attackers as a testing ground or pathway to big banks, so FS-ISAC is working with smaller banks to identify and stop those attacks, he says.
The center is also sharing its Soltra Edge software with all industries to automate and speed the flow of threat intelligence between entities. The software is jointly backed by the Depository Trust and Clearing Corp.– a mega clearing house for transactions processing. FS-ISAC offers the software free to all industries sectors, and so far health care, energy, manufacturing and government entities have used it.
“It replicates all the protocols and controls you have for sharing,” Hoerner says. Instead of relying on several sources for cyberthreat information, “It just makes things faster and more efficient.”
The retail industry is just beginning its information sharing journey. The Retail Cyber Intelligence Sharing Center was launched in May as an independent organization by the Retail Industry Leaders Association.
The biggest and most universal problem [with information sharing] is that trust tends to happen between individuals, and not between organizations,” says Wendy Nather, R-CISC research director. “When we talk to people, we find that they already have information sharing going on – it’s just with individuals that they trust. Getting them to shift that trust to an organizational relationship and keeping that going when the original person moves on (which happens a lot in security) is the biggest challenge.”
R-CISC already has about 50 corporate members, and some of them come from outside the retail industry, Nather says. Oil and gas companies have joined the retail group, for instance, because most gas stations also operate convenience stores. Some financial institutions that are FS-ISAC member also joined the retail group because of POS and credit card cyberthreats. Fast food restaurants, automotive companies, hospitality groups and even casinos have joined the R-CISC.
The center is also protective of the data it shares with federal agencies. “In general, we don’t share anything outside of our retail circle unless a member submitter agrees to it,” Nather says.
R-CISC provides members with weekly cyber-information briefings, and it is working with vendors to provide free resources, such as reversing labs for members during the holiday shopping season, where they can set up cloud-based instances and upload malware samples for examination.
The center also launched a project with George Mason University to research the obstacles to threat intelligence sharing among retailers. Longer term, R-CISC is working on ways to monitor the supply chain security of its members. “There’s a huge ecosystem out there and not everybody is looking at the security of suppliers,” Nather says.
Crowdsourcing speeds info sharing
Sign up for CIO Asia eNewsletters.